mirror of
https://seed.flo-the.dev/z3gWc1qgaeZaoGwL4WTstLNoqjayM.git
synced 2025-12-06 04:47:35 +01:00
add module.nix and checked its functionality
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
This commit is contained in:
104
module.nix
104
module.nix
@@ -5,29 +5,31 @@
|
|||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.smtprd-ng;
|
cfg = config.services.smtprd-ng;
|
||||||
smtprd-ng = pkgs.callPackage ./. { };
|
smtprd-ng = pkgs.callPackage ./. { };
|
||||||
|
|
||||||
emails = submodule {
|
cfgText = generators.toINI { } {
|
||||||
options = {
|
server = {
|
||||||
email = mkOption {
|
hostname = cfg.server.hostname;
|
||||||
type = types.str;
|
port = cfg.server.port;
|
||||||
description = ''
|
|
||||||
Email to relay locally received emails to.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
certificate = mkOption {
|
|
||||||
type = types.nullOr types.path;
|
|
||||||
description = ''
|
|
||||||
Path to the public S/MIME certificate for this receiver. Emails will be encrypted with this certificate.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
client = {
|
||||||
|
hostname = cfg.client.hostname;
|
||||||
|
port = cfg.client.port;
|
||||||
|
username = cfg.client.username;
|
||||||
|
password_file = cfg.client.password_file;
|
||||||
|
sender = cfg.client.sender;
|
||||||
|
use_tls = cfg.client.use_tls;
|
||||||
|
start_tls = cfg.client.start_tls;
|
||||||
|
smime_cert = cfg.client.smime_cert;
|
||||||
|
smime_cert_private = cfg.client.smime_cert_private;
|
||||||
|
};
|
||||||
|
emails = cfg.emails;
|
||||||
};
|
};
|
||||||
|
confFile = pkgs.writeText "config.ini" cfgText;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.smtprd-ng = {
|
options.services.smtprd-ng = {
|
||||||
enable = mkEnableOption "smtprd-ng";
|
enable = mkEnableOption "smtprd-ng";
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
@@ -108,6 +110,7 @@ in
|
|||||||
smime_cert = mkOption {
|
smime_cert = mkOption {
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
default = null;
|
default = null;
|
||||||
|
example = "''\${./mycert.pem}";
|
||||||
description = mdDoc ''
|
description = mdDoc ''
|
||||||
The path to the S/MIME certificate used to sign messages.
|
The path to the S/MIME certificate used to sign messages.
|
||||||
If empty, will neither encrypt, nor sign relayed messages.
|
If empty, will neither encrypt, nor sign relayed messages.
|
||||||
@@ -123,22 +126,16 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
emails = mkOption {
|
emails = mkOption {
|
||||||
type = nullOr (listOf emails);
|
type = types.nullOr (types.attrsOf (types.nullOr types.str));
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
A required list of recipients. A certificate is optional, but required if
|
A required set of recipients. A certificate is optional, but required if
|
||||||
messages should be signed and encrypted.
|
messages should be signed and encrypted.
|
||||||
'';
|
'';
|
||||||
example = [
|
example = {
|
||||||
{
|
"monitoring.foo@example.com" = "`/path/to/certificate`";
|
||||||
email = "monitoring.foo@example.com";
|
"unencrypted@example.com" = "`null`";
|
||||||
certificate = "`/path/to/certificate`";
|
};
|
||||||
}
|
|
||||||
{
|
|
||||||
email = "unencrypted@example.com";
|
|
||||||
certificate = "`null`";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -146,11 +143,13 @@ in
|
|||||||
|
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = cfg.client.use_tls == true && cfg.client.start_tls == true;
|
assertion = !cfg.client.use_tls || !cfg.client.start_tls;
|
||||||
message = "Use either TLS or STARTTLS, not both.";
|
message = "Use either TLS or STARTTLS, not both.";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
assertion = cfg.client.smime_cert != null && cfg.client.smime_cert_private == null;
|
assertion =
|
||||||
|
cfg.client.smime_cert == null
|
||||||
|
|| (cfg.client.smime_cert != null && cfg.client.smime_cert_private != null);
|
||||||
message = "If a S/MIME certificate should be used to sign messages, the private key to this certificate must be supplied.";
|
message = "If a S/MIME certificate should be used to sign messages, the private key to this certificate must be supplied.";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@@ -159,38 +158,17 @@ in
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
configFile = {
|
systemd.services = {
|
||||||
text = generators.toINI { } {
|
smtprd-ng = {
|
||||||
server = {
|
description = "Run local SMTP relay";
|
||||||
hostname = cfg.server.hostname;
|
wantedBy = [ "multi-user.target" ];
|
||||||
port = cfg.server.port;
|
requires = [ "network.target" ];
|
||||||
};
|
serviceConfig = {
|
||||||
client = {
|
DynamicUser = true;
|
||||||
hostname = cfg.client.hostname;
|
User = "smtprd-ng";
|
||||||
port = cfg.client.port;
|
Group = "smtprd-ng";
|
||||||
username = cfg.client.username;
|
Restart = "on-failure";
|
||||||
password_file = cfg.client.password_file;
|
ExecStart = "${cfg.package}/bin/smtprd-ng --config ${confFile}";
|
||||||
sender = cfg.client.sender;
|
|
||||||
use_tls = cfg.client.use_tls;
|
|
||||||
start_tls = cfg.client.start_tls;
|
|
||||||
smime_cert = cfg.client.smime_cert;
|
|
||||||
smime_cert_private = cfg.client.smime_cert_private;
|
|
||||||
};
|
|
||||||
emails = cfg.emails;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services = {
|
|
||||||
smtprd-ng = {
|
|
||||||
description = "Run local SMTP relay";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
requires = [ "network.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
DynamicUser = true;
|
|
||||||
User = "smtprd-ng";
|
|
||||||
Group = "smtprd-ng";
|
|
||||||
Restart = "on-failure";
|
|
||||||
ExecStart = "${cfg.package}/bin/smtprd-ng --config ${configFile}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user