nixos/services.maddy: remove with lib;
This commit is contained in:
parent
3c36a6c44e
commit
aa0f147937
@ -1,7 +1,4 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
name = "maddy";
|
name = "maddy";
|
||||||
@ -138,11 +135,11 @@ in {
|
|||||||
options = {
|
options = {
|
||||||
services.maddy = {
|
services.maddy = {
|
||||||
|
|
||||||
enable = mkEnableOption "Maddy, a free an open source mail server";
|
enable = lib.mkEnableOption "Maddy, a free an open source mail server";
|
||||||
|
|
||||||
user = mkOption {
|
user = lib.mkOption {
|
||||||
default = "maddy";
|
default = "maddy";
|
||||||
type = with types; uniq str;
|
type = with lib.types; uniq str;
|
||||||
description = ''
|
description = ''
|
||||||
User account under which maddy runs.
|
User account under which maddy runs.
|
||||||
|
|
||||||
@ -154,9 +151,9 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = lib.mkOption {
|
||||||
default = "maddy";
|
default = "maddy";
|
||||||
type = with types; uniq str;
|
type = with lib.types; uniq str;
|
||||||
description = ''
|
description = ''
|
||||||
Group account under which maddy runs.
|
Group account under which maddy runs.
|
||||||
|
|
||||||
@ -168,26 +165,26 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
hostname = mkOption {
|
hostname = lib.mkOption {
|
||||||
default = "localhost";
|
default = "localhost";
|
||||||
type = with types; uniq str;
|
type = with lib.types; uniq str;
|
||||||
example = ''example.com'';
|
example = ''example.com'';
|
||||||
description = ''
|
description = ''
|
||||||
Hostname to use. It should be FQDN.
|
Hostname to use. It should be FQDN.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
primaryDomain = mkOption {
|
primaryDomain = lib.mkOption {
|
||||||
default = "localhost";
|
default = "localhost";
|
||||||
type = with types; uniq str;
|
type = with lib.types; uniq str;
|
||||||
example = ''mail.example.com'';
|
example = ''mail.example.com'';
|
||||||
description = ''
|
description = ''
|
||||||
Primary MX domain to use. It should be FQDN.
|
Primary MX domain to use. It should be FQDN.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
localDomains = mkOption {
|
localDomains = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
default = ["$(primary_domain)"];
|
default = ["$(primary_domain)"];
|
||||||
example = [
|
example = [
|
||||||
"$(primary_domain)"
|
"$(primary_domain)"
|
||||||
@ -199,8 +196,8 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkOption {
|
config = lib.mkOption {
|
||||||
type = with types; nullOr lines;
|
type = with lib.types; nullOr lines;
|
||||||
default = defaultConfig;
|
default = defaultConfig;
|
||||||
description = ''
|
description = ''
|
||||||
Server configuration, see
|
Server configuration, see
|
||||||
@ -215,8 +212,8 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
tls = {
|
tls = {
|
||||||
loader = mkOption {
|
loader = lib.mkOption {
|
||||||
type = with types; nullOr (enum [ "off" "file" "acme" ]);
|
type = with lib.types; nullOr (enum [ "off" "file" "acme" ]);
|
||||||
default = "off";
|
default = "off";
|
||||||
description = ''
|
description = ''
|
||||||
TLS certificates are obtained by modules called "certificate
|
TLS certificates are obtained by modules called "certificate
|
||||||
@ -237,18 +234,18 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
certificates = mkOption {
|
certificates = lib.mkOption {
|
||||||
type = with types; listOf (submodule {
|
type = with lib.types; listOf (submodule {
|
||||||
options = {
|
options = {
|
||||||
keyPath = mkOption {
|
keyPath = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
example = "/etc/ssl/mx1.example.org.key";
|
example = "/etc/ssl/mx1.example.org.key";
|
||||||
description = ''
|
description = ''
|
||||||
Path to the private key used for TLS.
|
Path to the private key used for TLS.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
certPath = mkOption {
|
certPath = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
example = "/etc/ssl/mx1.example.org.crt";
|
example = "/etc/ssl/mx1.example.org.crt";
|
||||||
description = ''
|
description = ''
|
||||||
Path to the certificate used for TLS.
|
Path to the certificate used for TLS.
|
||||||
@ -269,8 +266,8 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = lib.mkOption {
|
||||||
type = with types; nullOr lines;
|
type = with lib.types; nullOr lines;
|
||||||
description = ''
|
description = ''
|
||||||
Arguments for the specified certificate loader.
|
Arguments for the specified certificate loader.
|
||||||
|
|
||||||
@ -284,16 +281,16 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
openFirewall = mkOption {
|
openFirewall = lib.mkOption {
|
||||||
type = types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Open the configured incoming and outgoing mail server ports.
