diff options
| author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2017-04-08 17:22:26 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-08 17:22:26 +0200 |
| commit | cb6d1fdfd98482c3a557dada9cceadfd4d603c62 (patch) | |
| tree | e9d5f0e8cb160425a599221cbef2a19be769f9ce /nixos | |
| parent | a40600bc58aa3f6ba87b8cc7d1e101dc5b4eb164 (diff) | |
| parent | 21e3c2a72f5392af592bae76041ecbfbd65caf7a (diff) | |
Merge pull request #24331 from LumiGuide/ssmtp-AuthPassFile
ssmtp: use the authPassFile option instead of authPass
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/programs/ssmtp.nix | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/nixos/modules/programs/ssmtp.nix b/nixos/modules/programs/ssmtp.nix index 7d0cb33209958..44756171b74cf 100644 --- a/nixos/modules/programs/ssmtp.nix +++ b/nixos/modules/programs/ssmtp.nix @@ -39,7 +39,8 @@ in example = "mail.example.org"; description = '' The host name of the default mail server to use to deliver - e-mail. + e-mail. Can also contain a port number (ex: mail.example.org:587), + defaults to port 25 if no port is given. ''; }; @@ -95,9 +96,28 @@ in example = "correctHorseBatteryStaple"; description = '' Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE) + + It's recommended to use <option>authPassFile</option> + which takes precedence over <option>authPass</option>. + ''; + }; + + authPassFile = mkOption { + type = types.nullOr types.str; + default = null; + example = "/run/keys/ssmtp-authpass"; + description = '' + Path to a file that contains the password used for SMTP auth. The file + should not contain a trailing newline, if the password does not contain one. + This file should be readable by the users that need to execute ssmtp. + + <option>authPassFile</option> takes precedence over <option>authPass</option>. + + Warning: when <option>authPass</option> is non-empty <option>authPassFile</option> + defaults to a file in the WORLD-READABLE Nix store containing that password. ''; }; - + setSendmail = mkOption { type = types.bool; default = true; @@ -111,21 +131,28 @@ in config = mkIf cfg.directDelivery { + networking.defaultMailServer.authPassFile = mkIf (cfg.authPass != "") + (mkDefault (toString (pkgs.writeTextFile { + name = "ssmtp-authpass"; + text = cfg.authPass; + }))); + environment.etc."ssmtp/ssmtp.conf".text = + let yesNo = yes : if yes then "YES" else "NO"; in '' MailHub=${cfg.hostName} FromLineOverride=YES - ${if cfg.root != "" then "root=${cfg.root}" else ""} - ${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""} - UseTLS=${if cfg.useTLS then "YES" else "NO"} - UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"} + ${optionalString (cfg.root != "") "root=${cfg.root}"} + ${optionalString (cfg.domain != "") "rewriteDomain=${cfg.domain}"} + UseTLS=${yesNo cfg.useTLS} + UseSTARTTLS=${yesNo cfg.useSTARTTLS} #Debug=YES - ${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""} - ${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""} + ${optionalString (cfg.authUser != "") "AuthUser=${cfg.authUser}"} + ${optionalString (!isNull cfg.authPassFile) "AuthPassFile=${cfg.authPassFile}"} ''; environment.systemPackages = [pkgs.ssmtp]; - + services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail { program = "sendmail"; source = "${pkgs.ssmtp}/bin/sendmail"; |