diff options
author | Jonas Heinrich <onny@project-insanity.org> | 2021-12-29 12:49:14 +0100 |
---|---|---|
committer | Jonas Heinrich <onny@project-insanity.org> | 2021-12-30 14:17:00 +0100 |
commit | 71c423671bcefa22f96d5a4b6b352647e3ce0505 (patch) | |
tree | eea56854a5aa460494ee692953b93e60cf535ccf | |
parent | f5dd11f444e551771c8a8394232f3399e2896b0f (diff) | |
download | nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.tar nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.tar.gz nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.tar.bz2 nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.tar.lz nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.tar.xz nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.tar.zst nixpkgs-71c423671bcefa22f96d5a4b6b352647e3ce0505.zip |
nixos/maddy: Better description, user and group handling
5 files changed, 52 insertions, 26 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index e2bda7604e4..6b706e4aeaa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -275,13 +275,6 @@ </listitem> <listitem> <para> - <link xlink:href="https://maddy.email">maddy</link>, a - composable all-in-one mail server. Available as - <link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>. - </para> - </listitem> - <listitem> - <para> <link xlink:href="https://sr.ht">sourcehut</link>, a collection of tools useful for software development. Available as diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index d5e3190bf28..296161fd84d 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -48,6 +48,13 @@ <link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>. </para> </listitem> + <listitem> + <para> + <link xlink:href="https://maddy.email">maddy</link>, a + composable all-in-one mail server. Available as + <link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-incompatibilities"> diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 2520d176096..48adc4ad33c 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin - [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable). -- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). - - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable). - [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable). diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 98709455ae7..94f600537c2 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -16,6 +16,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable). +- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). + ## Backward Incompatibilities {#sec-release-22.05-incompatibilities} - `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`. diff --git a/nixos/modules/services/mail/maddy.nix b/nixos/modules/services/mail/maddy.nix index 44cfa3c2908..0b06905ac6f 100644 --- a/nixos/modules/services/mail/maddy.nix +++ b/nixos/modules/services/mail/maddy.nix @@ -3,9 +3,16 @@ with lib; let + name = "maddy"; + cfg = config.services.maddy; + defaultConfig = '' + # Minimal configuration with TLS disabled, adapted from upstream example + # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf + # Do not use this in production! + tls off auth.pass_table local_authdb { @@ -131,22 +138,34 @@ let in { options = { services.maddy = { + enable = mkEnableOption "Maddy, a free an open source mail server"; user = mkOption { default = "maddy"; type = with types; uniq string; description = '' - Name of the user under which maddy will run. If not specified, a - default user will be created. + User account under which maddy runs. + + <note><para> + If left as the default value this user will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the user exists before the maddy service starts. + </para></note> ''; }; + group = mkOption { default = "maddy"; type = with types; uniq string; description = '' - Name of the group under which maddy will run. If not specified, a - default group will be created. + Group account under which maddy runs. + + <note><para> + If left as the default value this group will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the group exists before the maddy service starts. + </para></note> ''; }; @@ -158,6 +177,7 @@ in { Hostname to use. It should be FQDN. ''; }; + primaryDomain = mkOption { default = "localhost"; type = with types; uniq string; @@ -166,6 +186,7 @@ in { Primary MX domain to use. It should be FQDN. ''; }; + localDomains = mkOption { type = with types; listOf str; default = ["$(primary_domain)"]; @@ -178,11 +199,18 @@ in { Define list of allowed domains. ''; }; + config = mkOption { type = with types; nullOr lines; default = defaultConfig; description = '' - Server configuration. + Server configuration, see + <link xlink:href="https://maddy.email">https://maddy.email</link> for + more information. The default configuration of this module will setup + minimal maddy instance for mail transfer without TLS encryption. + <note><para> + This should not be used in a production environment. + </para></note> ''; }; @@ -203,9 +231,11 @@ in { packages = [ pkgs.maddy ]; services.maddy = { serviceConfig = { - User = "${cfg.user}"; - Group = "${cfg.group}"; + User = cfg.user; + Group = cfg.group; + StateDirectory = [ "maddy" ]; }; + restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ]; wantedBy = [ "multi-user.target" ]; }; }; @@ -220,20 +250,16 @@ in { ''; }; - users.users = optionalAttrs (cfg.user == "maddy") { - maddy = { - description = "Maddy service user"; - group = cfg.group; - home = "/var/lib/maddy"; - createHome = true; + users.users = optionalAttrs (cfg.user == name) { + ${name} = { isSystemUser = true; + group = cfg.group; + description = "Maddy mail transfer agent user"; }; }; - users.groups = mkIf (cfg.group == "maddy") { - maddy = pkgs.lib.mkForce { - name = cfg.group; - }; + users.groups = optionalAttrs (cfg.group == name) { + ${cfg.group} = { }; }; networking.firewall = mkIf cfg.openFirewall { |