From 71c423671bcefa22f96d5a4b6b352647e3ce0505 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Wed, 29 Dec 2021 12:49:14 +0100 Subject: nixos/maddy: Better description, user and group handling --- .../from_md/release-notes/rl-2111.section.xml | 7 --- .../from_md/release-notes/rl-2205.section.xml | 7 +++ nixos/doc/manual/release-notes/rl-2111.section.md | 2 - nixos/doc/manual/release-notes/rl-2205.section.md | 2 + nixos/modules/services/mail/maddy.nix | 60 ++++++++++++++++------ 5 files changed, 52 insertions(+), 26 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index e2bda7604e4..6b706e4aeaa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -273,13 +273,6 @@ services.peertube. - - - maddy, a - composable all-in-one mail server. Available as - services.maddy. - - sourcehut, a diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index d5e3190bf28..296161fd84d 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -48,6 +48,13 @@ services.powerdns-admin. + + + maddy, a + composable all-in-one mail server. Available as + services.maddy. + +
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 2520d176096..48adc4ad33c 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin - [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable). -- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). - - [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable). - [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable). diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 98709455ae7..94f600537c2 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -16,6 +16,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable). +- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable). + ## Backward Incompatibilities {#sec-release-22.05-incompatibilities} - `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`. diff --git a/nixos/modules/services/mail/maddy.nix b/nixos/modules/services/mail/maddy.nix index 44cfa3c2908..0b06905ac6f 100644 --- a/nixos/modules/services/mail/maddy.nix +++ b/nixos/modules/services/mail/maddy.nix @@ -3,9 +3,16 @@ with lib; let + name = "maddy"; + cfg = config.services.maddy; + defaultConfig = '' + # Minimal configuration with TLS disabled, adapted from upstream example + # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf + # Do not use this in production! + tls off auth.pass_table local_authdb { @@ -131,22 +138,34 @@ let in { options = { services.maddy = { + enable = mkEnableOption "Maddy, a free an open source mail server"; user = mkOption { default = "maddy"; type = with types; uniq string; description = '' - Name of the user under which maddy will run. If not specified, a - default user will be created. + User account under which maddy runs. + + + If left as the default value this user will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the user exists before the maddy service starts. + ''; }; + group = mkOption { default = "maddy"; type = with types; uniq string; description = '' - Name of the group under which maddy will run. If not specified, a - default group will be created. + Group account under which maddy runs. + + + If left as the default value this group will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the group exists before the maddy service starts. + ''; }; @@ -158,6 +177,7 @@ in { Hostname to use. It should be FQDN. ''; }; + primaryDomain = mkOption { default = "localhost"; type = with types; uniq string; @@ -166,6 +186,7 @@ in { Primary MX domain to use. It should be FQDN. ''; }; + localDomains = mkOption { type = with types; listOf str; default = ["$(primary_domain)"]; @@ -178,11 +199,18 @@ in { Define list of allowed domains. ''; }; + config = mkOption { type = with types; nullOr lines; default = defaultConfig; description = '' - Server configuration. + Server configuration, see + https://maddy.email for + more information. The default configuration of this module will setup + minimal maddy instance for mail transfer without TLS encryption. + + This should not be used in a production environment. + ''; }; @@ -203,9 +231,11 @@ in { packages = [ pkgs.maddy ]; services.maddy = { serviceConfig = { - User = "${cfg.user}"; - Group = "${cfg.group}"; + User = cfg.user; + Group = cfg.group; + StateDirectory = [ "maddy" ]; }; + restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ]; wantedBy = [ "multi-user.target" ]; }; }; @@ -220,20 +250,16 @@ in { ''; }; - users.users = optionalAttrs (cfg.user == "maddy") { - maddy = { - description = "Maddy service user"; - group = cfg.group; - home = "/var/lib/maddy"; - createHome = true; + users.users = optionalAttrs (cfg.user == name) { + ${name} = { isSystemUser = true; + group = cfg.group; + description = "Maddy mail transfer agent user"; }; }; - users.groups = mkIf (cfg.group == "maddy") { - maddy = pkgs.lib.mkForce { - name = cfg.group; - }; + users.groups = optionalAttrs (cfg.group == name) { + ${cfg.group} = { }; }; networking.firewall = mkIf cfg.openFirewall { -- cgit 1.4.1