diff --git a/sp-modules/simple-nixos-mailserver/config.nix b/sp-modules/simple-nixos-mailserver/config.nix index 252f558..367199f 100644 --- a/sp-modules/simple-nixos-mailserver/config.nix +++ b/sp-modules/simple-nixos-mailserver/config.nix @@ -17,6 +17,14 @@ let mailserver-service-account-token-name = "mailserver-service-account-token"; mailserver-service-account-token-fp = "/run/keys/${group}/kanidm-service-account-token"; # FIXME sync with auth module }; + + modulesConfig = builtins.mapAttrs ( + _: value: { + inherit (value) hashedPasswordFile sendOnly; + } + ) config.sp.email; + extraDomains = lib.mapAttrsToList (_: value: value.subdomain) config.sp.email; + extraTargets = lib.mapAttrsToList (_: value: value.systemdTargets) config.sp.email; in lib.mkIf sp.modules.simple-nixos-mailserver.enable ( lib.mkMerge [ @@ -62,7 +70,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable ( mailserver = { enable = true; fqdn = sp.domain; - domains = [ sp.domain ]; + domains = [ sp.domain ] ++ extraDomains; localDnsResolver = false; # A list of all login accounts. To create the password hashes, use @@ -97,6 +105,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable ( }; }) sp.users ) + // modulesConfig ); extraVirtualAliases = { @@ -128,6 +137,9 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable ( postfix.serviceConfig.Slice = "simple_nixos_mailserver.slice"; rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice"; redis-rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice"; + + dovecot.wants = extraTargets; + dovecot2.wants = extraTargets; }; slices."simple_nixos_mailserver" = { name = "simple_nixos_mailserver.slice"; @@ -139,7 +151,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable ( (lib.mkIf is-auth-enabled { mailserver = { extraVirtualAliases = lib.mkForce { }; - loginAccounts = lib.mkForce { }; + loginAccounts = lib.mkForce modulesConfig; # LDAP is needed for Postfix to query Kanidm about email address ownership. # LDAP is needed for Dovecot also. ldap = { diff --git a/sp-modules/simple-nixos-mailserver/options.nix b/sp-modules/simple-nixos-mailserver/options.nix index 02c80ee..f385d16 100644 --- a/sp-modules/simple-nixos-mailserver/options.nix +++ b/sp-modules/simple-nixos-mailserver/options.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: { options.selfprivacy.modules.simple-nixos-mailserver = { enable = @@ -34,4 +34,54 @@ }; }; }; + + options.sp.email = with lib; mkOption { + type = types.attrsOf ( + types.submodule ( + { name, ... }: { + options = { + subdomain = mkOption { + type = with types; strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]"; + example = "myservice"; + default = config.sp.domain; + description = "Email subdomain"; + }; + + systemdTargets = mkOption { + type = with types; listOf strMatchig "[a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"; + default = []; + example = [ "generate-mastodon-email-password.service" ]; + description = "Systemd target which generates password file."; + }; + + sendOnly = mkOption { + type = with types; bool; + default = true; + example = "false"; + description = "Specifies if the account should be a send-only account. Emails sent to send-only accounts will be rejected."; + }; + + hashedPasswordFile = mkOption { + type = with types; str; + example = "/run/keys/mastodon/email_password"; + description = "Path where a file containing password hash located."; + }; + }; + } + ) + ); + + description = '' + Don't use this option to create regular users!!! + + This option gives modules possibility to create mailboxes to send emails, e.g. notifications or reminders. + ''; + + example = { + "noreply@mastodon.example.tld" = { + hashedPasswordFile = "/run/keys/mastodon/email_password"; + systemdTargets = [ "generate-mastodon-email-password.service" ]; + }; + }; + }; }