diff options
author | Aaron Andersen <aaron@fosslib.net> | 2022-01-01 15:05:42 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-01 15:05:42 -0500 |
commit | 34c283dedaeea9370ccfda7741765cdb5acc9934 (patch) | |
tree | a692693eab747baefe180fe8c16c31439ac08d65 /nixos/modules/services | |
parent | f969a0bd2f1f9691a4f47f8758a1ae30f2f251b3 (diff) | |
parent | 71c423671bcefa22f96d5a4b6b352647e3ce0505 (diff) | |
download | nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.gz nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.bz2 nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.lz nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.xz nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.tar.zst nixpkgs-34c283dedaeea9370ccfda7741765cdb5acc9934.zip |
Merge pull request #150846 from onny/maddy
nixos/maddy: Better description, user and group handling
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/mail/maddy.nix | 60 |
1 files changed, 43 insertions, 17 deletions
diff --git a/nixos/modules/services/mail/maddy.nix b/nixos/modules/services/mail/maddy.nix index 44cfa3c2908..0b06905ac6f 100644 --- a/nixos/modules/services/mail/maddy.nix +++ b/nixos/modules/services/mail/maddy.nix @@ -3,9 +3,16 @@ with lib; let + name = "maddy"; + cfg = config.services.maddy; + defaultConfig = '' + # Minimal configuration with TLS disabled, adapted from upstream example + # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf + # Do not use this in production! + tls off auth.pass_table local_authdb { @@ -131,22 +138,34 @@ let in { options = { services.maddy = { + enable = mkEnableOption "Maddy, a free an open source mail server"; user = mkOption { default = "maddy"; type = with types; uniq string; description = '' - Name of the user under which maddy will run. If not specified, a - default user will be created. + User account under which maddy runs. + + <note><para> + If left as the default value this user will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the user exists before the maddy service starts. + </para></note> ''; }; + group = mkOption { default = "maddy"; type = with types; uniq string; description = '' - Name of the group under which maddy will run. If not specified, a - default group will be created. + Group account under which maddy runs. + + <note><para> + If left as the default value this group will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the group exists before the maddy service starts. + </para></note> ''; }; @@ -158,6 +177,7 @@ in { Hostname to use. It should be FQDN. ''; }; + primaryDomain = mkOption { default = "localhost"; type = with types; uniq string; @@ -166,6 +186,7 @@ in { Primary MX domain to use. It should be FQDN. ''; }; + localDomains = mkOption { type = with types; listOf str; default = ["$(primary_domain)"]; @@ -178,11 +199,18 @@ in { Define list of allowed domains. ''; }; + config = mkOption { type = with types; nullOr lines; default = defaultConfig; description = '' - Server configuration. + Server configuration, see + <link xlink:href="https://maddy.email">https://maddy.email</link> for + more information. The default configuration of this module will setup + minimal maddy instance for mail transfer without TLS encryption. + <note><para> + This should not be used in a production environment. + </para></note> ''; }; @@ -203,9 +231,11 @@ in { packages = [ pkgs.maddy ]; services.maddy = { serviceConfig = { - User = "${cfg.user}"; - Group = "${cfg.group}"; + User = cfg.user; + Group = cfg.group; + StateDirectory = [ "maddy" ]; }; + restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ]; wantedBy = [ "multi-user.target" ]; }; }; @@ -220,20 +250,16 @@ in { ''; }; - users.users = optionalAttrs (cfg.user == "maddy") { - maddy = { - description = "Maddy service user"; - group = cfg.group; - home = "/var/lib/maddy"; - createHome = true; + users.users = optionalAttrs (cfg.user == name) { + ${name} = { isSystemUser = true; + group = cfg.group; + description = "Maddy mail transfer agent user"; }; }; - users.groups = mkIf (cfg.group == "maddy") { - maddy = pkgs.lib.mkForce { - name = cfg.group; - }; + users.groups = optionalAttrs (cfg.group == name) { + ${cfg.group} = { }; }; networking.firewall = mkIf cfg.openFirewall { |