Merge pull request #167051 from pacien/ssmtp-removal

ssmtp: drop unmaintained program and module

7 files changed, 85 insertions, 195 deletions

diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index be38e3fb389..d49a997918c 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -464,6 +464,44 @@
       </listitem>
       <listitem>
         <para>
+          <literal>pkgs.ssmtp</literal> has been dropped due to the
+          program being unmaintained. <literal>pkgs.msmtp</literal> can
+          be used instead as a substitute <literal>sendmail</literal>
+          implementation. The corresponding options
+          <literal>services.ssmtp.*</literal> have been removed as well.
+          <literal>programs.msmtp.*</literal> can be used instead for an
+          equivalent setup. For example:
+        </para>
+        <programlisting language="bash">
+{
+  # Original ssmtp configuration:
+  services.ssmtp = {
+    enable = true;
+    useTLS = true;
+    useSTARTTLS = true;
+    hostName = &quot;smtp.example:587&quot;;
+    authUser = &quot;someone&quot;;
+    authPassFile = &quot;/secrets/password.txt&quot;;
+  };
+
+  # Equivalent msmtp configuration:
+  programs.msmtp = {
+    enable = true;
+    accounts.default = {
+      tls = true;
+      tls_starttls = true;
+      auth = true;
+      host = &quot;smtp.example&quot;;
+      port = 587;
+      user = &quot;someone&quot;;
+      passwordeval = &quot;cat /secrets/password.txt&quot;;
+    };
+  };
+}
+</programlisting>
+      </listitem>
+      <listitem>
+        <para>
           <literal>services.kubernetes.addons.dashboard</literal> was
           removed due to it being an outdated version.
         </para>
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 4fddd34d447..a5bcd09211c 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -150,6 +150,39 @@ In addition to numerous new and upgraded packages, this release has the followin
 - `security.klogd` was removed.  Logging of kernel messages is handled
   by systemd since Linux 3.5.
 
+- `pkgs.ssmtp` has been dropped due to the program being unmaintained.
+  `pkgs.msmtp` can be used instead as a substitute `sendmail` implementation.
+  The corresponding options `services.ssmtp.*` have been removed as well.
+  `programs.msmtp.*` can be used instead for an equivalent setup. For example:
+
+  ```nix
+  {
+    # Original ssmtp configuration:
+    services.ssmtp = {
+      enable = true;
+      useTLS = true;
+      useSTARTTLS = true;
+      hostName = "smtp.example:587";
+      authUser = "someone";
+      authPassFile = "/secrets/password.txt";
+    };
+
+    # Equivalent msmtp configuration:
+    programs.msmtp = {
+      enable = true;
+      accounts.default = {
+        tls = true;
+        tls_starttls = true;
+        auth = true;
+        host = "smtp.example";
+        port = 587;
+        user = "someone";
+        passwordeval = "cat /secrets/password.txt";
+      };
+    };
+  }
+  ```
+
 - `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
 
