diff options
Diffstat (limited to 'nixos/modules/services/mail')
21 files changed, 455 insertions, 514 deletions
diff --git a/nixos/modules/services/mail/clamsmtp.nix b/nixos/modules/services/mail/clamsmtp.nix index 5bcf8ecdde1a..d40ed7bf6e2d 100644 --- a/nixos/modules/services/mail/clamsmtp.nix +++ b/nixos/modules/services/mail/clamsmtp.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.clamsmtp; clamdSocket = "/run/clamav/clamd.ctl"; # See services/security/clamav.nix @@ -9,17 +7,17 @@ in ##### interface options = { services.clamsmtp = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable clamsmtp."; }; - instances = mkOption { + instances = lib.mkOption { description = "Instances of clamsmtp to run."; - type = types.listOf (types.submodule { options = { - action = mkOption { - type = types.enum [ "bounce" "drop" "pass" ]; + type = lib.types.listOf (lib.types.submodule { options = { + action = lib.mkOption { + type = lib.types.enum [ "bounce" "drop" "pass" ]; default = "drop"; description = '' Action to take when a virus is detected. @@ -29,8 +27,8 @@ in ''; }; - header = mkOption { - type = types.str; + header = lib.mkOption { + type = lib.types.str; default = ""; example = "X-Virus-Scanned: ClamAV using ClamSMTP"; description = '' @@ -39,8 +37,8 @@ in ''; }; - keepAlives = mkOption { - type = types.int; + keepAlives = lib.mkOption { + type = lib.types.int; default = 0; description = '' Number of seconds to wait between each NOOP sent to the sending @@ -51,8 +49,8 @@ in ''; }; - listen = mkOption { - type = types.str; + listen = lib.mkOption { + type = lib.types.str; example = "127.0.0.1:10025"; description = '' Address to wait for incoming SMTP connections on. See @@ -60,8 +58,8 @@ in ''; }; - quarantine = mkOption { - type = types.bool; + quarantine = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to quarantine files that contain viruses by leaving them @@ -69,22 +67,22 @@ in ''; }; - maxConnections = mkOption { - type = types.int; + maxConnections = lib.mkOption { + type = lib.types.int; default = 64; description = "Maximum number of connections to accept at once."; }; - outAddress = mkOption { - type = types.str; + outAddress = lib.mkOption { + type = lib.types.str; description = '' Address of the SMTP server to send email to once it has been scanned. ''; }; - tempDirectory = mkOption { - type = types.str; + tempDirectory = lib.mkOption { + type = lib.types.str; default = "/tmp"; description = '' Temporary directory that needs to be accessible to both clamd @@ -92,20 +90,20 @@ in ''; }; - timeout = mkOption { - type = types.int; + timeout = lib.mkOption { + type = lib.types.int; default = 180; description = "Time-out for network connections."; }; - transparentProxy = mkOption { - type = types.bool; + transparentProxy = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable clamsmtp's transparent proxy support."; }; - virusAction = mkOption { - type = with types; nullOr path; + virusAction = lib.mkOption { + type = with lib.types; nullOr path; default = null; description = '' Command to run when a virus is found. Please see VIRUS ACTION in @@ -113,8 +111,8 @@ in ''; }; - xClient = mkOption { - type = types.bool; + xClient = lib.mkOption { + type = lib.types.bool; default = false; description = '' Send the XCLIENT command to the receiving server, for forwarding @@ -143,19 +141,19 @@ in TimeOut: ${toString conf.timeout} TransparentProxy: ${if conf.transparentProxy then "on" else "off"} User: clamav - ${optionalString (conf.virusAction != null) "VirusAction: ${conf.virusAction}"} + ${lib.optionalString (conf.virusAction != null) "VirusAction: ${conf.virusAction}"} XClient: ${if conf.xClient then "on" else "off"} ''; in - mkIf cfg.enable { + lib.mkIf cfg.enable { assertions = [ { assertion = config.services.clamav.daemon.enable; message = "clamsmtp requires clamav to be enabled"; } ]; - systemd.services = listToAttrs (imap1 (i: conf: - nameValuePair "clamsmtp-${toString i}" { + systemd.services = lib.listToAttrs (lib.imap1 (i: conf: + lib.nameValuePair "clamsmtp-${toString i}" { description = "ClamSMTP instance ${toString i}"; wantedBy = [ "multi-user.target" ]; script = "exec ${pkgs.clamsmtp}/bin/clamsmtpd -f ${configfile conf}"; diff --git a/nixos/modules/services/mail/davmail.nix b/nixos/modules/services/mail/davmail.nix index 46ddaedd4bf6..00e1ecb3852b 100644 --- a/nixos/modules/services/mail/davmail.nix +++ b/nixos/modules/services/mail/davmail.nix @@ -1,39 +1,36 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.davmail; - configType = with types; + configType = with lib.types; oneOf [ (attrsOf configType) str int bool ] // { description = "davmail config type (str, int, bool or attribute set thereof)"; }; - toStr = val: if isBool val then boolToString val else toString val; + toStr = val: if lib.isBool val then lib.boolToString val else toString val; - linesForAttrs = attrs: concatMap (name: let value = attrs.${name}; in - if isAttrs value + linesForAttrs = attrs: lib.concatMap (name: let value = attrs.${name}; in + if lib.isAttrs value then map (line: name + "." + line) (linesForAttrs value) else [ "${name}=${toStr value}" ] - ) (attrNames attrs); + ) (lib.attrNames attrs); - configFile = pkgs.writeText "davmail.properties" (concatStringsSep "\n" (linesForAttrs cfg.config)); + configFile = pkgs.writeText "davmail.properties" (lib.concatStringsSep "\n" (linesForAttrs cfg.config)); in { options.services.davmail = { - enable = mkEnableOption "davmail, an MS Exchange gateway"; + enable = lib.mkEnableOption "davmail, an MS Exchange gateway"; - url = mkOption { - type = types.str; + url = lib.mkOption { + type = lib.types.str; description = "Outlook Web Access URL to access the exchange server, i.e. the base webmail URL."; example = "https://outlook.office365.com/EWS/Exchange.asmx"; }; - config = mkOption { + config = lib.mkOption { type = configType; default = {}; description = '' @@ -42,7 +39,7 @@ in and <http://davmail.sourceforge.net/advanced.html> for details on supported values. ''; - example = literalExpression '' + example = lib.literalExpression '' { davmail.allowRemote = true; davmail.imapPort = 55555; @@ -56,10 +53,10 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.davmail.config = { - davmail = mapAttrs (name: mkDefault) { + davmail = lib.mapAttrs (name: lib.mkDefault) { server = true; disableUpdateCheck = true; logFilePath = "/var/log/davmail/davmail.log"; @@ -73,10 +70,10 @@ in smtpPort = 1025; }; log4j = { - logger.davmail = mkDefault "WARN"; - logger.httpclient.wire = mkDefault "WARN"; - logger.org.apache.commons.httpclient = mkDefault "WARN"; - rootLogger = mkDefault "WARN"; + logger.davmail = lib.mkDefault "WARN"; + logger.httpclient.wire = lib.mkDefault "WARN"; + logger.org.apache.commons.httpclient = lib.mkDefault "WARN"; + rootLogger = lib.mkDefault "WARN"; }; }; diff --git a/nixos/modules/services/mail/dkimproxy-out.nix b/nixos/modules/services/mail/dkimproxy-out.nix index 48ccf2dda601..1d6a143dc836 100644 --- a/nixos/modules/services/mail/dkimproxy-out.nix +++ b/nixos/modules/services/mail/dkimproxy-out.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.dkimproxy-out; keydir = "/var/lib/dkimproxy-out"; @@ -11,8 +9,8 @@ in ##### interface options = { services.dkimproxy-out = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable dkimproxy_out. @@ -22,26 +20,26 @@ in ''; }; - listen = mkOption { - type = types.str; + listen = lib.mkOption { + type = lib.types.str; example = "127.0.0.1:10027"; description = "Address:port DKIMproxy should listen on."; }; - relay = mkOption { - type = types.str; + relay = lib.mkOption { + type = lib.types.str; example = "127.0.0.1:10028"; description = "Address:port DKIMproxy should forward mail to."; }; - domains = mkOption { - type = with types; listOf str; + domains = lib.mkOption { + type = with lib.types; listOf str; example = [ "example.org" "example.com" ]; description = "List of domains DKIMproxy can sign for."; }; - selector = mkOption { - type = types.str; + selector = lib.mkOption { + type = lib.types.str; example = "selector1"; description = '' The selector to use for DKIM key identification. @@ -53,8 +51,8 @@ in ''; }; - keySize = mkOption { - type = types.int; + keySize = lib.mkOption { + type = lib.types.int; default = 2048; description = '' Size of the RSA key to use to sign outgoing emails. Note that the @@ -75,7 +73,7 @@ in listen ${cfg.listen} relay ${cfg.relay} - domain ${concatStringsSep "," cfg.domains} + domain ${lib.concatStringsSep "," cfg.domains} selector ${cfg.selector} signature dkim(c=relaxed/relaxed) @@ -83,7 +81,7 @@ in keyfile ${privkey} ''; in - mkIf cfg.enable { + lib.mkIf cfg.enable { users.groups.dkimproxy-out = {}; users.users.dkimproxy-out = { description = "DKIMproxy_out daemon"; diff --git a/nixos/modules/services/mail/dspam.nix b/nixos/modules/services/mail/dspam.nix index b81fe2652402..76bcc0af7e8b 100644 --- a/nixos/modules/services/mail/dspam.nix +++ b/nixos/modules/services/mail/dspam.