feat: Add email options
This commit is contained in:
@@ -17,6 +17,14 @@ let
|
|||||||
mailserver-service-account-token-name = "mailserver-service-account-token";
|
mailserver-service-account-token-name = "mailserver-service-account-token";
|
||||||
mailserver-service-account-token-fp = "/run/keys/${group}/kanidm-service-account-token"; # FIXME sync with auth module
|
mailserver-service-account-token-fp = "/run/keys/${group}/kanidm-service-account-token"; # FIXME sync with auth module
|
||||||
};
|
};
|
||||||
|
|
||||||
|
modulesConfig = builtins.mapAttrs (
|
||||||
|
_: value: {
|
||||||
|
inherit (value) hashedPasswordFile sendOnly;
|
||||||
|
}
|
||||||
|
) config.sp.email;
|
||||||
|
extraDomains = lib.mapAttrsToList (_: value: value.subdomain) config.sp.email;
|
||||||
|
extraTargets = lib.mapAttrsToList (_: value: value.systemdTargets) config.sp.email;
|
||||||
in
|
in
|
||||||
lib.mkIf sp.modules.simple-nixos-mailserver.enable (
|
lib.mkIf sp.modules.simple-nixos-mailserver.enable (
|
||||||
lib.mkMerge [
|
lib.mkMerge [
|
||||||
@@ -62,7 +70,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
|
|||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = sp.domain;
|
fqdn = sp.domain;
|
||||||
domains = [ sp.domain ];
|
domains = [ sp.domain ] ++ extraDomains;
|
||||||
localDnsResolver = false;
|
localDnsResolver = false;
|
||||||
|
|
||||||
# A list of all login accounts. To create the password hashes, use
|
# A list of all login accounts. To create the password hashes, use
|
||||||
@@ -97,6 +105,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
|
|||||||
};
|
};
|
||||||
}) sp.users
|
}) sp.users
|
||||||
)
|
)
|
||||||
|
// modulesConfig
|
||||||
);
|
);
|
||||||
|
|
||||||
extraVirtualAliases = {
|
extraVirtualAliases = {
|
||||||
@@ -128,6 +137,9 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
|
|||||||
postfix.serviceConfig.Slice = "simple_nixos_mailserver.slice";
|
postfix.serviceConfig.Slice = "simple_nixos_mailserver.slice";
|
||||||
rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
|
rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
|
||||||
redis-rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
|
redis-rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
|
||||||
|
|
||||||
|
dovecot.wants = extraTargets;
|
||||||
|
dovecot2.wants = extraTargets;
|
||||||
};
|
};
|
||||||
slices."simple_nixos_mailserver" = {
|
slices."simple_nixos_mailserver" = {
|
||||||
name = "simple_nixos_mailserver.slice";
|
name = "simple_nixos_mailserver.slice";
|
||||||
@@ -139,7 +151,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
|
|||||||
(lib.mkIf is-auth-enabled {
|
(lib.mkIf is-auth-enabled {
|
||||||
mailserver = {
|
mailserver = {
|
||||||
extraVirtualAliases = lib.mkForce { };
|
extraVirtualAliases = lib.mkForce { };
|
||||||
loginAccounts = lib.mkForce { };
|
loginAccounts = lib.mkForce modulesConfig;
|
||||||
# LDAP is needed for Postfix to query Kanidm about email address ownership.
|
# LDAP is needed for Postfix to query Kanidm about email address ownership.
|
||||||
# LDAP is needed for Dovecot also.
|
# LDAP is needed for Dovecot also.
|
||||||
ldap = {
|
ldap = {
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
{ lib, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
options.selfprivacy.modules.simple-nixos-mailserver = {
|
options.selfprivacy.modules.simple-nixos-mailserver = {
|
||||||
enable =
|
enable =
|
||||||
@@ -34,4 +34,54 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
options.sp.email = with lib; mkOption {
|
||||||
|
type = types.attrsOf (
|
||||||
|
types.submodule (
|
||||||
|
{ name, ... }: {
|
||||||
|
options = {
|
||||||
|
subdomain = mkOption {
|
||||||
|
type = with types; strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
|
||||||
|
example = "myservice";
|
||||||
|
default = config.sp.domain;
|
||||||
|
description = "Email subdomain";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemdTargets = mkOption {
|
||||||
|
type = with types; listOf strMatchig "[a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)";
|
||||||
|
default = [];
|
||||||
|
example = [ "generate-mastodon-email-password.service" ];
|
||||||
|
description = "Systemd target which generates password file.";
|
||||||
|
};
|
||||||
|
|
||||||
|
sendOnly = mkOption {
|
||||||
|
type = with types; bool;
|
||||||
|
default = true;
|
||||||
|
example = "false";
|
||||||
|
description = "Specifies if the account should be a send-only account. Emails sent to send-only accounts will be rejected.";
|
||||||
|
};
|
||||||
|
|
||||||
|
hashedPasswordFile = mkOption {
|
||||||
|
type = with types; str;
|
||||||
|
example = "/run/keys/mastodon/email_password";
|
||||||
|
description = "Path where a file containing password hash located.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
description = ''
|
||||||
|
Don't use this option to create regular users!!!
|
||||||
|
|
||||||
|
This option gives modules possibility to create mailboxes to send emails, e.g. notifications or reminders.
|
||||||
|
'';
|
||||||
|
|
||||||
|
example = {
|
||||||
|
"noreply@mastodon.example.tld" = {
|
||||||
|
hashedPasswordFile = "/run/keys/mastodon/email_password";
|
||||||
|
systemdTargets = [ "generate-mastodon-email-password.service" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user