gador/smtprd-ng
1
0
Fork 0
mirror of https://seed.flo-the.dev/z3gWc1qgaeZaoGwL4WTstLNoqjayM.git synced 2025-12-06 12:57:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1cb073b7cd553c0f71b4835b6b7f93c91f9689f3
smtprd-ng/module.nix
Florian Brandes d3055a9e8b nixfmt 
Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
2024-07-27 18:14:12 +02:00

187 lines
5.2 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.smtprd-ng;
smtprd-ng = pkgs.callPackage ./. { };
cfgText = generators.toINI { } {
server = {
hostname = cfg.server.hostname;
port = cfg.server.port;
};
client = {
hostname = cfg.client.hostname;
port = cfg.client.port;
username = cfg.client.username;
password_file =
if cfg.client.password_file != "" then "/run/credentials/smtprd-ng.service/password_file" else "";
sender = cfg.client.sender;
use_tls = cfg.client.use_tls;
start_tls = cfg.client.start_tls;
smime_cert = cfg.client.smime_cert;
smime_cert_private =
if cfg.client.smime_cert_private != "" then
"/run/credentials/smtprd-ng.service/smime_cert_private"
else
"";
};
emails = cfg.emails;
};
confFile = pkgs.writeText "config.ini" cfgText;
in
{
options.services.smtprd-ng = {
enable = mkEnableOption "smtprd-ng";
package = mkOption {
type = types.package;
default = smtprd-ng;
description = mdDoc ''
The smtprd-ng package to use.
'';
};
server = {
hostname = mkOption {
type = types.str;
default = "localhost";
description = mdDoc ''
The hostname the local SMTP server should listen on.
'';
};
port = mkOption {
type = types.port;
default = 8025;
description = mdDoc ''
The port the local SMTP server should listen on.
'';
};
};
client = {
hostname = mkOption {
type = types.str;
default = "";
description = mdDoc ''
The hostname of the remote SMTP server.
'';
};
port = mkOption {
type = types.port;
default = 587;
description = mdDoc ''
The port of the remote SMTP server.
'';
};
username = mkOption {
type = types.nullOr types.str;
default = null;
description = mdDoc ''
The username to login to the remote SMTP server.
'';
};
password_file = mkOption {
type = types.nullOr types.path;
default = null;
description = mdDoc ''
The path to the file containing the password to login to the remote SMTP server.
Should not be in /nix/store!
'';
};
sender = mkOption {
type = types.nullOr types.str;
default = null;
description = mdDoc ''
The email of the sender. Some SMTP servers require this to be the real FROM email address of the user.
'';
};
use_tls = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Use TLS to connect. Mutually exclusive with `start_tls`
'';
};
start_tls = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Use STARTLS to connect. Mutually exclusive with `use_tls`
'';
};
smime_cert = mkOption {
type = types.nullOr types.path;
default = null;
example = "''\${./mycert.pem}";
description = mdDoc ''
The path to the S/MIME certificate used to sign messages.
If empty, will neither encrypt, nor sign relayed messages.
'';
};
smime_cert_private = mkOption {
type = types.nullOr types.path;
default = null;
description = mdDoc ''
The path to the S/MIME private key for the certificate used to sign messages.
Should not be in /nix/store!
'';
};
};
emails = mkOption {
type = types.nullOr (types.attrsOf (types.nullOr types.str));
default = null;
description = ''
A required set of recipients. A certificate is optional, but required if
messages should be signed and encrypted.
'';
example = {
"monitoring.foo@example.com" = "`/path/to/certificate`";
"unencrypted@example.com" = "`null`";
};
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !cfg.client.use_tls || !cfg.client.start_tls;
message = "Use either TLS or STARTTLS, not both.";
}
{
assertion =
cfg.client.smime_cert == null
|| (cfg.client.smime_cert != null && cfg.client.smime_cert_private != null);
message = "If a S/MIME certificate should be used to sign messages, the private key to this certificate must be supplied.";
}
{
assertion = cfg.emails != null;
message = "At least one recipient must be configured.";
}
];
systemd.services = {
smtprd-ng = {
description = "Run local SMTP relay";
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
serviceConfig = {
LoadCredential = [
"smime_cert_private:${cfg.client.smime_cert_private}"
"password_file:${cfg.client.password_file}"
];
DynamicUser = true;
User = "smtprd-ng";
Group = "smtprd-ng";
Restart = "on-failure";
ExecStart = "${cfg.package}/bin/smtprd-ng --config ${confFile}";
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink