nixos/modules/services/mail/pfix-srsd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / pfix-srsd.nix
at 25.11-pre 1.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7{
 8
 9  ###### interface
10
11  options = {
12
13    services.pfix-srsd = {
14      enable = lib.mkOption {
15        default = false;
16        type = lib.types.bool;
17        description = "Whether to run the postfix sender rewriting scheme daemon.";
18      };
19
20      domain = lib.mkOption {
21        description = "The domain for which to enable srs";
22        type = lib.types.str;
23        example = "example.com";
24      };
25
26      secretsFile = lib.mkOption {
27        description = ''
28          The secret data used to encode the SRS address.
29          to generate, use a command like:
30          `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done`
31        '';
32        type = lib.types.path;
33        default = "/var/lib/pfix-srsd/secrets";
34      };
35    };
36  };
37
38  ###### implementation
39
40  config = lib.mkIf config.services.pfix-srsd.enable {
41    environment = {
42      systemPackages = [ pkgs.pfixtools ];
43    };
44
45    systemd.services.pfix-srsd = {
46      description = "Postfix sender rewriting scheme daemon";
47      before = [ "postfix.service" ];
48      #note that we use requires rather than wants because postfix
49      #is unable to process (almost) all mail without srsd
50      requiredBy = [ "postfix.service" ];
51      serviceConfig = {
52        Type = "forking";
53        PIDFile = "/run/pfix-srsd.pid";
54        ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
55      };
56    };
57  };
58}