pyrox.dev
1# Configuration for `ssmtp', a trivial mail transfer agent that can
2# replace sendmail/postfix on simple systems. It delivers email
3# directly to an SMTP server defined in its configuration file, without
4# queueing mail locally.
5
6{ config, lib, pkgs, ... }:
7
8with lib;
9
10let
11 cfg = config.services.ssmtp;
12
13in
14{
15
16 imports = [
17 (mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
18 (mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
19 (mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
20 (mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
21 (mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
22 (mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
23 (mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
24 (mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
25 (mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
26
27 (mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
28 (mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
29 ];
30
31 options = {
32
33 services.ssmtp = {
34
35 enable = mkOption {
36 type = types.bool;
37 default = false;
38 description = ''
39 Use the trivial Mail Transfer Agent (MTA)
40 <command>ssmtp</command> package to allow programs to send
41 e-mail. If you don't want to run a “real” MTA like
42 <command>sendmail</command> or <command>postfix</command> on
43 your machine, set this option to <literal>true</literal>, and
44 set the option
45 <option>services.ssmtp.hostName</option> to the
46 host name of your preferred mail server.
47 '';
48 };
49
50 settings = mkOption {
51 type = with types; attrsOf (oneOf [ bool str ]);
52 default = {};
53 description = ''
54 <citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
55 to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
56 '';
57 example = literalExpression ''
58 {
59 Debug = true;
60 FromLineOverride = false;
61 }
62 '';
63 };
64
65 hostName = mkOption {
66 type = types.str;
67 example = "mail.example.org";
68 description = ''
69 The host name of the default mail server to use to deliver
70 e-mail. Can also contain a port number (ex: mail.example.org:587),
71 defaults to port 25 if no port is given.
72 '';
73 };
74
75 root = mkOption {
76 type = types.str;
77 default = "";
78 example = "root@example.org";
79 description = ''
80 The e-mail to which mail for users with UID < 1000 is forwarded.
81 '';
82 };
83
84 domain = mkOption {
85 type = types.str;
86 default = "";
87 example = "example.org";
88 description = ''
89 The domain from which mail will appear to be sent.
90 '';
91 };
92
93 useTLS = mkOption {
94 type = types.bool;
95 default = false;
96 description = ''
97 Whether TLS should be used to connect to the default mail
98 server.
99 '';
100 };
101
102 useSTARTTLS = mkOption {
103 type = types.bool;
104 default = false;
105 description = ''
106 Whether the STARTTLS should be used to connect to the default
107 mail server. (This is needed for TLS-capable mail servers
108 running on the default SMTP port 25.)
109 '';
110 };
111
112 authUser = mkOption {
113 type = types.str;
114 default = "";
115 example = "foo@example.org";
116 description = ''
117 Username used for SMTP auth. Leave blank to disable.
118 '';
119 };
120
121 authPassFile = mkOption {
122 type = types.nullOr types.str;
123 default = null;
124 example = "/run/keys/ssmtp-authpass";
125 description = ''
126 Path to a file that contains the password used for SMTP auth. The file
127 should not contain a trailing newline, if the password does not contain one
128 (e.g. use <command>echo -n "password" > file</command>).
129 This file should be readable by the users that need to execute ssmtp.
130 '';
131 };
132
133 setSendmail = mkOption {
134 type = types.bool;
135 default = true;
136 description = "Whether to set the system sendmail to ssmtp's.";
137 };
138
139 };
140
141 };
142
143
144 config = mkIf cfg.enable {
145
146 assertions = [
147 {
148 assertion = cfg.useSTARTTLS -> cfg.useTLS;
149 message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
150 }
151 ];
152
153 services.ssmtp.settings = mkMerge [
154 ({
155 MailHub = cfg.hostName;
156 FromLineOverride = mkDefault true;
157 UseTLS = cfg.useTLS;
158 UseSTARTTLS = cfg.useSTARTTLS;
159 })
160 (mkIf (cfg.root != "") { root = cfg.root; })
161 (mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
162 (mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
163 (mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
164 ];
165
166 # careful here: ssmtp REQUIRES all config lines to end with a newline char!
167 environment.etc."ssmtp/ssmtp.conf".text = with generators; toKeyValue {
168 mkKeyValue = mkKeyValueDefault {
169 mkValueString = value:
170 if value == true then "YES"
171 else if value == false then "NO"
172 else mkValueStringDefault {} value
173 ;
174 } "=";
175 } cfg.settings;
176
177 environment.systemPackages = [pkgs.ssmtp];
178
179 services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
180 program = "sendmail";
181 source = "${pkgs.ssmtp}/bin/sendmail";
182 setuid = false;
183 setgid = false;
184 owner = "root";
185 group = "root";
186 };
187
188 };
189
190}