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.dspam; @@ -19,7 +16,7 @@ let SystemLog on UserLog on - ${optionalString (cfg.domainSocket != null) '' + ${lib.optionalString (cfg.domainSocket != null) '' ServerDomainSocketPath "${cfg.domainSocket}" ClientHost "${cfg.domainSocket}" ''} @@ -35,44 +32,44 @@ in { services.dspam = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the dspam spam filter."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "dspam"; description = "User for the dspam daemon."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "dspam"; description = "Group for the dspam daemon."; }; - storageDriver = mkOption { - type = types.str; + storageDriver = lib.mkOption { + type = lib.types.str; default = "hash"; description = "Storage driver backend to use for dspam."; }; - domainSocket = mkOption { - type = types.nullOr types.path; + domainSocket = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = defaultSock; description = "Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Additional dspam configuration."; }; - maintenanceInterval = mkOption { - type = types.nullOr types.str; + maintenanceInterval = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = "If set, maintenance script will be run at specified (in systemd.timer format) interval"; }; @@ -84,16 +81,16 @@ in { ###### implementation - config = mkIf cfg.enable (mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { - users.users = optionalAttrs (cfg.user == "dspam") { + users.users = lib.optionalAttrs (cfg.user == "dspam") { dspam = { group = cfg.group; uid = config.ids.uids.dspam; }; }; - users.groups = optionalAttrs (cfg.group == "dspam") { + users.groups = lib.optionalAttrs (cfg.group == "dspam") { dspam.gid = config.ids.gids.dspam; }; @@ -111,8 +108,8 @@ in { ExecStart = "${dspam}/bin/dspam --daemon --nofork"; User = cfg.user; Group = cfg.group; - RuntimeDirectory = optional (cfg.domainSocket == defaultSock) "dspam"; - RuntimeDirectoryMode = optional (cfg.domainSocket == defaultSock) "0750"; + RuntimeDirectory = lib.optional (cfg.domainSocket == defaultSock) "dspam"; + RuntimeDirectoryMode = lib.optional (cfg.domainSocket == defaultSock) "0750"; StateDirectory = "dspam"; StateDirectoryMode = "0750"; LogsDirectory = "dspam"; @@ -124,7 +121,7 @@ in { }; } - (mkIf (cfg.maintenanceInterval != null) { + (lib.mkIf (cfg.maintenanceInterval != null) { systemd.timers.dspam-maintenance = { description = "Timer for dspam maintenance script"; wantedBy = [ "timers.target" ]; diff --git a/nixos/modules/services/mail/goeland.nix b/nixos/modules/services/mail/goeland.nix index 158b9ef982cc..42f64b3632b5 100644 --- a/nixos/modules/services/mail/goeland.nix +++ b/nixos/modules/services/mail/goeland.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.goeland; tomlFormat = pkgs.formats.toml { }; in { options.services.goeland = { - enable = mkEnableOption "goeland, an alternative to rss2email"; + enable = lib.mkEnableOption "goeland, an alternative to rss2email"; - settings = mkOption { + settings = lib.mkOption { description = '' Configuration of goeland. See the [example config file](https://github.com/slurdge/goeland/blob/master/cmd/asset/config.default.toml) for the available options. @@ -18,14 +15,14 @@ in default = { }; type = tomlFormat.type; }; - schedule = mkOption { - type = types.str; + schedule = lib.mkOption { + type = lib.types.str; default = "12h"; example = "Mon, 00:00:00"; description = "How often to run goeland, in systemd time format."; }; - stateDir = mkOption { - type = types.path; + stateDir = lib.mkOption { + type = lib.types.path; default = "/var/lib/goeland"; description = '' The data directory for goeland where the database will reside if using the unseen filter. @@ -36,17 +33,17 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { services.goeland.settings.database = "${cfg.stateDir}/goeland.db"; systemd.services.goeland = { - serviceConfig = let confFile = tomlFormat.generate "config.toml" cfg.settings; in mkMerge [ + serviceConfig = let confFile = tomlFormat.generate "config.toml" cfg.settings; in lib.mkMerge [ { ExecStart = "${pkgs.goeland}/bin/goeland run -c ${confFile}"; User = "goeland"; Group = "goeland"; } - (mkIf (cfg.stateDir == "/var/lib/goeland") { + (lib.mkIf (cfg.stateDir == "/var/lib/goeland") { StateDirectory = "goeland"; StateDirectoryMode = "0750"; }) @@ -61,7 +58,7 @@ in }; users.groups.goeland = { }; - warnings = optionals (hasAttr "password" cfg.settings.email) [ + warnings = lib.optionals (lib.hasAttr "password" cfg.settings.email) [ '' It is not recommended to set the "services.goeland.settings.email.password" option as it will be in cleartext in the Nix store. @@ -70,5 +67,5 @@ in ]; }; - meta.maintainers = with maintainers; [ sweenu ]; + meta.maintainers = with lib.maintainers; [ sweenu ]; } diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix index 482bc42696f9..82c94ad4bb8f 100644 --- a/nixos/modules/services/mail/listmonk.nix +++ b/nixos/modules/services/mail/listmonk.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; let cfg = config.services.listmonk; tomlFormat = pkgs.formats.toml { }; @@ -11,7 +9,7 @@ let lib.replaceStrings [ "'" ] [ "''" ] (builtins.toJSON value) }' WHERE key = '${key}';"; updateDatabaseConfigSQL = pkgs.writeText "update-database-config.sql" - (concatStringsSep "\n" (mapAttrsToList setDatabaseOption + (lib.concatStringsSep "\n" (lib.mapAttrsToList setDatabaseOption (if (cfg.database.settings != null) then cfg.database.settings else @@ -27,53 +25,53 @@ let "${pkgs.postgresql}/bin/psql -d listmonk -f ${updateDatabaseConfigSQL}"} ''; - databaseSettingsOpts = with types; { + databaseSettingsOpts = with lib.types; { freeformType = oneOf [ (listOf str) (listOf (attrsOf anything)) str int bool ]; options = { - "app.notify_emails" = mkOption { + "app.notify_emails" = lib.mkOption { type = listOf str; default = [ ]; description = "Administrator emails for system notifications"; }; - "privacy.exportable" = mkOption { + "privacy.exportable" = lib.mkOption { type = listOf str; default = [ "profile" "subscriptions" "campaign_views" "link_clicks" ]; description = "List of fields which can be exported through an automatic export request"; }; - "privacy.domain_blocklist" = mkOption { + "privacy.domain_blocklist" = lib.mkOption { type = listOf str; default = [ ]; description = "E-mail addresses with these domains are disallowed from subscribing."; }; - smtp = mkOption { + smtp = lib.mkOption { type = listOf (submodule { - freeformType = with types; attrsOf anything; + freeformType = with lib.types; attrsOf anything; options = { - enabled = mkEnableOption "this SMTP server for listmonk"; - host = mkOption { - type = types.str; + enabled = lib.mkEnableOption "this SMTP server for listmonk"; + host = lib.mkOption { + type = lib.types.str; description = "Hostname for the SMTP server"; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; description = "Port for the SMTP server"; }; - max_conns = mkOption { - type = types.int; + max_conns = lib.mkOption { + type = lib.types.int; description = "Maximum number of simultaneous connections, defaults to 1"; default = 1; }; - tls_type = mkOption { - type = types.enum [ "none" "STARTTLS" "TLS" ]; + tls_type = lib.mkOption { + type = lib.types.enum [ "none" "STARTTLS" "TLS" ]; description = "Type of TLS authentication with the SMTP server"; }; }; @@ -83,14 +81,14 @@ let }; # TODO: refine this type based on the smtp one. - "bounce.mailboxes" = mkOption { + "bounce.mailboxes" = lib.mkOption { type = listOf - (submodule { freeformType = with types; listOf (attrsOf anything); }); + (submodule { freeformType = with lib.types; listOf (attrsOf