diff options
author | Nikolay Amiantov <ab@fmap.me> | 2016-01-06 06:04:50 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2016-01-13 13:04:12 +0300 |
commit | c51d08cf271af95c62f40be9a281751669be55aa (patch) | |
tree | 3e4af943a1b0f9664c707d0251446e5d0d59f200 /nixos/modules/services/mail/postsrsd.nix | |
parent | 2053b3a32ae671d268d3da78294502630b0ecfb4 (diff) | |
download | nixlib-c51d08cf271af95c62f40be9a281751669be55aa.tar nixlib-c51d08cf271af95c62f40be9a281751669be55aa.tar.gz nixlib-c51d08cf271af95c62f40be9a281751669be55aa.tar.bz2 nixlib-c51d08cf271af95c62f40be9a281751669be55aa.tar.lz nixlib-c51d08cf271af95c62f40be9a281751669be55aa.tar.xz nixlib-c51d08cf271af95c62f40be9a281751669be55aa.tar.zst nixlib-c51d08cf271af95c62f40be9a281751669be55aa.zip |
nixos/postsrsd: add module
Diffstat (limited to 'nixos/modules/services/mail/postsrsd.nix')
-rw-r--r-- | nixos/modules/services/mail/postsrsd.nix | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/nixos/modules/services/mail/postsrsd.nix b/nixos/modules/services/mail/postsrsd.nix new file mode 100644 index 000000000000..36a0f8218d88 --- /dev/null +++ b/nixos/modules/services/mail/postsrsd.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.postsrsd; + +in { + + ###### interface + + options = { + + services.postsrsd = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the postsrsd SRS server for Postfix."; + }; + + domain = mkOption { + type = types.str; + description = "Domain name for rewrite"; + }; + + secretsFile = mkOption { + type = types.path; + default = "/var/lib/postsrsd/postsrsd.secret"; + description = "Secret keys used for signing and verification"; + }; + + forwardPort = mkOption { + type = types.int; + default = 10001; + description = "Port for the forward SRS lookup"; + }; + + reversePort = mkOption { + type = types.int; + default = 10002; + description = "Port for the reverse SRS lookup"; + }; + + user = mkOption { + type = types.str; + default = "postsrsd"; + description = "User for the daemon"; + }; + + group = mkOption { + type = types.str; + default = "postsrsd"; + description = "Group for the daemon"; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + services.postsrsd.domain = mkDefault config.networking.hostName; + + users.extraUsers = optionalAttrs (cfg.user == "postsrsd") (singleton + { name = "postsrsd"; + group = cfg.group; + uid = config.ids.uids.postsrsd; + }); + + users.extraGroups = optionalAttrs (cfg.group == "postsrsd") (singleton + { name = "postsrsd"; + gid = config.ids.gids.postsrsd; + }); + + systemd.services.postsrsd = { + description = "PostSRSd SRS rewriting server"; + after = [ "network.target" ]; + before = [ "postfix.service" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ pkgs.coreutils ]; + + serviceConfig = { + ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -f${toString cfg.forwardPort} -r${toString cfg.reversePort}''; + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = true; + }; + + preStart = '' + if [ ! -e "${cfg.secretsFile}" ]; then + echo "WARNING: secrets file not found, autogenerating!" + mkdir -p -m750 "$(dirname "${cfg.secretsFile}")" + dd if=/dev/random bs=18 count=1 | base64 > "${cfg.secretsFile}" + chmod 600 "${cfg.secretsFile}" + fi + chown "${cfg.user}:${cfg.group}" "${cfg.secretsFile}" + ''; + }; + + }; +} |