|
Open the configured incoming and outgoing mail server ports.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
ensureAccounts = mkOption {
|
ensureAccounts = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
default = [];
|
default = [];
|
||||||
description = ''
|
description = ''
|
||||||
List of IMAP accounts which get automatically created. Note that for
|
List of IMAP accounts which get automatically created. Note that for
|
||||||
@ -307,7 +304,7 @@ in {
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
ensureCredentials = mkOption {
|
ensureCredentials = lib.mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = ''
|
description = ''
|
||||||
List of user accounts which get automatically created if they don't
|
List of user accounts which get automatically created if they don't
|
||||||
@ -319,10 +316,10 @@ in {
|
|||||||
"user1@localhost".passwordFile = /secrets/user1-localhost;
|
"user1@localhost".passwordFile = /secrets/user1-localhost;
|
||||||
"user2@localhost".passwordFile = /secrets/user2-localhost;
|
"user2@localhost".passwordFile = /secrets/user2-localhost;
|
||||||
};
|
};
|
||||||
type = types.attrsOf (types.submodule {
|
type = lib.types.attrsOf (lib.types.submodule {
|
||||||
options = {
|
options = {
|
||||||
passwordFile = mkOption {
|
passwordFile = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
example = "/path/to/file";
|
example = "/path/to/file";
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
@ -335,7 +332,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
secrets = lib.mkOption {
|
secrets = lib.mkOption {
|
||||||
type = with types; listOf path;
|
type = with lib.types; listOf path;
|
||||||
description = ''
|
description = ''
|
||||||
A list of files containing the various secrets. Should be in the format
|
A list of files containing the various secrets. Should be in the format
|
||||||
expected by systemd's `EnvironmentFile` directory. Secrets can be
|
expected by systemd's `EnvironmentFile` directory. Secrets can be
|
||||||
@ -347,7 +344,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
@ -387,17 +384,17 @@ in {
|
|||||||
};
|
};
|
||||||
maddy-ensure-accounts = {
|
maddy-ensure-accounts = {
|
||||||
script = ''
|
script = ''
|
||||||
${optionalString (cfg.ensureAccounts != []) ''
|
${lib.optionalString (cfg.ensureAccounts != []) ''
|
||||||
${concatMapStrings (account: ''
|
${lib.concatMapStrings (account: ''
|
||||||
if ! ${pkgs.maddy}/bin/maddyctl imap-acct list | grep "${account}"; then
|
if ! ${pkgs.maddy}/bin/maddyctl imap-acct list | grep "${account}"; then
|
||||||
${pkgs.maddy}/bin/maddyctl imap-acct create ${account}
|
${pkgs.maddy}/bin/maddyctl imap-acct create ${account}
|
||||||
fi
|
fi
|
||||||
'') cfg.ensureAccounts}
|
'') cfg.ensureAccounts}
|
||||||
''}
|
''}
|
||||||
${optionalString (cfg.ensureCredentials != {}) ''
|
${lib.optionalString (cfg.ensureCredentials != {}) ''
|
||||||
${concatStringsSep "\n" (mapAttrsToList (name: cfg: ''
|
${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: cfg: ''
|
||||||
if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then
|
if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then
|
||||||
${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${escapeShellArg cfg.passwordFile}) ${name}
|
${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${lib.escapeShellArg cfg.passwordFile}) ${name}
|
||||||
fi
|
fi
|
||||||
'') cfg.ensureCredentials)}
|
'') cfg.ensureCredentials)}
|
||||||
''}
|
''}
|
||||||
@ -422,9 +419,9 @@ in {
|
|||||||
hostname ${cfg.hostname}
|
hostname ${cfg.hostname}
|
||||||
|
|
||||||
${if (cfg.tls.loader == "file") then ''
|
${if (cfg.tls.loader == "file") then ''
|
||||||
tls file ${concatStringsSep " " (
|
tls file ${lib.concatStringsSep " " (
|
||||||
map (x: x.certPath + " " + x.keyPath
|
map (x: x.certPath + " " + x.keyPath
|
||||||
) cfg.tls.certificates)} ${optionalString (cfg.tls.extraConfig != "") ''
|
) cfg.tls.certificates)} ${lib.optionalString (cfg.tls.extraConfig != "") ''
|
||||||
{ ${cfg.tls.extraConfig} }
|
{ ${cfg.tls.extraConfig} }
|
||||||
''}
|
''}
|
||||||
'' else if (cfg.tls.loader == "acme") then ''
|
'' else if (cfg.tls.loader == "acme") then ''
|
||||||
@ -441,7 +438,7 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users = optionalAttrs (cfg.user == name) {
|
users.users = lib.optionalAttrs (cfg.user == name) {
|
||||||
${name} = {
|
${name} = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
@ -449,11 +446,11 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups = optionalAttrs (cfg.group == name) {
|
users.groups = lib.optionalAttrs (cfg.group == name) {
|
||||||
${cfg.group} = { };
|
${cfg.group} = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [ 25 143 587 ];
|
allowedTCPPorts = [ 25 143 587 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user