diff options
| author | Bas van Dijk <v.dijk.bas@gmail.com> | 2017-03-25 02:46:51 +0100 |
|---|---|---|
| committer | Bas van Dijk <v.dijk.bas@gmail.com> | 2017-03-29 00:34:23 +0200 |
| commit | 1d52c677bec5b1ede7534455a35c035b359cb9e8 (patch) | |
| tree | 6a98c2326e216e6fdeb9434985965f213679a0f9 /nixos/modules/programs | |
| parent | 186cc512a68e228d8768f4c817f072b112b922d3 (diff) | |
ssmtp: use the authPassFile option instead of authPass
This gives users the option of storing the authPass outside the world-readable Nix store.
Diffstat (limited to 'nixos/modules/programs')
| -rw-r--r-- | nixos/modules/programs/ssmtp.nix | 41 |
1 files changed, 33 insertions, 8 deletions
diff --git a/nixos/modules/programs/ssmtp.nix b/nixos/modules/programs/ssmtp.nix index 7d0cb33209958..1702edab6e4ea 100644 --- a/nixos/modules/programs/ssmtp.nix +++ b/nixos/modules/programs/ssmtp.nix @@ -95,9 +95,27 @@ in example = "correctHorseBatteryStaple"; description = '' Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE) + + It's recommended to use <option>authPassFile</option> + which takes precedence over <option>authPass</option>. + ''; + }; + + authPassFile = mkOption { + type = types.nullOr types.str; + default = null; + example = "/run/keys/ssmtp-authpass"; + description = '' + Path to a file that contains the password used for SMTP auth. + This file should be readable by the users that need to execute ssmtp. + + <option>authPassFile</option> takes precedence over <option>authPass</option>. + + Warning: when <option>authPass</option> is non-empty <option>authPassFile</option> + defaults to a file in the WORLD-READABLE Nix store containing that password. ''; }; - + setSendmail = mkOption { type = types.bool; default = true; @@ -111,21 +129,28 @@ in config = mkIf cfg.directDelivery { + networking.defaultMailServer.authPassFile = mkIf (cfg.authPass != "") + (mkDefault (toString (pkgs.writeTextFile { + name = "ssmtp-authpass"; + text = cfg.authPass; + }))); + environment.etc."ssmtp/ssmtp.conf".text = + let yesNo = yes : if yes then "YES" else "NO"; in '' MailHub=${cfg.hostName} FromLineOverride=YES - ${if cfg.root != "" then "root=${cfg.root}" else ""} - ${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""} - UseTLS=${if cfg.useTLS then "YES" else "NO"} - UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"} + ${optionalString (cfg.root != "") "root=${cfg.root}"} + ${optionalString (cfg.domain != "") "rewriteDomain=${cfg.domain}"} + UseTLS=${yesNo cfg.useTLS} + UseSTARTTLS=${yesNo cfg.useSTARTTLS} #Debug=YES - ${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""} - ${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""} + ${optionalString (cfg.authUser != "") "AuthUser=${cfg.authUser}"} + ${optionalString (!isNull cfg.authPassFile) "AuthPassFile=${cfg.authPassFile}"} ''; environment.systemPackages = [pkgs.ssmtp]; - + services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail { program = "sendmail"; source = "${pkgs.ssmtp}/bin/sendmail"; |