qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/services.maddy: remove with lib;

Browse Source
This commit is contained in:
Felix Buehler 2024-08-24 22:05:33 +02:00
parent 3c36a6c44e
commit aa0f147937
1 changed files with 43 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
nixos/modules/services/mail/maddy.nix
View File

@ -1,7 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
name = "maddy"; name = "maddy";
@ -138,11 +135,11 @@ in {
options = { options = {
services.maddy = { services.maddy = {
enable = mkEnableOption "Maddy, a free an open source mail server"; enable = lib.mkEnableOption "Maddy, a free an open source mail server";
user = mkOption { user = lib.mkOption {
default = "maddy"; default = "maddy";
type = with types; uniq str; type = with lib.types; uniq str;
description = '' description = ''
User account under which maddy runs. User account under which maddy runs.
@ -154,9 +151,9 @@ in {
''; '';
}; };
group = mkOption { group = lib.mkOption {
default = "maddy"; default = "maddy";
type = with types; uniq str; type = with lib.types; uniq str;
description = '' description = ''
Group account under which maddy runs. Group account under which maddy runs.
@ -168,26 +165,26 @@ in {
''; '';
}; };
hostname = mkOption { hostname = lib.mkOption {
default = "localhost"; default = "localhost";
type = with types; uniq str; type = with lib.types; uniq str;
example = ''example.com''; example = ''example.com'';
description = '' description = ''
Hostname to use. It should be FQDN. Hostname to use. It should be FQDN.
''; '';
}; };
primaryDomain = mkOption { primaryDomain = lib.mkOption {
default = "localhost"; default = "localhost";
type = with types; uniq str; type = with lib.types; uniq str;
example = ''mail.example.com''; example = ''mail.example.com'';
description = '' description = ''
Primary MX domain to use. It should be FQDN. Primary MX domain to use. It should be FQDN.
''; '';
}; };
localDomains = mkOption { localDomains = lib.mkOption {
type = with types; listOf str; type = with lib.types; listOf str;
default = ["$(primary_domain)"]; default = ["$(primary_domain)"];
example = [ example = [
"$(primary_domain)" "$(primary_domain)"
@ -199,8 +196,8 @@ in {
''; '';
}; };
config = mkOption { config = lib.mkOption {
type = with types; nullOr lines; type = with lib.types; nullOr lines;
default = defaultConfig; default = defaultConfig;
description = '' description = ''
Server configuration, see Server configuration, see
@ -215,8 +212,8 @@ in {
}; };
tls = { tls = {
loader = mkOption { loader = lib.mkOption {
type = with types; nullOr (enum [ "off" "file" "acme" ]); type = with lib.types; nullOr (enum [ "off" "file" "acme" ]);
default = "off"; default = "off";
description = '' description = ''
TLS certificates are obtained by modules called "certificate TLS certificates are obtained by modules called "certificate
@ -237,18 +234,18 @@ in {
''; '';
}; };
certificates = mkOption { certificates = lib.mkOption {
type = with types; listOf (submodule { type = with lib.types; listOf (submodule {
options = { options = {
keyPath = mkOption { keyPath = lib.mkOption {
type = types.path; type = lib.types.path;
example = "/etc/ssl/mx1.example.org.key"; example = "/etc/ssl/mx1.example.org.key";
description = '' description = ''
Path to the private key used for TLS. Path to the private key used for TLS.
''; '';
}; };
certPath = mkOption { certPath = lib.mkOption {
type = types.path; type = lib.types.path;
example = "/etc/ssl/mx1.example.org.crt"; example = "/etc/ssl/mx1.example.org.crt";
description = '' description = ''
Path to the certificate used for TLS. Path to the certificate used for TLS.
@ -269,8 +266,8 @@ in {
''; '';
}; };
extraConfig = mkOption { extraConfig = lib.mkOption {
type = with types; nullOr lines; type = with lib.types; nullOr lines;
description = '' description = ''
Arguments for the specified certificate loader. Arguments for the specified certificate loader.
@ -284,16 +281,16 @@ in {
}; };
}; };
openFirewall = mkOption { openFirewall = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Open the configured incoming and outgoing mail server ports. Open the configured incoming and outgoing mail server ports.
