summary refs log tree commit diff
path: root/nixos/modules/services
diff options
context:
space:
mode:
authorAaron Andersen <aaron@fosslib.net>2022-01-01 15:05:42 -0500
committerGitHub <noreply@github.com>2022-01-01 15:05:42 -0500
commit34c283dedaeea9370ccfda7741765cdb5acc9934 (patch)
treea692693eab747baefe180fe8c16c31439ac08d65 /nixos/modules/services
parentf969a0bd2f1f9691a4f47f8758a1ae30f2f251b3 (diff)
parent71c423671bcefa22f96d5a4b6b352647e3ce0505 (diff)
downloadnixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar
nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.gz
nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.bz2
nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.lz
nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.xz
nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.zst
nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.zip
Merge pull request #150846 from onny/maddy
nixos/maddy: Better description, user and group handling
Diffstat (limited to 'nixos/modules/services')
-rw-r--r--nixos/modules/services/mail/maddy.nix60
1 files changed, 43 insertions, 17 deletions
diff --git a/nixos/modules/services/mail/maddy.nix b/nixos/modules/services/mail/maddy.nix
index 44cfa3c2908..0b06905ac6f 100644
--- a/nixos/modules/services/mail/maddy.nix
+++ b/nixos/modules/services/mail/maddy.nix
@@ -3,9 +3,16 @@
 with lib;
 
 let
+
   name = "maddy";
+
   cfg = config.services.maddy;
+
   defaultConfig = ''
+    # Minimal configuration with TLS disabled, adapted from upstream example
+    # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
+    # Do not use this in production!
+
     tls off
 
     auth.pass_table local_authdb {
@@ -131,22 +138,34 @@ let
 in {
   options = {
     services.maddy = {
+
       enable = mkEnableOption "Maddy, a free an open source mail server";
 
       user = mkOption {
         default = "maddy";
         type = with types; uniq string;
         description = ''
-          Name of the user under which maddy will run. If not specified, a
-          default user will be created.
+          User account under which maddy runs.
+
+          <note><para>
+          If left as the default value this user will automatically be created
+          on system activation, otherwise the sysadmin is responsible for
+          ensuring the user exists before the maddy service starts.
+          </para></note>
         '';
       };
+
       group = mkOption {
         default = "maddy";
         type = with types; uniq string;
         description = ''
-          Name of the group under which maddy will run. If not specified, a
-          default group will be created.
+          Group account under which maddy runs.
+
+          <note><para>
+          If left as the default value this group will automatically be created
+          on system activation, otherwise the sysadmin is responsible for
+          ensuring the group exists before the maddy service starts.
+          </para></note>
         '';
       };
 
@@ -158,6 +177,7 @@ in {
           Hostname to use. It should be FQDN.
         '';
       };
+
       primaryDomain = mkOption {
         default = "localhost";
         type = with types; uniq string;
@@ -166,6 +186,7 @@ in {
           Primary MX domain to use. It should be FQDN.
         '';
       };
+
       localDomains = mkOption {
         type = with types; listOf str;
         default = ["$(primary_domain)"];
@@ -178,11 +199,18 @@ in {
           Define list of allowed domains.
         '';
       };
+
       config = mkOption {
         type = with types; nullOr lines;
         default = defaultConfig;
         description = ''
-          Server configuration.
+          Server configuration, see
+          <link xlink:href="https://maddy.email">https://maddy.email</link> for
+          more information. The default configuration of this module will setup
+          minimal maddy instance for mail transfer without TLS encryption.
+          <note><para>
+          This should not be used in a production environment.
+          </para></note>
         '';
       };
 
@@ -203,9 +231,11 @@ in {
       packages = [ pkgs.maddy ];
       services.maddy = {
         serviceConfig = {
-          User = "${cfg.user}";
-          Group = "${cfg.group}";
+          User = cfg.user;
+          Group = cfg.group;
+          StateDirectory = [ "maddy" ];
         };
+        restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
         wantedBy = [ "multi-user.target" ];
       };
     };
@@ -220,20 +250,16 @@ in {
       '';
     };
 
-    users.users = optionalAttrs (cfg.user == "maddy") {
-      maddy = {
-        description = "Maddy service user";
-        group = cfg.group;
-        home = "/var/lib/maddy";
-        createHome = true;
+    users.users = optionalAttrs (cfg.user == name) {
+      ${name} = {
         isSystemUser = true;
+        group = cfg.group;
+        description = "Maddy mail transfer agent user";
       };
     };
 
-    users.groups = mkIf (cfg.group == "maddy") {
-      maddy = pkgs.lib.mkForce {
-        name = cfg.group;
-      };
+    users.groups = optionalAttrs (cfg.group == name) {
+      ${cfg.group} = { };
     };
 
     networking.firewall = mkIf cfg.openFirewall {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 12:51:08 +0000