Configurable sieve script directory

(cherry picked from commit c00fc587f5)

default.nix

@@ -452,6 +452,14 @@ in
       '';
     };
 
+    sieveDirectory = mkOption {
+      type = types.path;
+      default = "/var/sieve";
+      description = ''
+        Where to store the sieve scripts.
+      '';
+    };
+
     virusScanning = mkOption {
       type = types.bool;
       default = false;

mail-server/dovecot.nix

@@ -217,8 +217,8 @@ in
 
         plugin {
           sieve_plugins = sieve_imapsieve sieve_extprograms
-          sieve = file:/var/sieve/%u/scripts;active=/var/sieve/%u/active.sieve
+          sieve = file:${cfg.sieveDirectory}/%u/scripts;active=${cfg.sieveDirectory}/%u/active.sieve
-          sieve_default = file:/var/sieve/%u/default.sieve
+          sieve_default = file:${cfg.sieveDirectory}/%u/default.sieve
           sieve_default_name = default
 
           # From elsewhere to Spam folder

mail-server/users.nix

@@ -35,31 +35,31 @@ let
     set -euo pipefail
 
     # Create directory to store user sieve scripts if it doesn't exist
-    if (! test -d "/var/sieve"); then
+    if (! test -d "${sieveDirectory}"); then
-      mkdir "/var/sieve"
+      mkdir "${sieveDirectory}"
-      chown "${vmailUserName}:${vmailGroupName}" "/var/sieve"
+      chown "${vmailUserName}:${vmailGroupName}" "${sieveDirectory}"
-      chmod 770 "/var/sieve"
+      chmod 770 "${sieveDirectory}"
     fi
 
     # Copy user's sieve script to the correct location (if it exists).  If it
     # is null, remove the file.
     ${lib.concatMapStringsSep "\n" ({ name, sieveScript }:
       if lib.isString sieveScript then ''
-        if (! test -d "/var/sieve/${name}"); then
+        if (! test -d "${sieveDirectory}/${name}"); then
-          mkdir -p "/var/sieve/${name}"
+          mkdir -p "${sieveDirectory}/${name}"
-          chown "${vmailUserName}:${vmailGroupName}" "/var/sieve/${name}"
+          chown "${vmailUserName}:${vmailGroupName}" "${sieveDirectory}/${name}"
-          chmod 770 "/var/sieve/${name}"
+          chmod 770 "${sieveDirectory}/${name}"
         fi
-        cat << 'EOF' > "/var/sieve/${name}/default.sieve"
+        cat << 'EOF' > "${sieveDirectory}/${name}/default.sieve"
         ${sieveScript}
         EOF
-        chown "${vmailUserName}:${vmailGroupName}" "/var/sieve/${name}/default.sieve"
+        chown "${vmailUserName}:${vmailGroupName}" "${sieveDirectory}/${name}/default.sieve"
       '' else ''
-        if (test -f "/var/sieve/${name}/default.sieve"); then
+        if (test -f "${sieveDirectory}/${name}/default.sieve"); then
-          rm "/var/sieve/${name}/default.sieve"
+          rm "${sieveDirectory}/${name}/default.sieve"
         fi
-        if (test -f "/var/sieve/${name}.svbin"); then
+        if (test -f "${sieveDirectory}/${name}.svbin"); then
-          rm "/var/sieve/${name}/default.svbin"
+          rm "${sieveDirectory}/${name}/default.svbin"
         fi
       '') (map (user: { inherit (user) name sieveScript; })
             (lib.attrValues loginAccounts))}

nix/sources.json

@@ -1,4 +1,11 @@
 {
+    "blobs": {
+        "sha256": "1g687x3b2r4ar5i4xyav5qzpy9fp1phx9wf70f4j3scwny0g7hn1",
+        "type": "tarball",
+        "url": "https://gitlab.com/simple-nixos-mailserver/blobs/-/archive/2cccdf1ca48316f2cfd1c9a0017e8de5a7156265/blobs-2cccdf1ca48316f2cfd1c9a0017e8de5a7156265.tar.gz",
+        "url_template": "https://gitlab.com/simple-nixos-mailserver/blobs/-/archive/<version>/blobs-<version>.tar.gz",
+        "version": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265"
+    },
     "nixpkgs-20.09": {
         "branch": "release-20.09",
         "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",

tests/clamav.nix

@@ -21,14 +21,10 @@ pkgs.nixosTest {
   nodes = {
     server = { config, pkgs, lib, ... }:
       let
-        clamav-db-files = pkgs.stdenv.mkDerivation rec {
+        sources = import ../nix/sources.nix;
-          name = "clamav-db-files";
+        blobs = pkgs.fetchzip {
-          src = lib.cleanSource ./clamav;
+          url = sources.blobs.url;
-          dontUnpack = true;
+          sha256 = sources.blobs.sha256;
-          installPhase = ''
-            mkdir $out
-            cp -R $src/*.cvd $out/
-          '';
         };
       in
         {
@@ -58,9 +54,9 @@ pkgs.nixosTest {
               '';
 
               script = ''
-                cp ${clamav-db-files}/main.cvd      /var/lib/clamav/
+                cp ${blobs}/clamav/main.cvd      /var/lib/clamav/
-                cp ${clamav-db-files}/daily.cvd     /var/lib/clamav/
+                cp ${blobs}/clamav/daily.cvd     /var/lib/clamav/
-                cp ${clamav-db-files}/bytecode.cvd  /var/lib/clamav/
+                cp ${blobs}/clamav/bytecode.cvd  /var/lib/clamav/
                 chown clamav:clamav /var/lib/clamav/*
               '';
 

tests/clamav/.gitattributes

@@ -1 +0,0 @@
-*cvd filter=lfs diff=lfs merge=lfs -text

tests/clamav/.gitignore

@@ -1 +0,0 @@
-mirrors.dat

tests/clamav/freshclam.conf

@@ -1 +0,0 @@
-DatabaseMirror database.clamav.net

tests/clamav/hashes.json

@@ -1,5 +0,0 @@
-{
-  "bytecode.cvd": "633d4f0a2054249e23df12db5a9e76bcaac23cadaef5ee8f644986f600d8d81e",
-  "daily.cvd": "0b6798b54e490be168b873d39ebda41ff4a027720aed855f879779b88982838f",
-  "main.cvd": "9694933f37148ec39c1f2ef7b97211ded9b03b140bb48a5eeb27270120844b24"
-}

tests/clamav/update-clamav-database.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cd "$(dirname "${0}")"
-
-rm ./*.cvd hashes.json || :
-
-freshclam --datadir=. --config-file=freshclam.conf
-(for i in ./*.cvd;
- do echo '{}' |
-     jq --arg path "$(basename "${i}")" \
-        --arg sha256sum "$(sha256sum "${i}" | awk '{ print $1; }')" \
-        '.[$path] = $sha256sum'; done) |
-  jq -s add > hashes.json