From b306ecd228581b3171a46641bfd52c0958a77d06 Mon Sep 17 00:00:00 2001 From: Florian Brandes Date: Sat, 13 Jul 2024 16:45:04 +0200 Subject: [PATCH] use systemd credentials Signed-off-by: Florian Brandes --- default.nix | 2 +- module.nix | 14 ++++++++++++-- pyproject.toml | 2 +- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/default.nix b/default.nix index cc86358..7bf98da 100644 --- a/default.nix +++ b/default.nix @@ -2,7 +2,7 @@ pkgs.python3Packages.buildPythonPackage rec { pname = "smtprd-ng"; - version = "0.1.0"; + version = "0.2.0"; pyproject = true; src = lib.cleanSource ./.; diff --git a/module.nix b/module.nix index 30c34db..9e555d9 100644 --- a/module.nix +++ b/module.nix @@ -13,12 +13,18 @@ let hostname = cfg.client.hostname; port = cfg.client.port; username = cfg.client.username; - password_file = cfg.client.password_file; + password_file = if cfg.client.password_file != "" then + "/run/credentials/smtprd-ng.service/password_file" + else + ""; sender = cfg.client.sender; use_tls = cfg.client.use_tls; start_tls = cfg.client.start_tls; smime_cert = cfg.client.smime_cert; - smime_cert_private = cfg.client.smime_cert_private; + smime_cert_private = if cfg.client.smime_cert_private != "" then + "/run/credentials/smtprd-ng.service/smime_cert_private" + else + ""; }; emails = cfg.emails; }; @@ -159,6 +165,10 @@ in { wantedBy = [ "multi-user.target" ]; requires = [ "network.target" ]; serviceConfig = { + LoadCredential = [ + "smime_cert_private:${cfg.client.smime_cert_private}" + "password_file:${cfg.client.password_file}" + ]; DynamicUser = true; User = "smtprd-ng"; Group = "smtprd-ng"; diff --git a/pyproject.toml b/pyproject.toml index 86b38cb..46ec1e6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "smtprd-ng" -version = "0.1.0" +version = "0.2.0" description = "SMTP forwarding relay daemon with signing and encryption" authors = [{ name = "Florian Brandes", email = "dev@mail.flo-the.dev" }] classifiers = [