diff --git a/module.nix b/module.nix index 8d08c3e..b202c78 100644 --- a/module.nix +++ b/module.nix @@ -5,29 +5,31 @@ }: with lib; let - cfg = config.smtprd-ng; + cfg = config.services.smtprd-ng; smtprd-ng = pkgs.callPackage ./. { }; - emails = submodule { - options = { - email = mkOption { - type = types.str; - description = '' - Email to relay locally received emails to. - ''; - }; - certificate = mkOption { - type = types.nullOr types.path; - description = '' - Path to the public S/MIME certificate for this receiver. Emails will be encrypted with this certificate. - ''; - }; + cfgText = generators.toINI { } { + server = { + hostname = cfg.server.hostname; + port = cfg.server.port; }; + client = { + hostname = cfg.client.hostname; + port = cfg.client.port; + username = cfg.client.username; + password_file = cfg.client.password_file; + sender = cfg.client.sender; + use_tls = cfg.client.use_tls; + start_tls = cfg.client.start_tls; + smime_cert = cfg.client.smime_cert; + smime_cert_private = cfg.client.smime_cert_private; + }; + emails = cfg.emails; }; - + confFile = pkgs.writeText "config.ini" cfgText; in { - options.smtprd-ng = { + options.services.smtprd-ng = { enable = mkEnableOption "smtprd-ng"; package = mkOption { @@ -108,6 +110,7 @@ in smime_cert = mkOption { type = types.nullOr types.path; default = null; + example = "''\${./mycert.pem}"; description = mdDoc '' The path to the S/MIME certificate used to sign messages. If empty, will neither encrypt, nor sign relayed messages. @@ -123,22 +126,16 @@ in }; }; emails = mkOption { - type = nullOr (listOf emails); + type = types.nullOr (types.attrsOf (types.nullOr types.str)); default = null; description = '' - A required list of recipients. A certificate is optional, but required if + A required set of recipients. A certificate is optional, but required if messages should be signed and encrypted. ''; - example = [ - { - email = "monitoring.foo@example.com"; - certificate = "`/path/to/certificate`"; - } - { - email = "unencrypted@example.com"; - certificate = "`null`"; - } - ]; + example = { + "monitoring.foo@example.com" = "`/path/to/certificate`"; + "unencrypted@example.com" = "`null`"; + }; }; }; @@ -146,11 +143,13 @@ in assertions = [ { - assertion = cfg.client.use_tls == true && cfg.client.start_tls == true; + assertion = !cfg.client.use_tls || !cfg.client.start_tls; message = "Use either TLS or STARTTLS, not both."; } { - assertion = cfg.client.smime_cert != null && cfg.client.smime_cert_private == null; + assertion = + cfg.client.smime_cert == null + || (cfg.client.smime_cert != null && cfg.client.smime_cert_private != null); message = "If a S/MIME certificate should be used to sign messages, the private key to this certificate must be supplied."; } { @@ -159,38 +158,17 @@ in } ]; - configFile = { - text = generators.toINI { } { - server = { - hostname = cfg.server.hostname; - port = cfg.server.port; - }; - client = { - hostname = cfg.client.hostname; - port = cfg.client.port; - username = cfg.client.username; - password_file = cfg.client.password_file; - sender = cfg.client.sender; - use_tls = cfg.client.use_tls; - start_tls = cfg.client.start_tls; - smime_cert = cfg.client.smime_cert; - smime_cert_private = cfg.client.smime_cert_private; - }; - emails = cfg.emails; - }; - - systemd.services = { - smtprd-ng = { - description = "Run local SMTP relay"; - wantedBy = [ "multi-user.target" ]; - requires = [ "network.target" ]; - serviceConfig = { - DynamicUser = true; - User = "smtprd-ng"; - Group = "smtprd-ng"; - Restart = "on-failure"; - ExecStart = "${cfg.package}/bin/smtprd-ng --config ${configFile}"; - }; + systemd.services = { + smtprd-ng = { + description = "Run local SMTP relay"; + wantedBy = [ "multi-user.target" ]; + requires = [ "network.target" ]; + serviceConfig = { + DynamicUser = true; + User = "smtprd-ng"; + Group = "smtprd-ng"; + Restart = "on-failure"; + ExecStart = "${cfg.package}/bin/smtprd-ng --config ${confFile}"; }; }; };