fix mailserver: evaluate without auth module

sp-modules/simple-nixos-mailserver/auth-dovecot.nix

@@ -62,7 +62,7 @@ let
     '';
   };
 in
-lib.mkIf is-auth-enabled {
+{
   mailserver.ldap = {
     # note: in `ldapsearch` first comes filter, then attributes
     dovecot.userAttrs = "+"; # all operational attributes

sp-modules/simple-nixos-mailserver/auth-postfix.nix

@@ -51,7 +51,7 @@ let
     destination = ldapVirtualMailboxMapFile;
   };
 in
-lib.mkIf is-auth-enabled {
+{
   mailserver.ldap = {
     postfix.mailAttribute = "mail";
     postfix.uidAttribute = "uid";

sp-modules/simple-nixos-mailserver/config.nix

@@ -1,8 +1,8 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, options, pkgs, ... }@nixos-args:
 let
   sp = config.selfprivacy;
 
-  inherit (import ./common.nix {inherit config pkgs;})
+  inherit (import ./common.nix { inherit config pkgs; })
     auth-passthru
     domain
     is-auth-enabled
@@ -67,63 +67,49 @@ let
       fi
     '';
 in
-lib.mkIf sp.modules.simple-nixos-mailserver.enable
+lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
-{
+  {
-  fileSystems = lib.mkIf sp.useBinds
+    fileSystems = lib.mkIf sp.useBinds
-    {
+      {
-      "/var/vmail" = {
+        "/var/vmail" = {
-        device =
+          device =
-          "/volumes/${sp.modules.simple-nixos-mailserver.location}/vmail";
+            "/volumes/${sp.modules.simple-nixos-mailserver.location}/vmail";
-        options = [
+          options = [
-          "bind"
+            "bind"
-          "x-systemd.required-by=postfix.service"
+            "x-systemd.required-by=postfix.service"
-          "x-systemd.before=postfix.service"
+            "x-systemd.before=postfix.service"
-        ];
+          ];
+        };
+        "/var/sieve" = {
+          device =
+            "/volumes/${sp.modules.simple-nixos-mailserver.location}/sieve";
+          options = [
+            "bind"
+            "x-systemd.required-by=dovecot2.service"
+            "x-systemd.before=dovecot2.service"
+          ];
+        };
       };
-      "/var/sieve" = {
+
-        device =
+    users.users = {
-          "/volumes/${sp.modules.simple-nixos-mailserver.location}/sieve";
+      virtualMail = {
-        options = [
+        isNormalUser = false;
-          "bind"
-          "x-systemd.required-by=dovecot2.service"
-          "x-systemd.before=dovecot2.service"
-        ];
       };
     };
 
-  users.users = {
+    users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ];
-    virtualMail = {
-      isNormalUser = false;
-    };
-  };
 
-  users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ];
+    mailserver = {
+      enable = true;
+      fqdn = sp.domain;
+      domains = [ sp.domain ];
+      localDnsResolver = false;
 
-  mailserver = {
+      # A list of all login accounts. To create the password hashes, use
-    enable = true;
+      # mkpasswd -m sha-512 "super secret password"
-    fqdn = sp.domain;
+      loginAccounts = ({
-    domains = [ sp.domain ];
+        "${sp.username}@${sp.domain}" = {
-    localDnsResolver = false;
+          hashedPassword = sp.hashedMasterPassword;
-
-    # A list of all login accounts. To create the password hashes, use
-    # mkpasswd -m sha-512 "super secret password"
-    loginAccounts = lib.mkIf (!is-auth-enabled) ({
-      "${sp.username}@${sp.domain}" = {
-        hashedPassword = sp.hashedMasterPassword;
-        sieveScript = ''
-          require ["fileinto", "mailbox"];
-          if header :contains "Chat-Version" "1.0"
-          {
-            fileinto :create "DeltaChat";
-            stop;
-          }
-        '';
-      };
-    } // builtins.listToAttrs (builtins.map
-      (user: {
-        name = "${user.username}@${sp.domain}";
-        value = {
-          hashedPassword = user.hashedPassword;
           sieveScript = ''
             require ["fileinto", "mailbox"];
             if header :contains "Chat-Version" "1.0"
@@ -133,70 +119,95 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable
             }
           '';
         };
-      })
+      } // builtins.listToAttrs (builtins.map
-      sp.users));
+        (user: {
+          name = "${user.username}@${sp.domain}";
+          value = {
+            hashedPassword = user.hashedPassword;
+            sieveScript = ''
+              require ["fileinto", "mailbox"];
+              if header :contains "Chat-Version" "1.0"
+              {
+                fileinto :create "DeltaChat";
+                stop;
+              }
+            '';
+          };
+        })
+        sp.users));
 
-    extraVirtualAliases = lib.mkIf (!is-auth-enabled) {
+      extraVirtualAliases = {
-      "admin@${sp.domain}" = "${sp.username}@${sp.domain}";
+        "admin@${sp.domain}" = "${sp.username}@${sp.domain}";
+      };
+
+      certificateScheme = "manual";
+      certificateFile = "/var/lib/acme/root-${sp.domain}/fullchain.pem";
+      keyFile = "/var/lib/acme/root-${sp.domain}/key.pem";
+
+      # Enable IMAP and POP3
+      enableImap = true;
+      enableImapSsl = true;
+      enablePop3 = false;
+      enablePop3Ssl = false;
+      dkimSelector = "selector";
+
+      # Enable the ManageSieve protocol
+      enableManageSieve = true;
+
+      virusScanning = false;
+
+      mailDirectory = "/var/vmail";
     };
 
