diff options
| author | Marius Bergmann <marius@yeai.de> | 2017-09-28 08:38:59 +0200 |
|---|---|---|
| committer | Marius Bergmann <marius@yeai.de> | 2017-09-28 08:52:21 +0200 |
| commit | e741cc488190ab79e26b96d8e6f1402ab5965b6a (patch) | |
| tree | d3349360bfec5901fe3247d3c33890fd53f1c62e /nixos/modules/services/mail | |
| parent | 02e89de71c402aa4e4a96737a54e07e86a1ef253 (diff) | |
| download | nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.tar nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.tar.gz nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.tar.bz2 nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.tar.lz nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.tar.xz nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.tar.zst nixlib-e741cc488190ab79e26b96d8e6f1402ab5965b6a.zip | |
nullmailer: add `remotesFile` option
The current `remotes` option is a string option containing nullmailer remote definitions. However, those definitions may contain secret credentials and should therefore not be put world-readable in the nix store. I added a `remotesFile` option, which allows to specify a path to the remotes definition file instead. This way, the definitions can be kept outside of the nix store with more secure file permissions.
Diffstat (limited to 'nixos/modules/services/mail')
| -rw-r--r-- | nixos/modules/services/mail/nullmailer.nix | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 68cba4a7436e..c5af1d4d381b 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -35,6 +35,18 @@ with lib; description = "Whether to set the system sendmail to nullmailer's."; }; + remotesFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Path to the <code>remotes</code> control file. This file contains a + list of remote servers to which to send each message. + + See <code>man 8 nullmailer-send</code> for syntax and available + options. + ''; + }; + config = { adminaddr = mkOption { type = types.nullOr types.str; @@ -173,13 +185,27 @@ with lib; cfg = config.services.nullmailer; in mkIf cfg.enable { + assertions = [ + { assertion = cfg.config.remotes == null || cfg.remotesFile == null; + message = "Only one of `remotesFile` or `config.remotes` may be used at a time."; + } + ]; + environment = { systemPackages = [ pkgs.nullmailer ]; etc = let getval = attr: builtins.getAttr attr cfg.config; attrs = builtins.attrNames cfg.config; - attrs' = builtins.filter (attr: ! isNull (getval attr)) attrs; - in foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs'; + remotesFilter = if cfg.remotesFile != null + then (attr: attr != "remotes") + else (_: true); + optionalRemotesFileLink = if cfg.remotesFile != null + then { "nullmailer/remotes".source = cfg.remotesFile; } + else {}; + attrs' = builtins.filter (attr: (! isNull (getval attr)) && (remotesFilter attr)) attrs; + in + (foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs') + // optionalRemotesFileLink; }; users = { |