anything); }); default = [ ]; description = "List of bounce mailboxes"; }; - messengers = mkOption { + messengers = lib.mkOption { type = listOf str; default = [ ]; description = @@ -102,23 +100,23 @@ in { ###### interface options = { services.listmonk = { - enable = mkEnableOption "Listmonk, this module assumes a reverse proxy to be set"; + enable = lib.mkEnableOption "Listmonk, this module assumes a reverse proxy to be set"; database = { - createLocally = mkOption { - type = types.bool; + createLocally = lib.mkOption { + type = lib.types.bool; default = false; description = "Create the PostgreSQL database and database user locally."; }; - settings = mkOption { + settings = lib.mkOption { default = null; - type = with types; nullOr (submodule databaseSettingsOpts); + type = with lib.types; nullOr (submodule databaseSettingsOpts); description = "Dynamic settings in the PostgreSQL database, set by a SQL script, see <https://github.com/knadh/listmonk/blob/master/schema.sql#L177-L230> for details."; }; - mutableSettings = mkOption { - type = types.bool; + mutableSettings = lib.mkOption { + type = lib.types.bool; default = true; description = '' Database settings will be reset to the value set in this module if this is not enabled. @@ -126,16 +124,16 @@ in { ''; }; }; - package = mkPackageOption pkgs "listmonk" {}; - settings = mkOption { - type = types.submodule { freeformType = tomlFormat.type; }; + package = lib.mkPackageOption pkgs "listmonk" {}; + settings = lib.mkOption { + type = lib.types.submodule { freeformType = tomlFormat.type; }; description = '' Static settings set in the config.toml, see <https://github.com/knadh/listmonk/blob/master/config.toml.sample> for details. You can set secrets using the secretFile option with environment variables following <https://listmonk.app/docs/configuration/#environment-variables>. ''; }; - secretFile = mkOption { - type = types.nullOr types.str; + secretFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = "A file containing secrets as environment variables. See <https://listmonk.app/docs/configuration/#environment-variables> for details on supported values."; @@ -144,24 +142,24 @@ in { }; ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Default parameters from https://github.com/knadh/listmonk/blob/master/config.toml.sample - services.listmonk.settings."app".address = mkDefault "localhost:9000"; - services.listmonk.settings."db" = mkMerge [ + services.listmonk.settings."app".address = lib.mkDefault "localhost:9000"; + services.listmonk.settings."db" = lib.mkMerge [ ({ - max_open = mkDefault 25; - max_idle = mkDefault 25; - max_lifetime = mkDefault "300s"; + max_open = lib.mkDefault 25; + max_idle = lib.mkDefault 25; + max_lifetime = lib.mkDefault "300s"; }) - (mkIf cfg.database.createLocally { - host = mkDefault "/run/postgresql"; - port = mkDefault 5432; - user = mkDefault "listmonk"; - database = mkDefault "listmonk"; + (lib.mkIf cfg.database.createLocally { + host = lib.mkDefault "/run/postgresql"; + port = lib.mkDefault 5432; + user = lib.mkDefault "listmonk"; + database = lib.mkDefault "listmonk"; }) ]; - services.postgresql = mkIf cfg.database.createLocally { + services.postgresql = lib.mkIf cfg.database.createLocally { enable = true; ensureUsers = [{ @@ -175,11 +173,11 @@ in { systemd.services.listmonk = { description = "Listmonk - newsletter and mailing list manager"; after = [ "network.target" ] - ++ optional cfg.database.createLocally "postgresql.service"; + ++ lib.optional cfg.database.createLocally "postgresql.service"; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "exec"; - EnvironmentFile = mkIf (cfg.secretFile != null) [ cfg.secretFile ]; + EnvironmentFile = lib.mkIf (cfg.secretFile != null) [ cfg.secretFile ]; ExecStartPre = [ # StateDirectory cannot be used when DynamicUser = true is set this way. # Indeed, it will try to create all the folders and realize one of them already exist. diff --git a/nixos/modules/services/mail/maddy.nix b/nixos/modules/services/mail/maddy.nix index 7c67d4e6135e..ab0e1f40f5b0 100644 --- a/nixos/modules/services/mail/maddy.nix +++ b/nixos/modules/services/mail/maddy.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let name = "maddy"; @@ -138,11 +135,11 @@ in { options = { services.maddy = { - enable = mkEnableOption "Maddy, a free an open source mail server"; + enable = lib.mkEnableOption "Maddy, a free an open source mail server"; - user = mkOption { + user = lib.mkOption { default = "maddy"; - type = with types; uniq str; + type = with lib.types; uniq str; description = '' User account under which maddy runs. @@ -154,9 +151,9 @@ in { ''; }; - group = mkOption { + group = lib.mkOption { default = "maddy"; - type = with types; uniq str; + type = with lib.types; uniq str; description = '' Group account under which maddy runs. @@ -168,26 +165,26 @@ in { ''; }; - hostname = mkOption { + hostname = lib.mkOption { default = "localhost"; - type = with types; uniq str; + type = with lib.types; uniq str; example = ''example.com''; description = '' Hostname to use. It should be FQDN. ''; }; - primaryDomain = mkOption { + primaryDomain = lib.mkOption { default = "localhost"; - type = with types; uniq str; + type = with lib.types; uniq str; example = ''mail.example.com''; description = '' Primary MX domain to use. It should be FQDN. ''; }; - localDomains = mkOption { - type = with types; listOf str; + localDomains = lib.mkOption { + type = with lib.types; listOf str; default = ["$(primary_domain)"]; example = [ "$(primary_domain)" @@ -199,8 +196,8 @@ in { ''; }; - config = mkOption { - type = with types; nullOr lines; + config = lib.mkOption { + type = with lib.types; nullOr lines; default = defaultConfig; description = '' Server configuration, see @@ -215,8 +212,8 @@ in { }; tls = { - loader = mkOption { - type = with types; nullOr (enum [ "off" "file" "acme" ]); + loader = lib.mkOption { + type = with lib.types; nullOr (enum [ "off" "file" "acme" ]); default = "off"; description = '' TLS certificates are obtained by modules called "certificate @@ -237,18 +234,18 @@ in { ''; }; - certificates = mkOption { - type = with types; listOf (submodule { + certificates = lib.mkOption { + type = with lib.types; listOf (submodule { options = { - keyPath = mkOption { - type = types.path; + keyPath = lib.mkOption { + type = lib.types.path; example = "/etc/ssl/mx1.example.org.key"; description = '' Path to the private key used for TLS. ''; }; - certPath = mkOption { - type = types.path; + certPath = lib.mkOption { + type = lib.types.path; example = "/etc/ssl/mx1.example.org.crt"; description = '' Path to the certificate used for TLS. @@ -269,8 +266,8 @@ in { ''; }; - extraConfig = mkOption { - type = with types; nullOr lines; + extraConfig = lib.mkOption { + type = with lib.types; nullOr lines; description = '' Arguments for the specified certificate loader. @@ -284,16 +281,16 @@ in { }; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Open the configured incoming and outgoing mail server ports. ''; }; - ensureAccounts = mkOption { - type = with types; listOf str; + ensureAccounts = lib.mkOption { + type = with lib.types; listOf str; default = []; description = '' List of IMAP accounts which get automatically created. Note that for @@ -307,7 +304,7 @@ in { ]; }; - ensureCredentials = mkOption { + ensureCredentials = lib.mkOption { default = {}; description = '' List of user accounts which get automatically created if they don't @@ -319,10 +316,10 @@ in { "user1@localhost".passwordFile = /secrets/user1-localhost; "user2@localhost".passwordFile = /secrets/user2-localhost; }; - type = types.attrsOf (types.submodule { + type = lib.types.attrsOf (lib.types.submodule { options = { - passwordFile = mkOption { - type = types.path; + passwordFile = lib.mkOption { + type = lib.types.path; example = "/path/to/file"; default = null; description = '' @@ -335,7 +332,7 @@ in { }; secrets = lib.mkOption { - type = with types; listOf path; + type = with lib.types; listOf path; description = '' A list of files containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. Secrets can be @@ -347,7 +344,7 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { @@ -387,17 +384,17 @@ in { }; maddy-ensure-accounts = { script = '' - ${optionalString (cfg.ensureAccounts != []) '' - ${concatMapStrings (account: '' + ${lib.optionalString (cfg.ensureAccounts != []) '' + ${lib.concatMapStrings (account: '' if ! ${pkgs.maddy}/bin/maddyctl imap-acct list | grep "${account}"; then ${pkgs.maddy}/bin/maddyctl imap-acct create ${account} fi '') cfg.ensureAccounts} ''} - ${optionalString (cfg.ensureCredentials != {}) '' - ${concatStringsSep "\n" (mapAttrsToList (name: cfg: '' + ${lib.optionalString (cfg.ensureCredentials != {}) '' + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: cfg: '' if ! ${pkgs.maddy}/bin/maddyctl creds list | grep "${name}"; then - ${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${escapeShellArg cfg.passwordFile}) ${name} + ${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${lib.escapeShellArg cfg.passwordFile}) ${name} fi '') cfg.ensureCredentials)} ''} @@ -422,9 +419,9 @@ in { hostname ${cfg.hostname} ${if (cfg.tls.loader == "file") then '' - tls file ${concatStringsSep " " ( + tls file ${lib.concatStringsSep " " ( map (x: x.certPath + " " + x.keyPath - ) cfg.tls.certificates)} ${optionalString (cfg.tls.extraConfig != "") '' + ) cfg.tls.certificates)} ${lib.optionalString (cfg.tls.extraConfig != "") '' { ${cfg.tls.extraConfig} } ''} '' else if (cfg.tls.loader == "acme") then '' @@ -441,7 +438,7 @@ in { ''; }; - users.users = optionalAttrs (cfg.user == name) { + users.users = lib.optionalAttrs (cfg.user == name) { ${name} = { isSystemUser = true; group = cfg.group; @@ -449,11 +446,11 @@ in { }; }; - users.groups = optionalAttrs (cfg.group == name) { + users.groups = lib.optionalAttrs (cfg.group == name) { ${cfg.group} = { }; }; - networking.firewall = mkIf cfg.openFirewall { + networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ 25 143 587 ]; }; diff --git a/nixos/modules/services/mail/mail.nix b/nixos/modules/services/mail/mail.nix index fcc7ff6db91b..afa5b242b298 100644 --- a/nixos/modules/services/mail/mail.nix +++ b/nixos/modules/services/mail/mail.nix @@ -1,7 +1,4 @@ { config, options, lib, ... }: - -with lib; - { ###### interface @@ -10,8 +7,8 @@ with lib; services.mail = { - sendmailSetuidWrapper = mkOption { - type = types.nullOr options.security.wrappers.type.nestedTypes.elemType; + sendmailSetuidWrapper = lib.mkOption { + type = lib.types.nullOr options.security.wrappers.type.nestedTypes.elemType; default = null; internal = true; description = '' @@ -25,7 +22,7 @@ with lib; ###### implementation - config = mkIf (config.services.mail.sendmailSetuidWrapper != null) { + config = lib.mkIf (config.services.mail.sendmailSetuidWrapper != null) { security.wrappers.sendmail = config.services.mail.sendmailSetuidWrapper; diff --git a/nixos/modules/services/mail/mailhog.nix b/nixos/modules/services/mail/mailhog.nix index 455e5095495e..93400167a209 100644 --- a/nixos/modules/services/mail/mailhog.nix +++ b/nixos/modules/services/mail/mailhog.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.mailhog; @@ -21,40 +18,40 @@ in ###### interface imports = [ - (mkRemovedOptionModule [ "services" "mailhog" "user" ] "") + (lib.mkRemovedOptionModule [ "services" "mailhog" "user" ] "") ]; options = { services.mailhog = { - enable = mkEnableOption "MailHog, web and API based SMTP testing"; + enable = lib.mkEnableOption "MailHog, web and API based SMTP testing"; - storage = mkOption { - type = types.enum [ "maildir" "memory" ]; + storage = lib.mkOption { + type = lib.types.enum [ "maildir" "memory" ]; default = "memory"; description = "Store mails on disk or in memory."; }; - apiPort = mkOption { - type = types.port; + apiPort = lib.mkOption { + type = lib.types.port; default = 8025; description = "Port on which the API endpoint will listen."; }; - smtpPort = mkOption { - type = types.port; + smtpPort = lib.mkOption { + type = lib.types.port; default = 1025; description = "Port on which the SMTP endpoint will listen."; }; - uiPort = mkOption { - type = types.port; + uiPort = lib.mkOption { + type = lib.types.port; default = 8025; description = "Port on which the HTTP UI will listen."; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = "List of additional arguments to pass to the MailHog process."; }; @@ -64,7 +61,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { systemd.services.mailhog = { description = "MailHog - Web and API based SMTP testing"; diff --git a/nixos/modules/services/mail/mlmmj.nix b/nixos/modules/services/mail/mlmmj.nix index 80fd6d9f4e57..ea0a7ad3144b 100644 --- a/nixos/modules/services/mail/mlmmj.nix +++ b/nixos/modules/services/mail/mlmmj.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let concatMapLines = f: l: lib.concatStringsSep "\n" (map f l); @@ -53,38 +50,38 @@ in services.mlmmj = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Enable mlmmj"; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "mlmmj"; description = "mailinglist local user"; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "mlmmj"; description = "mailinglist local group"; }; - listDomain = mkOption { - type = types.str; + listDomain = lib.mkOption { + type = lib.types.str; default = "localhost"; description = "Set the mailing list domain"; }; - mailLists = mkOption { - type = types.listOf types.str; + mailLists = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = "The collection of hosted maillists"; }; - maintInterval = mkOption { - type = types.str; + maintInterval = lib.mkOption { + type = lib.types.str; default = "20min"; description = '' Time interval between mlmmj-maintd runs, see @@ -98,7 +95,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { users.users.${cfg.user} = { description = "mlmmj user"; diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 55a85a354452..eb982ad00bd7 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -1,42 +1,39 @@ { config, lib, pkgs, ... }: - -with lib; - { options = { services.nullmailer = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable nullmailer daemon."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "nullmailer"; description = '' User to use to run nullmailer-send. ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "nullmailer"; description = '' Group to use to run nullmailer-send. ''; }; - setSendmail = mkOption { - type = types.bool; + setSendmail = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to set the system sendmail to nullmailer's."; }; - remotesFile = mkOption { - type = types.nullOr types.str; + remotesFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Path to the `remotes` control file. This file contains a @@ -48,8 +45,8 @@ with lib; }; config = { - adminaddr = mkOption { - type = types.nullOr types.str; + adminaddr = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' If set, all recipients to users at either "localhost" (the literal string) @@ -61,16 +58,16 @@ with lib; ''; }; - allmailfrom = mkOption { - type = types.nullOr types.str; + allmailfrom = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' If set, content will override the envelope sender on all messages. ''; }; - defaultdomain = mkOption { - type = types.nullOr types.str; + defaultdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The content of this attribute is appended to any host name that @@ -80,8 +77,8 @@ with lib; ''; }; - defaulthost = mkOption { - type = types.nullOr types.str; + defaulthost = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The content of this attribute is appended to any address that @@ -90,8 +87,8 @@ with lib; ''; }; - doublebounceto = mkOption { - type = types.nullOr types.str; + doublebounceto = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' If the original sender was empty (the original message was a @@ -100,8 +97,8 @@ with lib; ''; }; - helohost = mkOption { - type = types.nullOr types.str; + helohost = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' Sets the environment variable $HELOHOST which is used by the @@ -110,8 +107,8 @@ with lib; ''; }; - idhost = mkOption { - type = types.nullOr types.str; + idhost = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The content of this attribute is used when building the message-id @@ -119,8 +116,8 @@ with lib; ''; }; - maxpause = mkOption { - type = with types; nullOr (oneOf [ str int ]); + maxpause = lib.mkOption { + type = with lib.types; nullOr (oneOf [ str int ]); default = null; description = '' The maximum time to pause between successive queue runs, in seconds. @@ -128,8 +125,8 @@ with lib; ''; }; - me = mkOption { - type = types.nullOr types.str; + me = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' The fully-qualifiled host name of the computer running nullmailer. @@ -137,8 +134,8 @@ with lib; ''; }; - pausetime = mkOption { - type = with types; nullOr (oneOf [ str int ]); + pausetime = lib.mkOption { + type = with lib.types; nullOr (oneOf [ str int ]); default = null; description = '' The minimum time to pause between successive queue runs when there @@ -150,8 +147,8 @@ with lib; ''; }; - remotes = mkOption { - type = types.nullOr types.str; + remotes = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; description = '' A list of remote servers to which to send each message. Each line @@ -167,8 +164,8 @@ with lib; ''; }; - sendtimeout = mkOption { - type = with types; nullOr (oneOf [ str int ]); + sendtimeout = lib.mkOption { + type = with lib.types; nullOr (oneOf [ str int ]); default = null; description = '' The time to wait for a remote module listed above to complete sending @@ -183,7 +180,7 @@ with lib; config = let cfg = config.services.nullmailer; - in mkIf cfg.enable { + in lib.mkIf cfg.enable { assertions = [ { assertion = cfg.config.remotes == null || cfg.remotesFile == null; @@ -194,10 +191,10 @@ with lib; environment = { systemPackages = [ pkgs.nullmailer ]; etc = let - validAttrs = lib.mapAttrs (_: toString) (filterAttrs (_: value: value != null) cfg.config); + validAttrs = lib.mapAttrs (_: toString) (lib.filterAttrs (_: value: value != null) cfg.config); in - (foldl' (as: name: as // { "nullmailer/${name}".text = validAttrs.${name}; }) {} (attrNames validAttrs)) - // optionalAttrs (cfg.remotesFile != null) { "nullmailer/remotes".source = cfg.remotesFile; }; + (lib.foldl' (as: name: as // { "nullmailer/${name}".text = validAttrs.${name}; }) {} (lib.attrNames validAttrs)) + // lib.optionalAttrs (cfg.remotesFile != null) { "nullmailer/remotes".source = cfg.remotesFile; }; }; users = { @@ -234,7 +231,7 @@ with lib; }; }; - services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail { + services.mail.sendmailSetuidWrapper = lib.mkIf cfg.setSendmail { program = "sendmail"; source = "${pkgs.nullmailer}/bin/sendmail"; owner = cfg.user; diff --git a/nixos/modules/services/mail/offlineimap.nix b/nixos/modules/services/mail/offlineimap.nix index f1517232c48d..6566a3cee11e 100644 --- a/nixos/modules/services/mail/offlineimap.nix +++ b/nixos/modules/services/mail/offlineimap.nix @@ -1,16 +1,13 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.offlineimap; in { options.services.offlineimap = { - enable = mkEnableOption "OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s)"; + enable = lib.mkEnableOption "OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s)"; - install = mkOption { - type = types.bool; + install = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to install a user service for Offlineimap. Once @@ -22,28 +19,28 @@ in { ''; }; - package = mkPackageOption pkgs "offlineimap" { }; + package = lib.mkPackageOption pkgs "offlineimap" { }; - path = mkOption { - type = types.listOf types.path; + path = lib.mkOption { + type = lib.types.listOf lib.types.path; default = []; - example = literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; + example = lib.literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; description = "List of derivations to put in Offlineimap's path."; }; - onCalendar = mkOption { - type = types.str; + onCalendar = lib.mkOption { + type = lib.types.str; default = "*:0/3"; # every 3 minutes description = "How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format."; }; - timeoutStartSec = mkOption { - type = types.str; + timeoutStartSec = lib.mkOption { + type = lib.types.str; default = "120sec"; # Kill if still alive after 2 minutes description = "How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format."; }; }; - config = mkIf (cfg.enable || cfg.install) { + config = lib.mkIf (cfg.enable || cfg.install) { systemd.user.services.offlineimap = { description = "Offlineimap: a software to dispose your mailbox(es) as a local Maildir(s)"; serviceConfig = { @@ -62,6 +59,6 @@ in { # start immediately after computer is started: Persistent = "true"; }; - } // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; }; + } // lib.optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; }; }; } diff --git a/nixos/modules/services/mail/opendkim.nix b/nixos/modules/services/mail/opendkim.nix index 0460764ef094..dd29e5035089 100644 --- a/nixos/modules/services/mail/opendkim.nix +++ b/nixos/modules/services/mail/opendkim.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.opendkim; @@ -15,11 +12,11 @@ let "-d" cfg.domains "-k" keyFile "-s" cfg.selector - ] ++ optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; + ] ++ lib.optionals (cfg.configFile != null) [ "-x" cfg.configFile ]; in { imports = [ - (mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ]) + (lib.mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ]) ]; ###### interface @@ -28,34 +25,34 @@ in { services.opendkim = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the OpenDKIM sender authentication system."; }; - socket = mkOption { - type = types.str; + socket = lib.mkOption { + type = lib.types.str; default = defaultSock; description = "Socket which is used for communication with OpenDKIM."; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "opendkim"; description = "User for the daemon."; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "opendkim"; description = "Group for the daemon."; }; - domains = mkOption { - type = types.str; + domains = lib.mkOption { + type = lib.types.str; default = "csl:${config.networking.hostName}"; - defaultText = literalExpression ''"csl:''${config.networking.hostName}"''; + defaultText = lib.literalExpression ''"csl:''${config.networking.hostName}"''; example = "csl:example.com,mydomain.net"; description = '' Local domains set (see `opendkim(8)` for more information on datasets). @@ -63,8 +60,8 @@ in { ''; }; - keyPath = mkOption { - type = types.path; + keyPath = lib.mkOption { + type = lib.types.path; description = '' The path that opendkim should put its generated private keys into. The DNS settings will be found in this directory with the name selector.txt. @@ -72,13 +69,13 @@ in { default = "/var/lib/opendkim/keys"; }; - selector = mkOption { - type = types.str; + selector = lib.mkOption { + type = lib.types.str; description = "Selector to use when signing."; }; - configFile = mkOption { - type = types.nullOr types.path; + configFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; description = "Additional opendkim configuration."; }; @@ -90,16 +87,16 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == "opendkim") { + users.users = lib.optionalAttrs (cfg.user == "opendkim") { opendkim = { group = cfg.group; uid = config.ids.uids.opendkim; }; }; - users.groups = optionalAttrs (cfg.group == "opendkim") { + users.groups = lib.optionalAttrs (cfg.group == "opendkim") { opendkim.gid = config.ids.gids.opendkim; }; @@ -126,10 +123,10 @@ in { ''; serviceConfig = { - ExecStart = "${pkgs.opendkim}/bin/opendkim ${escapeShellArgs args}"; + ExecStart = "${pkgs.opendkim}/bin/opendkim ${lib.escapeShellArgs args}"; User = cfg.user; Group = cfg.group; - RuntimeDirectory = optional (cfg.socket == defaultSock) "opendkim"; + RuntimeDirectory = lib.optional (cfg.socket == defaultSock) "opendkim"; StateDirectory = "opendkim"; StateDirectoryMode = "0700"; ReadWritePaths = [ cfg.keyPath ]; diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index 88e7bc0193b5..07cf189fb28e 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -1,12 +1,9 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.opensmtpd; conf = pkgs.writeText "smtpd.conf" cfg.serverConfiguration; - args = concatStringsSep " " cfg.extraServerArgs; + args = lib.concatStringsSep " " cfg.extraServerArgs; sendmail = pkgs.runCommand "opensmtpd-sendmail" { preferLocalBuild = true; } '' mkdir -p $out/bin @@ -18,29 +15,29 @@ in { ###### interface imports = [ - (mkRenamedOptionModule [ "services" "opensmtpd" "addSendmailToSystemPath" ] [ "services" "opensmtpd" "setSendmail" ]) + (lib.mkRenamedOptionModule [ "services" "opensmtpd" "addSendmailToSystemPath" ] [ "services" "opensmtpd" "setSendmail" ]) ]; options = { services.opensmtpd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the OpenSMTPD server."; }; - package = mkPackageOption pkgs "opensmtpd" { }; + package = lib.mkPackageOption pkgs "opensmtpd" { }; - setSendmail = mkOption { - type = types.bool; + setSendmail = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to set the system sendmail to OpenSMTPD's."; }; - extraServerArgs = mkOption { - type = types.listOf types.str; + extraServerArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; example = [ "-v" "-P mta" ]; description = '' @@ -49,8 +46,8 @@ in { ''; }; - serverConfiguration = mkOption { - type = types.lines; + serverConfiguration = lib.mkOption { + type = lib.types.lines; example = '' listen on lo accept for any deliver to lmtp localhost:24 @@ -61,8 +58,8 @@ in { ''; }; - procPackages = mkOption { - type = types.listOf types.package; + procPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; description = '' Packages to search for filters, tables, queues, and schedulers. @@ -78,7 +75,7 @@ in { ###### implementation - config = mkIf cfg.enable rec { + config = lib.mkIf cfg.enable rec { users.groups = { smtpd.gid = config.ids.gids.smtpd; smtpq.gid = config.ids.gids.smtpq; @@ -105,7 +102,7 @@ in { source = "${cfg.package}/bin/smtpctl"; }; - services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail + services.mail.sendmailSetuidWrapper = lib.mkIf cfg.setSendmail (security.wrappers.smtpctl // { program = "sendmail"; }); systemd.tmpfiles.rules = [ diff --git a/nixos/modules/services/mail/pfix-srsd.nix b/nixos/modules/services/mail/pfix-srsd.nix index 7ad2b20454d0..d4176c509d7a 100644 --- a/nixos/modules/services/mail/pfix-srsd.nix +++ b/nixos/modules/services/mail/pfix-srsd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - { ###### interface @@ -9,25 +6,25 @@ with lib; options = { services.pfix-srsd = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = "Whether to run the postfix sender rewriting scheme daemon."; }; - domain = mkOption { + domain = lib.mkOption { description = "The domain for which to enable srs"; - type = types.str; + type = lib.types.str; example = "example.com"; }; - secretsFile = mkOption { + secretsFile = lib.mkOption { description = '' The secret data used to encode the SRS address. to generate, use a command like: `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done` ''; - type = types.path; + type = lib.types.path; default = "/var/lib/pfix-srsd/secrets"; }; }; @@ -35,7 +32,7 @@ with lib; ###### implementation - config = mkIf config.services.pfix-srsd.enable { + config = lib.mkIf config.services.pfix-srsd.enable { environment = { systemPackages = [ pkgs.pfixtools ]; }; diff --git a/nixos/modules/services/mail/postfixadmin.nix b/nixos/modules/services/mail/postfixadmin.nix index 87a9f963b195..7523fa4930ab 100644 --- a/nixos/modules/services/mail/postfixadmin.nix +++ b/nixos/modules/services/mail/postfixadmin.nix @@ -1,7 +1,4 @@ { lib, config, pkgs, ... }: - -with lib; - let cfg = config.services.postfixadmin; fpm = config.services.phpfpm.pools.postfixadmin; @@ -10,8 +7,8 @@ let in { options.services.postfixadmin = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable postfixadmin. @@ -22,14 +19,14 @@ in ''; }; - hostName = mkOption { - type = types.str; + hostName = lib.mkOption { + type = lib.types.str; example = "postfixadmin.example.com"; description = "Hostname to use for the nginx vhost"; }; - adminEmail = mkOption { - type = types.str; + adminEmail = lib.mkOption { + type = lib.types.str; example = "postmaster@example.com"; description = '' Defines the Site Admin's email address. @@ -38,8 +35,8 @@ in ''; }; - setupPasswordFile = mkOption { - type = types.path; + setupPasswordFile = lib.mkOption { + type = lib.types.path; description = '' Password file for the admin. Generate with `php -r "echo password_hash('some password here', PASSWORD_DEFAULT);"` @@ -47,16 +44,16 @@ in }; database = { - username = mkOption { - type = types.str; + username = lib.mkOption { + type = lib.types.str; default = "postfixadmin"; description = '' Username for the postgresql connection. If `database.host` is set to `localhost`, a unix user and group of the same name will be created as well. ''; }; - host = mkOption { - type = types.str; + host = lib.mkOption { + type = lib.types.str; default = "localhost"; description = '' Host of the postgresql server. If this is not set to @@ -65,25 +62,25 @@ in permissions. ''; }; - passwordFile = mkOption { - type = types.path; + passwordFile = lib.mkOption { + type = lib.types.path; description = "Password file for the postgresql connection. Must be readable by user `nginx`."; }; - dbname = mkOption { - type = types.str; + dbname = lib.mkOption { + type = lib.types.str; default = "postfixadmin"; description = "Name of the postgresql database"; }; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra configuration for the postfixadmin instance, see postfixadmin's config.inc.php for available options."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.etc."postfixadmin/config.local.php".text = '' <?php @@ -91,7 +88,7 @@ in $CONF['database_type'] = 'pgsql'; $CONF['database_host'] = ${if localDB then "null" else "'${cfg.database.host}'"}; - ${optionalString localDB "$CONF['database_user'] = '${cfg.database.username}';"} + ${lib.optionalString localDB "$CONF['database_user'] = '${cfg.database.username}';"} $CONF['database_password'] = ${if localDB then "'dummy'" else "file_get_contents('${cfg.database.passwordFile}')"}; $CONF['database_name'] = '${cfg.database.dbname}'; $CONF['configured'] = true; @@ -109,8 +106,8 @@ in enable = true; virtualHosts = { ${cfg.hostName} = { - forceSSL = mkDefault true; - enableACME = mkDefault true; + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; locations."/" = { root = "${pkgs.postfixadmin}/public"; index = "index.php"; @@ -127,7 +124,7 @@ in }; }; - services.postgresql = mkIf localDB { + services.postgresql = lib.mkIf localDB { enable = true; ensureUsers = [ { name = cfg.database.username; @@ -136,7 +133,7 @@ in # The postgresql module doesn't currently support concepts like # objects owners and extensions; for now we tack on what's needed # here. - systemd.services.postfixadmin-postgres = let pgsql = config.services.postgresql; in mkIf localDB { + systemd.services.postfixadmin-postgres = let pgsql = config.services.postgresql; in lib.mkIf localDB { after = [ "postgresql.service" ]; bindsTo = [ "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; @@ -172,12 +169,12 @@ in }; }; - users.users.${user} = mkIf localDB { + users.users.${user} = lib.mkIf localDB { group = user; isSystemUser = true; createHome = false; }; - users.groups.${user} = mkIf localDB {}; + users.groups.${user} = lib.mkIf localDB {}; services.phpfpm.pools.postfixadmin = { user = user; @@ -186,7 +183,7 @@ in error_log = 'stderr' log_errors = on ''; - settings = mapAttrs (name: mkDefault) { + settings = lib.mapAttrs (name: lib.mkDefault) { "listen.owner" = "nginx"; "listen.group" = "nginx"; "listen.mode" = "0660"; diff --git a/nixos/modules/services/mail/postsrsd.nix b/nixos/modules/services/mail/postsrsd.nix index 92f01dd4101e..f94d3942b5e3 100644 --- a/nixos/modules/services/mail/postsrsd.nix +++ b/nixos/modules/services/mail/postsrsd.