-    certificateScheme = "manual";
+    systemd = {
-    certificateFile = "/var/lib/acme/root-${sp.domain}/fullchain.pem";
+      services = {
-    keyFile = "/var/lib/acme/root-${sp.domain}/key.pem";
+        dovecot2.serviceConfig.Slice = "simple_nixos_mailserver.slice";
-
+        postfix.serviceConfig.Slice = "simple_nixos_mailserver.slice";
-    # Enable IMAP and POP3
+        rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
-    enableImap = true;
+        redis-rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
-    enableImapSsl = true;
+        opendkim.serviceConfig.Slice = "simple_nixos_mailserver.slice";
-    enablePop3 = false;
+      };
-    enablePop3Ssl = false;
+      slices."simple_nixos_mailserver" = {
-    dkimSelector = "selector";
+        name = "simple_nixos_mailserver.slice";
-
+        description = "Simple NixOS Mailserver service slice";
-    # Enable the ManageSieve protocol
+      };
-    enableManageSieve = true;
-
-    virusScanning = false;
-
-    mailDirectory = "/var/vmail";
-
-    # LDAP is needed for Postfix to query Kanidm about email address ownership.
-    # LDAP is needed for Dovecot also.
-    ldap = lib.mkIf is-auth-enabled {
-      # false; otherwise, simple-nixos-mailserver enables auth via LDAP
-      enable = false;
-
-      # bind.dn = "uid=mail,ou=persons," + ldap_base_dn;
-      bind.dn = "dn=token";
-      # TODO change in this file should trigger system restart dovecot
-      bind.passwordFile = mailserver-service-account-token-fp;
-
-      # searchBase = "ou=persons," + ldap_base_dn;
-      searchBase = auth-passthru.ldap-base-dn; # TODO refine this
-
-      # NOTE: 127.0.0.1 instead of localhost doesn't work (maybe because of TLS)
-      uris = [ "ldaps://localhost:${toString auth-passthru.ldap-port}" ];
     };
-  };
+  }
+  # the following part is active only when "auth" module is enabled
+  (lib.attrsets.optionalAttrs
+    (options.selfprivacy.modules ? "auth")
+    (lib.mkIf is-auth-enabled {
+      mailserver = {
+        extraVirtualAliases = lib.mkForce { };
+        loginAccounts = lib.mkForce { };
+        # LDAP is needed for Postfix to query Kanidm about email address ownership.
+        # LDAP is needed for Dovecot also.
+        ldap = {
+          # false; otherwise, simple-nixos-mailserver enables auth via LDAP
+          enable = false;
 
-  systemd = {
+          # bind.dn = "uid=mail,ou=persons," + ldap_base_dn;
-    services = {
+          bind.dn = "dn=token";
-      dovecot2.serviceConfig.Slice = "simple_nixos_mailserver.slice";
+          # TODO change in this file should trigger system restart dovecot
-      postfix.serviceConfig.Slice = "simple_nixos_mailserver.slice";
+          bind.passwordFile = mailserver-service-account-token-fp;
-      rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
+
-      redis-rspamd.serviceConfig.Slice = "simple_nixos_mailserver.slice";
+          # searchBase = "ou=persons," + ldap_base_dn;
-      opendkim.serviceConfig.Slice = "simple_nixos_mailserver.slice";
+          searchBase = auth-passthru.ldap-base-dn; # TODO refine this
+
+          # NOTE: 127.0.0.1 instead of localhost doesn't work (maybe because of TLS)
+          uris = [ "ldaps://localhost:${toString auth-passthru.ldap-port}" ];
+        };
+      };
       # FIXME set auth module option instead
-      kanidm.serviceConfig.ExecStartPost =
+      systemd.services.kanidm.serviceConfig.ExecStartPost = lib.mkAfter [
-        lib.mkIf is-auth-enabled
+        ("+" + kanidmExecStartPostScriptRoot)
-          (lib.mkAfter
+        kanidmExecStartPostScript
-            [
+      ];
-              ("+" + kanidmExecStartPostScriptRoot)
+    }))
-              kanidmExecStartPostScript
+  (lib.attrsets.optionalAttrs
-            ]
+    (options.selfprivacy.modules ? "auth")
-          );
+    (lib.mkIf is-auth-enabled (import ./auth-dovecot.nix nixos-args)))
-    };
+  (lib.attrsets.optionalAttrs
-    slices."simple_nixos_mailserver" = {
+    (options.selfprivacy.modules ? "auth")
-      name = "simple_nixos_mailserver.slice";
+    (lib.mkIf is-auth-enabled (import ./auth-postfix.nix nixos-args)))
-      description = "Simple NixOS Mailserver service slice";
+])
-    };
-  };
-}

sp-modules/simple-nixos-mailserver/flake.nix

@@ -10,8 +10,6 @@
         mailserver.nixosModules.default
         ./options.nix
         ./config.nix
-        ./auth-postfix.nix
-        ./auth-dovecot.nix
       ];
     };
     configPathsNeeded =