Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add simple-nixos-mailserver to umbriel #495

Merged
merged 3 commits into from
Nov 5, 2024
Merged

Add simple-nixos-mailserver to umbriel #495

merged 3 commits into from
Nov 5, 2024

Conversation

jfly
Copy link
Contributor

@jfly jfly commented Oct 29, 2024
edited
Loading

This is part 1 of #485

@Mic92
Copy link
Member

Mic92 commented Oct 29, 2024

I think we only need to provide SMTP logins in special circumstances i.e. for the people that do the vote. Otherwise people can respond with their own email address for transparency reasons and use the alias in cc in case there are multiple people.

@Mic92
Copy link
Member

Mic92 commented Oct 29, 2024

For the sops integration, we should have an ad-hoc sops script that creates one file per recipient. Reason is that the contributor won't have access to anything but the public keys of the admin team and our server. This way they can encrypt but not decrypt.

jfly added a commit to jfly/infra that referenced this pull request Oct 29, 2024
@jfly
Add ruff-format to treefmt (to format Python files)
3440e39 
All I did here was:

- Add `ruff-format`
- Run `nix fmt`
- Remove `black` stuff from `hydra-packet-importer/`

Why? I'm going to add a helper script to
NixOS#495 (comment), and I'd
like to write it in Python and have autoformatting.
@jfly jfly mentioned this pull request Oct 29, 2024
Merged
@jfly jfly changed the title WIP: add simple-nixos-mailserver to umbriel Add simple-nixos-mailserver to umbriel Oct 29, 2024
@jfly
Copy link
Contributor Author

jfly commented Oct 29, 2024
edited
Loading

we should have an ad-hoc sops script that creates one file per recipient

I've added a new nix run .#encrypt-email-address command for this. People will discover this command if they read the documentation I added here: https://github.com/jfly/infra/tree/issue-485-add-mailserver/non-critical-infra/modules/mailserver

@jfly jfly marked this pull request as ready for review October 29, 2024 18:35
@jfly jfly requested a review from a team as a code owner October 29, 2024 18:35
@jfly jfly force-pushed the issue-485-add-mailserver branch 2 times, most recently from 7775cfc to e6c0def Compare October 29, 2024 18:41
jfly
jfly commented Oct 30, 2024
View reviewed changes
Copy link
Contributor Author

@jfly jfly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback!

non-critical-infra/packages/encrypt-email-address/encrypt-email-address.py Outdated Show resolved Hide resolved
non-critical-infra/packages/encrypt-email-address/encrypt-email-address.py Outdated Show resolved Hide resolved
non-critical-infra/packages/encrypt-email-address/encrypt-email-address.py Outdated Show resolved Hide resolved
non-critical-infra/packages/encrypt-email-address/encrypt-email-address.py Show resolved Hide resolved
non-critical-infra/packages/encrypt-email-address/encrypt-email-address.py Outdated Show resolved Hide resolved
non-critical-infra/packages/encrypt-email-address/default.nix Outdated Show resolved Hide resolved
non-critical-infra/modules/mailserver/mailing-lists.nix Outdated Show resolved Hide resolved
jfly
jfly commented Oct 30, 2024
View reviewed changes
terraform/dns.tf Outdated Show resolved Hide resolved
@jfly
Copy link
Contributor Author

jfly commented Oct 31, 2024
edited
Loading

(I chatted with @Mic92 at the infra meeting) I'm deploying this to umbriel now.

@jfly
Copy link
Contributor Author

jfly commented Oct 31, 2024

@Mic92, this PR is updated with the DKIM TXT record. I've also added a README to umbriel explaining that this will need to be updated if we reprovision the machine from scratch.

@cole-h
Copy link
Member

cole-h commented Oct 31, 2024
edited
Loading

Just a small note: there should probably be some kind of monitoring before this sees more widespread use. Back when I ran my own instance of SNM, something (I don't remember what, it's been years at this point) went wrong and I never noticed that I stopped receiving mail (I didn't use this domain a lot at the time).

EDIT: Sorry, I didn't realize this was a future TODO as noted in the original issue:

TBD (see below): configure a metrics/alerting solution. Intentionally break emailing somehow and confirm that the infra team gets notified about stale mail stuck in queues.

👍

@Mic92
Copy link
Member

Mic92 commented Nov 4, 2024

@jfly I applied your terraform changes. Let me know when this is good to merge.

@jfly jfly mentioned this pull request Nov 5, 2024
Closed
Mic92 and others added 3 commits November 5, 2024 09:36
@Mic92 Mic92 merged commit edff9f5 into NixOS:master Nov 5, 2024
3 checks passed
@jfly jfly deleted the issue-485-add-mailserver branch November 5, 2024 16:16
@mweinelt
Copy link
Member

mweinelt commented Nov 5, 2024

Any reason this was just merged after #505 was opened?

@jfly
Copy link
Contributor Author

jfly commented Nov 5, 2024

We wanted to get this merged because the ruff linter changes felt conflict-prone: 8e5be86.

@Mic92
Copy link
Member

Mic92 commented Nov 5, 2024

@mweinelt I didn't wanted the diff get too large. And given this service is just running on mail-test.nixos.org, the issue mentioned doesn't have any real-world impact on us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mweinelt mweinelt mweinelt left review comments

@Mic92 Mic92 Mic92 approved these changes

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jfly @Mic92 @cole-h @mweinelt @SuperSandro2000