nixos/modules/services/mail/pfix-srsd.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / pfix-srsd.nix
at master 2.3 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  cfg = config.services.pfix-srsd;
10in
11{
12
13  ###### interface
14
15  options = {
16
17    services.pfix-srsd = {
18      enable = lib.mkOption {
19        default = false;
20        type = lib.types.bool;
21        description = "Whether to run the postfix sender rewriting scheme daemon.";
22      };
23
24      domain = lib.mkOption {
25        description = "The domain for which to enable srs";
26        type = lib.types.str;
27        example = "example.com";
28      };
29
30      secretsFile = lib.mkOption {
31        description = ''
32          The secret data used to encode the SRS address.
33          to generate, use a command like:
34          `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done`
35        '';
36        type = lib.types.path;
37        default = "/var/lib/pfix-srsd/secrets";
38      };
39
40      configurePostfix = lib.mkOption {
41        type = lib.types.bool;
42        default = true;
43        description = ''
44          Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
45        '';
46      };
47    };
48  };
49
50  ###### implementation
51
52  config = lib.mkMerge [
53    (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {
54      services.postfix.settings.main = {
55        sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
56        sender_canonical_classes = [ "envelope_sender" ];
57        recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
58        recipient_canonical_classes = [ "envelope_recipient" ];
59      };
60    })
61
62    (lib.mkIf cfg.enable {
63      environment = {
64        systemPackages = [ pkgs.pfixtools ];
65      };
66
67      systemd.services.pfix-srsd = {
68        description = "Postfix sender rewriting scheme daemon";
69        before = [ "postfix.service" ];
70        #note that we use requires rather than wants because postfix
71        #is unable to process (almost) all mail without srsd
72        requiredBy = [ "postfix.service" ];
73        serviceConfig = {
74          Type = "forking";
75          PIDFile = "/run/pfix-srsd.pid";
76          ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
77        };
78      };
79    })
80  ];
81}