thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add email options

Browse Source
This commit is contained in:
Thary
2025-09-13 15:44:04 +03:00
parent ff58cfa2f1
commit 507cc85239
2 changed files with 65 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -17,6 +17,14 @@ let
mailserver-service-account-token-name = "mailserver-service-account-token";
mailserver-service-account-token-fp = "/run/keys/${group}/kanidm-service-account-token"; # FIXME sync with auth module
};
modulesConfig = builtins.mapAttrs (
_: value: {
inherit (value) hashedPasswordFile sendOnly;
}
) config.sp.email;
extraDomains = lib.mapAttrsToList (_: value: value.subdomain) config.sp.email;
extraTargets = lib.mapAttrsToList (_: value: value.systemdTargets) config.sp.email;
in
lib.mkIf sp.modules.simple-nixos-mailserver.enable (
lib.mkMerge [
@@ -62,7 +70,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
mailserver = {
enable = true;
fqdn = sp.domain;
domains = [ sp.domain ];
domains = [ sp.domain ] ++ extraDomains;
localDnsResolver = false;
# A list of all login accounts. To create the password hashes, use
@@ -97,6 +105,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
};
}) sp.users
)
// modulesConfig
);
extraVirtualAliases = {
@@ -128,6 +137,9 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
postfix.serviceConfig.Slice = "simple_nixos_mailserver.slice";
rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
redis-rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
dovecot.wants = extraTargets;
dovecot2.wants = extraTargets;
};
slices."simple_nixos_mailserver" = {
name = "simple_nixos_mailserver.slice";
@@ -139,7 +151,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (
(lib.mkIf is-auth-enabled {
mailserver = {
extraVirtualAliases = lib.mkForce { };
loginAccounts = lib.mkForce { };
loginAccounts = lib.mkForce modulesConfig;
# LDAP is needed for Postfix to query Kanidm about email address ownership.
# LDAP is needed for Dovecot also.
ldap = {

52
sp-modules/simple-nixos-mailserver/options.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, ... }:
{
options.selfprivacy.modules.simple-nixos-mailserver = {
enable =
@@ -34,4 +34,54 @@
};
};
};
options.sp.email = with lib; mkOption {
type = types.attrsOf (
types.submodule (
{ name, ... }: {
options = {
subdomain = mkOption {
type = with types; strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
example = "myservice";
default = config.sp.domain;
description = "Email subdomain";
};
systemdTargets = mkOption {
type = with types; listOf strMatchig "[a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)";
default = [];
example = [ "generate-mastodon-email-password.service" ];
description = "Systemd target which generates password file.";
};
sendOnly = mkOption {
type = with types; bool;
default = true;
example = "false";
description = "Specifies if the account should be a send-only account. Emails sent to send-only accounts will be rejected.";
};
hashedPasswordFile = mkOption {
type = with types; str;
example = "/run/keys/mastodon/email_password";
description = "Path where a file containing password hash located.";
};
};
}
)
);
description = ''
Don't use this option to create regular users!!!
This option gives modules possibility to create mailboxes to send emails, e.g. notifications or reminders.
'';
example = {
"noreply@mastodon.example.tld" = {
hashedPasswordFile = "/run/keys/mastodon/email_password";
systemdTargets = [ "generate-mastodon-email-password.service" ];
};
};
};
}