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.postsrsd; @@ -14,67 +11,67 @@ in { services.postsrsd = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to enable the postsrsd SRS server for Postfix."; }; - secretsFile = mkOption { - type = types.path; + secretsFile = lib.mkOption { + type = lib.types.path; default = "/var/lib/postsrsd/postsrsd.secret"; description = "Secret keys used for signing and verification"; }; - domain = mkOption { - type = types.str; + domain = lib.mkOption { + type = lib.types.str; description = "Domain name for rewrite"; }; - separator = mkOption { - type = types.enum ["-" "=" "+"]; + separator = lib.mkOption { + type = lib.types.enum ["-" "=" "+"]; default = "="; description = "First separator character in generated addresses"; }; - # bindAddress = mkOption { # uncomment once 1.5 is released - # type = types.str; + # bindAddress = lib.mkOption { # uncomment once 1.5 is released + # type = lib.types.str; # default = "127.0.0.1"; # description = "Socket listen address"; # }; - forwardPort = mkOption { - type = types.int; + forwardPort = lib.mkOption { + type = lib.types.int; default = 10001; description = "Port for the forward SRS lookup"; }; - reversePort = mkOption { - type = types.int; + reversePort = lib.mkOption { + type = lib.types.int; default = 10002; description = "Port for the reverse SRS lookup"; }; - timeout = mkOption { - type = types.int; + timeout = lib.mkOption { + type = lib.types.int; default = 1800; description = "Timeout for idle client connections in seconds"; }; - excludeDomains = mkOption { - type = types.listOf types.str; + excludeDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = "Origin domains to exclude from rewriting in addition to primary domain"; }; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "postsrsd"; description = "User for the daemon"; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "postsrsd"; description = "Group for the daemon"; }; @@ -86,18 +83,18 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { - services.postsrsd.domain = mkDefault config.networking.hostName; + services.postsrsd.domain = lib.mkDefault config.networking.hostName; - users.users = optionalAttrs (cfg.user == "postsrsd") { + users.users = lib.optionalAttrs (cfg.user == "postsrsd") { postsrsd = { group = cfg.group; uid = config.ids.uids.postsrsd; }; }; - users.groups = optionalAttrs (cfg.group == "postsrsd") { + users.groups = lib.optionalAttrs (cfg.group == "postsrsd") { postsrsd.gid = config.ids.gids.postsrsd; }; @@ -110,7 +107,7 @@ in { path = [ pkgs.coreutils ]; serviceConfig = { - ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -a${cfg.separator} -f${toString cfg.forwardPort} -r${toString cfg.reversePort} -t${toString cfg.timeout} "-X${concatStringsSep "," cfg.excludeDomains}"''; + ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -a${cfg.separator} -f${toString cfg.forwardPort} -r${toString cfg.reversePort} -t${toString cfg.timeout} "-X${lib.concatStringsSep "," cfg.excludeDomains}"''; User = cfg.user; Group = cfg.group; PermissionsStartOnly = true; diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index 2914877bdccd..1a9a3bdf26b9 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -1,7 +1,4 @@ { lib, config, pkgs, ... }: - -with lib; - let cfg = config.services.roundcube; fpm = config.services.phpfpm.pools.roundcube; @@ -11,8 +8,8 @@ let in { options.services.roundcube = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable roundcube. @@ -23,27 +20,27 @@ in ''; }; - hostName = mkOption { - type = types.str; + hostName = lib.mkOption { + type = lib.types.str; example = "webmail.example.com"; description = "Hostname to use for the nginx vhost"; }; - package = mkPackageOption pkgs "roundcube" { + package = lib.mkPackageOption pkgs "roundcube" { example = "roundcube.withPlugins (plugins: [ plugins.persistent_login ])"; }; database = { - username = mkOption { - type = types.str; + username = lib.mkOption { + type = lib.types.str; default = "roundcube"; description = '' Username for the postgresql connection. If `database.host` is set to `localhost`, a unix user and group of the same name will be created as well. ''; }; - host = mkOption { - type = types.str; + host = lib.mkOption { + type = lib.types.str; default = "localhost"; description = '' Host of the postgresql server. If this is not set to @@ -52,13 +49,13 @@ in permissions. ''; }; - password = mkOption { - type = types.str; + password = lib.mkOption { + type = lib.types.str; description = "Password for the postgresql connection. Do not use: the password will be stored world readable in the store; use `passwordFile` instead."; default = ""; }; - passwordFile = mkOption { - type = types.str; + passwordFile = lib.mkOption { + type = lib.types.str; description = '' Password file for the postgresql connection. Must be formatted according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) @@ -66,32 +63,32 @@ in Ignored if `database.host` is set to `localhost`, as peer authentication will be used. ''; }; - dbname = mkOption { - type = types.str; + dbname = lib.mkOption { + type = lib.types.str; default = "roundcube"; description = "Name of the postgresql database"; }; }; - plugins = mkOption { - type = types.listOf types.str; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; description = '' List of roundcube plugins to enable. Currently, only those directly shipped with Roundcube are supported. ''; }; - dicts = mkOption { - type = types.listOf types.package; + dicts = lib.mkOption { + type = lib.types.listOf lib.types.package; default = []; - example = literalExpression "with pkgs.aspellDicts; [ en fr de ]"; + example = lib.literalExpression "with pkgs.aspellDicts; [ en fr de ]"; description = '' List of aspell dictionaries for spell checking. If empty, spell checking is disabled. ''; }; - maxAttachmentSize = mkOption { - type = types.int; + maxAttachmentSize = lib.mkOption { + type = lib.types.int; default = 18; apply = configuredMaxAttachmentSize: "${toString (configuredMaxAttachmentSize * 1.37)}M"; description = '' @@ -112,16 +109,16 @@ in description = "Configure nginx as a reverse proxy for roundcube."; }; - extraConfig = mkOption { - type = types.lines; + extraConfig = lib.mkOption { + type = lib.types.lines; default = ""; description = "Extra configuration for roundcube webmail instance"; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # backward compatibility: if password is set but not passwordFile, make one. - services.roundcube.database.passwordFile = mkIf (!localDB && cfg.database.password != "") (mkDefault ("${pkgs.writeText "roundcube-password" cfg.database.password}")); + services.roundcube.database.passwordFile = lib.mkIf (!localDB && cfg.database.password != "") (lib.mkDefault ("${pkgs.writeText "roundcube-password" cfg.database.password}")); warnings = lib.optional (!localDB && cfg.database.password != "") "services.roundcube.database.password is deprecated and insecure; use services.roundcube.database.passwordFile instead"; environment.etc."roundcube/config.inc.php".text = '' @@ -139,7 +136,7 @@ in $config['db_dsnw'] = 'pgsql://${cfg.database.username}${lib.optionalString (!localDB) ":' . $password . '"}@${if localDB then "unix(/run/postgresql)" else cfg.database.host}/${cfg.database.dbname}'; $config['log_driver'] = 'syslog'; $config['max_message_size'] = '${cfg.maxAttachmentSize}'; - $config['plugins'] = [${concatMapStringsSep "," (p: "'${p}'") cfg.plugins}]; + $config['plugins'] = [${lib.concatMapStringsSep "," (p: "'${p}'") cfg.plugins}]; $config['des_key'] = file_get_contents('/var/lib/roundcube/des_key'); $config['mime_types'] = '${pkgs.nginx}/conf/mime.types'; # Roundcube uses PHP-FPM which has `PrivateTmp = true;` @@ -156,8 +153,8 @@ in enable = true; virtualHosts = { ${cfg.hostName} = { - forceSSL = mkDefault true; - enableACME = mkDefault true; + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; root = cfg.package; locations."/" = { index = "index.php"; @@ -201,7 +198,7 @@ in } ]; - services.postgresql = mkIf localDB { + services.postgresql = lib.mkIf localDB { enable = true; ensureDatabases = [ cfg.database.dbname ]; ensureUsers = [ { @@ -210,12 +207,12 @@ in } ]; }; - users.users.${user} = mkIf localDB { + users.users.${user} = lib.mkIf localDB { group = user; isSystemUser = true; createHome = false; }; - users.groups.${user} = mkIf localDB {}; + users.groups.${user} = lib.mkIf localDB {}; services.phpfpm.pools.roundcube = { user = if localDB then user else "nginx"; @@ -225,7 +222,7 @@ in post_max_size = ${cfg.maxAttachmentSize} upload_max_filesize = ${cfg.maxAttachmentSize} ''; - settings = mapAttrs (name: mkDefault) { + settings = lib.mapAttrs (name: lib.mkDefault) { "listen.owner" = "nginx"; "listen.group" = "nginx"; "listen.mode" = "0660"; @@ -247,8 +244,8 @@ in config.environment.etc."roundcube/config.inc.php".source ]; - systemd.services.roundcube-setup = mkMerge [ - (mkIf (cfg.database.host == "localhost") { + systemd.services.roundcube-setup = lib.mkMerge [ + (lib.mkIf (cfg.database.host == "localhost") { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; }) diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix index e51cc0239a82..fbe4cc82adb9 100644 --- a/nixos/modules/services/mail/spamassassin.nix +++ b/nixos/modules/services/mail/spamassassin.nix @@ -1,7 +1,4 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.spamassassin; spamassassin-local-cf = pkgs.writeText "local.cf" cfg.config; @@ -12,16 +9,16 @@ in options = { services.spamassassin = { - enable = mkEnableOption "the SpamAssassin daemon"; + enable = lib.mkEnableOption "the SpamAssassin daemon"; - debug = mkOption { - type = types.bool; + debug = lib.mkOption { + type = lib.types.bool; default = false; description = "Whether to run the SpamAssassin daemon in debug mode"; }; - config = mkOption { - type = types.lines; + config = lib.mkOption { + type = lib.types.lines; description = '' The SpamAssassin local.cf config @@ -55,8 +52,8 @@ in default = ""; }; - initPreConf = mkOption { - type = with types; either str path; + initPreConf = lib.mkOption { + type = with lib.types; either str path; description = "The SpamAssassin init.pre config."; apply = val: if builtins.isPath val then val else pkgs.writeText "init.pre" val; default = @@ -111,7 +108,7 @@ in }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.etc."mail/spamassassin/init.pre".source = cfg.initPreConf; environment.etc."mail/spamassassin/local.cf".source = spamassassin-local-cf; @@ -185,7 +182,7 @@ in serviceConfig = { User = "spamd"; Group = "spamd"; - ExecStart = "+${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --virtual-config-dir=%S/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid"; + ExecStart = "+${pkgs.spamassassin}/bin/spamd ${lib.optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --virtual-config-dir=%S/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid"; ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID"; StateDirectory = "spamassassin"; }; diff --git a/nixos/modules/services/mail/stalwart-mail.nix b/nixos/modules/services/mail/stalwart-mail.nix index 1025788f0d84..fe433f9a2662 100644 --- a/nixos/modules/services/mail/stalwart-mail.nix +++ b/nixos/modules/services/mail/stalwart-mail.nix @@ -1,29 +1,26 @@ { config, lib, pkgs, ... }: - -with lib; - let cfg = config.services.stalwart-mail; configFormat = pkgs.formats.toml { }; configFile = configFormat.generate "stalwart-mail.toml" cfg.settings; dataDir = "/var/lib/stalwart-mail"; - useLegacyStorage = versionOlder config.system.stateVersion "24.11"; + useLegacyStorage = lib.versionOlder config.system.stateVersion "24.11"; parsePorts = listeners: let parseAddresses = listeners: lib.flatten(lib.mapAttrsToList (name: value: value.bind) listeners); - splitAddress = addr: strings.splitString ":" addr; - extractPort = addr: strings.toInt(builtins.foldl' (a: b: b) "" (splitAddress addr)); + splitAddress = addr: lib.splitString ":" addr; + extractPort = addr: lib.toInt(builtins.foldl' (a: b: b) "" (splitAddress addr)); in builtins.map(address: extractPort address) (parseAddresses listeners); in { options.services.stalwart-mail = { - enable = mkEnableOption "the Stalwart all-in-one email server"; + enable = lib.mkEnableOption "the Stalwart all-in-one email server"; - package = mkPackageOption pkgs "stalwart-mail" { }; + package = lib.mkPackageOption pkgs "stalwart-mail" { }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to open TCP firewall ports, which are specified in @@ -31,7 +28,7 @@ in { ''; }; - settings = mkOption { + settings = lib.mkOption { inherit (configFormat) type; default = { }; description = '' @@ -43,36 +40,36 @@ in { }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { # Default config: all local services.stalwart-mail.settings = { tracer.stdout = { - type = mkDefault "stdout"; - level = mkDefault "info"; - ansi = mkDefault false; # no colour markers to journald - enable = mkDefault true; + type = lib.mkDefault "stdout"; + level = lib.mkDefault "info"; + ansi = lib.mkDefault false; # no colour markers to journald + enable = lib.mkDefault true; }; store = if useLegacyStorage then { # structured data in SQLite, blobs on filesystem - db.type = mkDefault "sqlite"; - db.path = mkDefault "${dataDir}/data/index.sqlite3"; - fs.type = mkDefault "fs"; - fs.path = mkDefault "${dataDir}/data/blobs"; + db.type = lib.mkDefault "sqlite"; + db.path = lib.mkDefault "${dataDir}/data/index.sqlite3"; + fs.type = lib.mkDefault "fs"; + fs.path = lib.mkDefault "${dataDir}/data/blobs"; } else { # everything in RocksDB - db.type = mkDefault "rocksdb"; - db.path = mkDefault "${dataDir}/db"; - db.compression = mkDefault "lz4"; + db.type = lib.mkDefault "rocksdb"; + db.path = lib.mkDefault "${dataDir}/db"; + db.compression = lib.mkDefault "lz4"; }; - storage.data = mkDefault "db"; - storage.fts = mkDefault "db"; - storage.lookup = mkDefault "db"; - storage.blob = mkDefault (if useLegacyStorage then "fs" else "db"); - directory.internal.type = mkDefault "internal"; - directory.internal.store = mkDefault "db"; - storage.directory = mkDefault "internal"; - resolver.type = mkDefault "system"; + storage.data = lib.mkDefault "db"; + storage.fts = lib.mkDefault "db"; + storage.lookup = lib.mkDefault "db"; + storage.blob = lib.mkDefault (if useLegacyStorage then "fs" else "db"); + directory.internal.type = lib.mkDefault "internal"; + directory.internal.store = lib.mkDefault "db"; + storage.directory = lib.mkDefault "internal"; + resolver.type = lib.mkDefault "system"; resolver.public-suffix = lib.mkDefault [ "file://${pkgs.publicsuffix-list}/share/publicsuffix/public_suffix_list.dat" ]; @@ -155,13 +152,13 @@ in { # Make admin commands available in the shell environment.systemPackages = [ cfg.package ]; - networking.firewall = mkIf (cfg.openFirewall + networking.firewall = lib.mkIf (cfg.openFirewall && (builtins.hasAttr "listener" cfg.settings.server)) { allowedTCPPorts = parsePorts cfg.settings.server.listener; }; }; meta = { - maintainers = with maintainers; [ happysalada pacien onny ]; + maintainers = with lib.maintainers; [ happysalada pacien onny ]; }; } diff --git a/nixos/modules/services/mail/zeyple.nix b/nixos/modules/services/mail/zeyple.nix index 6f6a1799bc0a..2f9164f700fe 100644 --- a/nixos/modules/services/mail/zeyple.nix +++ b/nixos/modules/services/mail/zeyple.nix @@ -1,6 +1,4 @@ { config, pkgs, lib, ... }: - -with lib; let cfg = config.services.zeyple; ini = pkgs.formats.ini { }; @@ -16,10 +14,10 @@ let ''; in { options.services.zeyple = { - enable = mkEnableOption "Zeyple, an utility program to automatically encrypt outgoing emails with GPG"; + enable = lib.mkEnableOption "Zeyple, an utility program to automatically encrypt outgoing emails with GPG"; - user = mkOption { - type = types.str; + user = lib.mkOption { + type = lib.types.str; default = "zeyple"; description = '' User to run Zeyple as. @@ -32,8 +30,8 @@ in { ''; }; - group = mkOption { - type = types.str; + group = lib.mkOption { + type = lib.types.str; default = "zeyple"; description = '' Group to use to run Zeyple. @@ -46,7 +44,7 @@ in { ''; }; - settings = mkOption { + settings = lib.mkOption { type = ini.type; default = { }; description = '' @@ -56,21 +54,21 @@ in { ''; }; - keys = mkOption { - type = with types; listOf path; + keys = lib.mkOption { + type = with lib.types; listOf path; description = "List of public key files that will be imported by gpg."; }; - rotateLogs = mkOption { - type = types.bool; + rotateLogs = lib.mkOption { + type = lib.types.bool; default = true; description = "Whether to enable rotation of log files."; }; }; - config = mkIf cfg.enable { - users.groups = optionalAttrs (cfg.group == "zeyple") { "${cfg.group}" = { }; }; - users.users = optionalAttrs (cfg.user == "zeyple") { + config = lib.mkIf cfg.enable { + users.groups = lib.optionalAttrs (cfg.group == "zeyple") { "${cfg.group}" = { }; }; + users.users = lib.optionalAttrs (cfg.user == "zeyple") { "${cfg.user}" = { isSystemUser = true; group = cfg.group; @@ -78,14 +76,14 @@ in { }; services.zeyple.settings = { - zeyple = mapAttrs (name: mkDefault) { + zeyple = lib.mapAttrs (name: lib.mkDefault) { log_file = "/var/log/zeyple/zeyple.log"; force_encrypt = true; }; - gpg = mapAttrs (name: mkDefault) { home = "${gpgHome}"; }; + gpg = lib.mapAttrs (name: lib.mkDefault) { home = "${gpgHome}"; }; - relay = mapAttrs (name: mkDefault) { + relay = lib.mapAttrs (name: lib.mkDefault) { host = "localhost"; port = 10026; }; @@ -98,7 +96,7 @@ in { mode = "0600"; }; - services.logrotate = mkIf cfg.rotateLogs { + services.logrotate = lib.mkIf cfg.rotateLogs { enable = true; settings.zeyple = { files = cfg.settings.zeyple.log_file; |