nixos/modules/services/mail/pfix-srsd.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / pfix-srsd.nix
at 23.11-pre 1.6 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5{
 6
 7  ###### interface
 8
 9  options = {
10
11    services.pfix-srsd = {
12      enable = mkOption {
13        default = false;
14        type = types.bool;
15        description = lib.mdDoc "Whether to run the postfix sender rewriting scheme daemon.";
16      };
17
18      domain = mkOption {
19        description = lib.mdDoc "The domain for which to enable srs";
20        type = types.str;
21        example = "example.com";
22      };
23
24      secretsFile = mkOption {
25        description = lib.mdDoc ''
26          The secret data used to encode the SRS address.
27          to generate, use a command like:
28          `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done`
29        '';
30        type = types.path;
31        default = "/var/lib/pfix-srsd/secrets";
32      };
33    };
34  };
35
36  ###### implementation
37
38  config = mkIf config.services.pfix-srsd.enable {
39    environment = {
40      systemPackages = [ pkgs.pfixtools ];
41    };
42
43    systemd.services.pfix-srsd = {
44      description = "Postfix sender rewriting scheme daemon";
45      before = [ "postfix.service" ];
46      #note that we use requires rather than wants because postfix
47      #is unable to process (almost) all mail without srsd
48      requiredBy = [ "postfix.service" ];
49      serviceConfig = {
50        Type = "forking";
51        PIDFile = "/run/pfix-srsd.pid";
52        ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
53      };
54    };
55  };
56}