''; '';
}; };
ensureAccounts = mkOption { ensureAccounts = lib.mkOption {
type = with types; listOf str; type = with lib.types; listOf str;
default = []; default = [];
description = '' description = ''
List of IMAP accounts which get automatically created. Note that for List of IMAP accounts which get automatically created. Note that for
@ -307,7 +304,7 @@ in {
]; ];
}; };
ensureCredentials = mkOption { ensureCredentials = lib.mkOption {
default = {}; default = {};
description = '' description = ''
List of user accounts which get automatically created if they don't List of user accounts which get automatically created if they don't
@ -319,10 +316,10 @@ in {
"user1@localhost".passwordFile = /secrets/user1-localhost; "user1@localhost".passwordFile = /secrets/user1-localhost;
"user2@localhost".passwordFile = /secrets/user2-localhost; "user2@localhost".passwordFile = /secrets/user2-localhost;
}; };
type = types.attrsOf (types.submodule { type = lib.types.attrsOf (lib.types.submodule {
options = { options = {
passwordFile = mkOption { passwordFile = lib.mkOption {
type = types.path; type = lib.types.path;
example = "/path/to/file"; example = "/path/to/file";
default = null; default = null;
description = '' description = ''
@ -335,7 +332,7 @@ in {
}; };
secrets = lib.mkOption { secrets = lib.mkOption {
type = with types; listOf path; type = with lib.types; listOf path;
description = '' description = ''
A list of files containing the various secrets. Should be in the format A list of files containing the various secrets. Should be in the format
expected by systemd's `EnvironmentFile` directory. Secrets can be expected by systemd's `EnvironmentFile` directory. Secrets can be
@ -347,7 +344,7 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = [ assertions = [
{ {
@ -387,17 +384,17 @@ in {
}; };
maddy-ensure-accounts = { maddy-ensure-accounts = {
script = '' script = ''
${optionalString (cfg.ensureAccounts != []) '' ${lib.optionalString (cfg.ensureAccounts != []) ''
${concatMapStrings (account: '' ${lib.concatMapStrings (account: ''
if ! ${pkgs.maddy}/bin/maddyctl imap-acct list | grep "${account}"; then if ! ${pkgs.maddy}/bin/maddyctl imap-acct list | grep "${account}"; then
${pkgs.maddy}/bin/maddyctl imap-acct create ${account} ${pkgs.maddy}/bin/maddyctl imap-acct create ${account}
fi fi
'') cfg.ensureAccounts} '') cfg.ensureAccounts}
''} ''}
${optionalString (cfg.ensureCredentials != {}) '' ${lib.optionalString (cfg.ensureCredentials != {}) ''
${concatStringsSep "\n" (mapAttrsToList (name: cfg: '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: cfg: ''
if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then
${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${escapeShellArg cfg.passwordFile}) ${name} ${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${lib.escapeShellArg cfg.passwordFile}) ${name}
fi fi
'') cfg.ensureCredentials)} '') cfg.ensureCredentials)}
''} ''}
@ -422,9 +419,9 @@ in {
hostname ${cfg.hostname} hostname ${cfg.hostname}
${if (cfg.tls.loader == "file") then '' ${if (cfg.tls.loader == "file") then ''
tls file ${concatStringsSep " " ( tls file ${lib.concatStringsSep " " (
map (x: x.certPath + " " + x.keyPath map (x: x.certPath + " " + x.keyPath
) cfg.tls.certificates)} ${optionalString (cfg.tls.extraConfig != "") '' ) cfg.tls.certificates)} ${lib.optionalString (cfg.tls.extraConfig != "") ''
{ ${cfg.tls.extraConfig} } { ${cfg.tls.extraConfig} }
''} ''}
'' else if (cfg.tls.loader == "acme") then '' '' else if (cfg.tls.loader == "acme") then ''
@ -441,7 +438,7 @@ in {
''; '';
}; };
users.users = optionalAttrs (cfg.user == name) { users.users = lib.optionalAttrs (cfg.user == name) {
${name} = { ${name} = {
isSystemUser = true; isSystemUser = true;
group = cfg.group; group = cfg.group;
@ -449,11 +446,11 @@ in {
}; };
}; };
users.groups = optionalAttrs (cfg.group == name) { users.groups = lib.optionalAttrs (cfg.group == name) {
${cfg.group} = { }; ${cfg.group} = { };
}; };
networking.firewall = mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ 25 143 587 ]; allowedTCPPorts = [ 25 143 587 ];
}; };