diff options
| author | Aaron Andersen <aaron@fosslib.net> | 2020-06-06 11:02:23 -0400 |
|---|---|---|
| committer | Aaron Andersen <aaron@fosslib.net> | 2020-06-12 06:41:56 -0400 |
| commit | ad2330f642bbd52749b51be917aa35b26eb1730a (patch) | |
| tree | 82a8c77749f2429412e6b3db07b74d177e6aeec0 /nixos/modules/programs/ssmtp.nix | |
| parent | 6394b12a07900d8acc01dc96a9669bed6549d1f9 (diff) | |
| download | nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.tar nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.tar.gz nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.tar.bz2 nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.tar.lz nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.tar.xz nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.tar.zst nixpkgs-ad2330f642bbd52749b51be917aa35b26eb1730a.zip | |
nixos/ssmtp: drop authPass option in favor of authPassFile, or services.ssmtp.settings.AuthPass if absolutely required
Diffstat (limited to 'nixos/modules/programs/ssmtp.nix')
| -rw-r--r-- | nixos/modules/programs/ssmtp.nix | 27 |
1 files changed, 3 insertions, 24 deletions
diff --git a/nixos/modules/programs/ssmtp.nix b/nixos/modules/programs/ssmtp.nix index eee36b6ae57..15d2750c193 100644 --- a/nixos/modules/programs/ssmtp.nix +++ b/nixos/modules/programs/ssmtp.nix @@ -21,9 +21,11 @@ in (mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ]) - (mkRenamedOptionModule [ "networking" "defaultMailServer" "authPass" ] [ "services" "ssmtp" "authPass" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ]) + + (mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path") + (mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path") ]; options = { @@ -116,18 +118,6 @@ in ''; }; - authPass = mkOption { - type = types.str; - default = ""; - example = "correctHorseBatteryStaple"; - description = '' - Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE) - - It's recommended to use <option>authPassFile</option> - which takes precedence over <option>authPass</option>. - ''; - }; - authPassFile = mkOption { type = types.nullOr types.str; default = null; @@ -136,11 +126,6 @@ in Path to a file that contains the password used for SMTP auth. The file should not contain a trailing newline, if the password does not contain one. This file should be readable by the users that need to execute ssmtp. - - <option>authPassFile</option> takes precedence over <option>authPass</option>. - - Warning: when <option>authPass</option> is non-empty <option>authPassFile</option> - defaults to a file in the WORLD-READABLE Nix store containing that password. ''; }; @@ -157,12 +142,6 @@ in config = mkIf cfg.enable { - services.ssmtp.authPassFile = mkIf (cfg.authPass != "") - (mkDefault (toString (pkgs.writeTextFile { - name = "ssmtp-authpass"; - text = cfg.authPass; - }))); - services.ssmtp.settings = mkMerge [ ({ MailHub = cfg.hostName; |