 - `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 4c882707c5f..c6008864e8b 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -205,7 +205,6 @@
   ./programs/spacefm.nix
   ./programs/singularity.nix
   ./programs/ssh.nix
-  ./programs/ssmtp.nix
   ./programs/sysdig.nix
   ./programs/systemtap.nix
   ./programs/starship.nix
diff --git a/nixos/modules/programs/ssmtp.nix b/nixos/modules/programs/ssmtp.nix
deleted file mode 100644
index b454bf35229..00000000000
--- a/nixos/modules/programs/ssmtp.nix
+++ /dev/null
@@ -1,190 +0,0 @@
-# Configuration for `ssmtp', a trivial mail transfer agent that can
-# replace sendmail/postfix on simple systems.  It delivers email
-# directly to an SMTP server defined in its configuration file, without
-# queueing mail locally.
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.ssmtp;
-
-in
-{
-
-  imports = [
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
-    (mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
-
-    (mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
-    (mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
-  ];
-
-  options = {
-
-    services.ssmtp = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Use the trivial Mail Transfer Agent (MTA)
-          <command>ssmtp</command> package to allow programs to send
-          e-mail.  If you don't want to run a “real” MTA like
-          <command>sendmail</command> or <command>postfix</command> on
-          your machine, set this option to <literal>true</literal>, and
-          set the option
-          <option>services.ssmtp.hostName</option> to the
-          host name of your preferred mail server.
-        '';
-      };
-
-      settings = mkOption {
-        type = with types; attrsOf (oneOf [ bool str ]);
-        default = {};
-        description = ''
-          <citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
-          to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
-        '';
-        example = literalExpression ''
-          {
-            Debug = true;
-            FromLineOverride = false;
-          }
-        '';
-      };
-
-      hostName = mkOption {
-        type = types.str;
-        example = "mail.example.org";
-        description = ''
-          The host name of the default mail server to use to deliver
-          e-mail. Can also contain a port number (ex: mail.example.org:587),
-          defaults to port 25 if no port is given.
-        '';
-      };
-
-      root = mkOption {
-        type = types.str;
-        default = "";
-        example = "root@example.org";
-        description = ''
-          The e-mail to which mail for users with UID &lt; 1000 is forwarded.
-        '';
-      };
-
-      domain = mkOption {
-        type = types.str;
-        default = "";
-        example = "example.org";
-        description = ''
-          The domain from which mail will appear to be sent.
-        '';
-      };
-
-      useTLS = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether TLS should be used to connect to the default mail
-          server.
-        '';
-      };
-
-      useSTARTTLS = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether the STARTTLS should be used to connect to the default
-          mail server.  (This is needed for TLS-capable mail servers
-          running on the default SMTP port 25.)
-        '';
-      };
-
-      authUser = mkOption {
-        type = types.str;
-        default = "";
-        example = "foo@example.org";
-        description = ''
-          Username used for SMTP auth. Leave blank to disable.
-        '';
-      };
-
-      authPassFile = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-        example = "/run/keys/ssmtp-authpass";
-        description = ''
-          Path to a file that contains the password used for SMTP auth. The file
-          should not contain a trailing newline, if the password does not contain one
-          (e.g. use <command>echo -n "password" > file</command>).
-          This file should be readable by the users that need to execute ssmtp.
-        '';
-      };
-
-      setSendmail = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Whether to set the system sendmail to ssmtp's.";
-      };
-
-    };
-
-  };
-
-
-  config = mkIf cfg.enable {
-
-    assertions = [
-      {
-        assertion = cfg.useSTARTTLS -> cfg.useTLS;
-        message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
-      }
-    ];
-
-    services.ssmtp.settings = mkMerge [
-      ({
-        MailHub = cfg.hostName;
-        FromLineOverride = mkDefault true;
-        UseTLS = cfg.useTLS;
-        UseSTARTTLS = cfg.useSTARTTLS;
-      })
-      (mkIf (cfg.root != "") { root = cfg.root; })
-      (mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
-      (mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
-      (mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
-    ];
-
-    # careful here: ssmtp REQUIRES all config lines to end with a newline char!
-    environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue {
-      mkKeyValue = mkKeyValueDefault {
-        mkValueString = value:
-          if value == true then "YES"
-          else if value == false then "NO"
-          else mkValueStringDefault {} value
-        ;
-      } "=";
-    } cfg.settings;
-
-    environment.systemPackages = [pkgs.ssmtp];
-
-    services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
-      program = "sendmail";
-      source = "${pkgs.ssmtp}/bin/sendmail";
-      setuid = false;
-      setgid = false;
-      owner = "root";
-      group = "root";
-    };
-
-  };
-
-}
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 72395b2ee86..1d226276493 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -69,6 +69,11 @@ with lib;
     '')
     (mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
     (mkRemovedOptionModule [ "services" "seeks" ] "")
+    (mkRemovedOptionModule [ "services" "ssmtp" ] ''
+      The ssmtp package and the corresponding module have been removed due to
+      the program being unmaintained. The options `programs.msmtp.*` can be
+      used instead.
+    '')
     (mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
     (mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
     (mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
diff --git a/nixos/modules/services/monitoring/nagios.nix b/nixos/modules/services/monitoring/nagios.nix
index 2c7f0ed1966..69173ce4e44 100644
--- a/nixos/modules/services/monitoring/nagios.nix
+++ b/nixos/modules/services/monitoring/nagios.nix
@@ -102,8 +102,8 @@ in
 
       plugins = mkOption {
         type = types.listOf types.package;
-        default = with pkgs; [ monitoring-plugins ssmtp mailutils ];
-        defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]";
+        default = with pkgs; [ monitoring-plugins msmtp mailutils ];
+        defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]";
         description = "
           Packages to be added to the Nagios <envar>PATH</envar>.
           Typically used to add plugins, but can be anything.
diff --git a/nixos/tests/mailcatcher.nix b/nixos/tests/mailcatcher.nix
index d7858ab354b..f23b749a021 100644
--- a/nixos/tests/mailcatcher.nix
+++ b/nixos/tests/mailcatcher.nix
@@ -9,8 +9,13 @@ import ./make-test-python.nix ({ lib, ... }:
     {
       services.mailcatcher.enable = true;
 
-      services.ssmtp.enable = true;
-      services.ssmtp.hostName = "localhost:1025";
+      programs.msmtp = {
+        enable = true;
+        accounts.default = {
+          host = "localhost";
+          port = 1025;
+        };
+      };
 
       environment.systemPackages = [ pkgs.mailutils ];
     };