nixos/modules/services/mail/postsrsd.nix at release-16.03-start · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / postsrsd.nix
at release-16.03-start 2.7 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.postsrsd;
  8
  9in {
 10
 11  ###### interface
 12
 13  options = {
 14
 15    services.postsrsd = {
 16
 17      enable = mkOption {
 18        type = types.bool;
 19        default = false;
 20        description = "Whether to enable the postsrsd SRS server for Postfix.";
 21      };
 22
 23      domain = mkOption {
 24        type = types.str;
 25        description = "Domain name for rewrite";
 26      };
 27
 28      secretsFile = mkOption {
 29        type = types.path;
 30        default = "/var/lib/postsrsd/postsrsd.secret";
 31        description = "Secret keys used for signing and verification";
 32      };
 33
 34      forwardPort = mkOption {
 35        type = types.int;
 36        default = 10001;
 37        description = "Port for the forward SRS lookup";
 38      };
 39
 40      reversePort = mkOption {
 41        type = types.int;
 42        default = 10002;
 43        description = "Port for the reverse SRS lookup";
 44      };
 45
 46      user = mkOption {
 47        type = types.str;
 48        default = "postsrsd";
 49        description = "User for the daemon";
 50      };
 51
 52      group = mkOption {
 53        type = types.str;
 54        default = "postsrsd";
 55        description = "Group for the daemon";
 56      };
 57
 58    };
 59
 60  };
 61
 62
 63  ###### implementation
 64
 65  config = mkIf cfg.enable {
 66
 67    services.postsrsd.domain = mkDefault config.networking.hostName;
 68
 69    users.extraUsers = optionalAttrs (cfg.user == "postsrsd") (singleton
 70      { name = "postsrsd";
 71        group = cfg.group;
 72        uid = config.ids.uids.postsrsd;
 73      });
 74
 75    users.extraGroups = optionalAttrs (cfg.group == "postsrsd") (singleton
 76      { name = "postsrsd";
 77        gid = config.ids.gids.postsrsd;
 78      });
 79
 80    systemd.services.postsrsd = {
 81      description = "PostSRSd SRS rewriting server";
 82      after = [ "network.target" ];
 83      before = [ "postfix.service" ];
 84      wantedBy = [ "multi-user.target" ];
 85
 86      path = [ pkgs.coreutils ];
 87
 88      serviceConfig = {
 89        ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -f${toString cfg.forwardPort} -r${toString cfg.reversePort}'';
 90        User = cfg.user;
 91        Group = cfg.group;
 92        PermissionsStartOnly = true;
 93      };
 94
 95      preStart = ''
 96        if [ ! -e "${cfg.secretsFile}" ]; then
 97          echo "WARNING: secrets file not found, autogenerating!"
 98          DIR="$(dirname "${cfg.secretsFile}")"
 99          if [ ! -d "$DIR" ]; then
100            mkdir -p -m750 "$DIR"
101            chown "${cfg.user}:${cfg.group}" "$DIR"
102          fi
103          dd if=/dev/random bs=18 count=1 | base64 > "${cfg.secretsFile}"
104          chmod 600 "${cfg.secretsFile}"
105        fi
106        chown "${cfg.user}:${cfg.group}" "${cfg.secretsFile}"
107      '';
108    };
109
110  };
111}