diff --git a/default.nix b/default.nix
index 381a0d1..9b7f6fe 100644
--- a/default.nix
+++ b/default.nix
@@ -26,26 +26,17 @@ in
options.mailserver = {
enable = mkEnableOption "nixos-mailserver";
- domain = mkOption {
+ fqdn = mkOption {
type = types.str;
example = "[ example.com ]";
- description = "The primary domain that this mail server serves.";
+ description = "The fully qualified domain name of the mail server.";
};
- extraDomains = mkOption {
+ domains = mkOption {
type = types.listOf types.str;
example = "[ example.com ]";
default = [];
- description = "Extra domains that this mail server serves.";
- };
-
- hostPrefix = mkOption {
- type = types.str;
- default = "mail";
- description = ''
- The prefix of the FQDN of the server. In this example the FQDN of the server
- is given by 'mail.example.com'
- '';
+ description = "The domains that this mail server serves.";
};
loginAccounts = mkOption {
diff --git a/mail-server/common.nix b/mail-server/common.nix
index f491911..910b5c2 100644
--- a/mail-server/common.nix
+++ b/mail-server/common.nix
@@ -14,34 +14,27 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
-{ config, lib }:
+{ config }:
let
cfg = config.mailserver;
- inherit (lib.strings) stringToCharacters;
in
{
# cert :: PATH
certificatePath = if cfg.certificateScheme == 1
then cfg.certificateFile
else if cfg.certificateScheme == 2
- then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
+ then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem"
else if cfg.certificateScheme == 3
- then "/var/lib/acme/mailserver/fullchain.pem"
+ then "/var/lib/acme/${cfg.fqdn}/fullchain.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# key :: PATH
keyPath = if cfg.certificateScheme == 1
then cfg.keyFile
else if cfg.certificateScheme == 2
- then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
+ then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
else if cfg.certificateScheme == 3
- then "/var/lib/acme/mailserver/key.pem"
+ then "/var/lib/acme/${cfg.fqdn}/key.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
-
- # appends cfg.domain to argument if it does not contain "@"
- qualifyUser = user: (
- if (builtins.any (c: c == "@") (stringToCharacters user))
- then user
- else "${user}@${cfg.domain}");
}
diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index fb8330b..7ccaab1 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -16,7 +16,7 @@
{ config, pkgs, lib, ... }:
-with (import ./common.nix { inherit config lib; });
+with (import ./common.nix { inherit config; });
let
cfg = config.mailserver;
diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix
index f487d7a..0ba4a54 100644
--- a/mail-server/nginx.nix
+++ b/mail-server/nginx.nix
@@ -20,35 +20,29 @@
with (import ./common.nix { inherit config; });
let
- inherit (lib.attrsets) genAttrs;
cfg = config.mailserver;
- allDomains = [ cfg.domain ] ++ cfg.extraDomains;
acmeRoot = "/var/lib/acme/acme-challenge";
in
{
config = lib.mkIf (cfg.certificateScheme == 3) {
services.nginx = {
enable = true;
- virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: {
- serverName = "${domain}";
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- root = "/var/www";
- };
- acmeRoot = acmeRoot;
- });
+ virtualHosts."${cfg.fqdn}" = {
+ serverName = cfg.fqdn;
+ forceSSL = true;
+ enableACME = true;
+ acmeRoot = acmeRoot;
+ };
};
- security.acme.certs."mailserver" = {
- domain = "${cfg.hostPrefix}.${cfg.domain}";
- extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null);
- webroot = acmeRoot;
- # @todo should we reload postfix here?
- postRun = ''
+ security.acme.certs."${cfg.fqdn}".postRun = #{
+ # domain = "${cfg.fqdn}";
+# webroot = acmeRoot;
+# postRun =
+ ''
systemctl reload nginx
systemctl reload postfix
systemctl reload dovecot2
'';
- };
+# };
};
}
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index a03e366..a57e63d 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -16,22 +16,21 @@
{ config, pkgs, lib, ... }:
-with (import ./common.nix { inherit config lib; });
+with (import ./common.nix { inherit config; });
let
inherit (lib.strings) concatStringsSep;
cfg = config.mailserver;
- allDomains = [ cfg.domain ] ++ cfg.extraDomains;
# valiases_postfix :: [ String ]
valiases_postfix = map
(from:
let to = cfg.virtualAliases.${from};
- in "${qualifyUser from} ${qualifyUser to}")
+ in "${from} ${to}")
(builtins.attrNames cfg.virtualAliases);
# accountToIdentity :: User -> String
- accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}";
+ accountToIdentity = account: "${account.name} ${account.name}";
# vaccounts_identity :: [ String ]
vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts);
@@ -40,7 +39,7 @@ let
valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix);
# vhosts_file :: Path
- vhosts_file = builtins.toFile "vhosts" (concatStringsSep ", " allDomains);
+ vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains);
# vaccounts_file :: Path
# see
diff --git a/mail-server/services.nix b/mail-server/services.nix
index 2cebdaf..41d2bb3 100644
--- a/mail-server/services.nix
+++ b/mail-server/services.nix
@@ -24,14 +24,14 @@ let
cert = if cfg.certificateScheme == 1
then cfg.certificateFile
else if cfg.certificateScheme == 2
- then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
+ then "${cfg.certificateDirectory}/cert-${cfg.fqdn.pem"
else "";
# key :: PATH
key = if cfg.certificateScheme == 1
then cfg.keyFile
else if cfg.certificateScheme == 2
- then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
+ then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
else "";
in
{
diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix
index b6556a8..ecfbbde 100644
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@@ -23,10 +23,10 @@ let
''
# Create certificates if they do not exist yet
dir="${cfg.certificateDirectory}"
- fqdn="${cfg.hostPrefix}.${cfg.domain}"
+ fqdn="${cfg.fqdn}"
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
- key="''${dir}/key-${cfg.domain}.pem";
- cert="''${dir}/cert-${cfg.domain}.pem";
+ key="''${dir}/key-${cfg.fqdn}.pem";
+ cert="''${dir}/cert-${cfg.fqdn}.pem";
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
then
@@ -50,7 +50,7 @@ let
then
${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
- -d ${cfg.domain} \
+ -d ${cfg.fqdn} \
--directory="${cfg.dkimKeyDirectory}"
chown rmilter:rmilter "${dkim_key}"
fi
diff --git a/mail-server/users.nix b/mail-server/users.nix
index d813101..f49be1f 100644
--- a/mail-server/users.nix
+++ b/mail-server/users.nix
@@ -19,8 +19,6 @@
with config.mailserver;
let
- qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser;
-
vmail_user = {
name = vmailUserName;
isNormalUser = false;
@@ -32,14 +30,14 @@ let
# accountsToUser :: String -> UserRecord
accountsToUser = account: {
- name = (qualifyUser account.name);
+ name = account.name;
isNormalUser = false;
group = vmailGroupName;
inherit (account) hashedPassword;
};
# mail_users :: { [String]: UserRecord }
- mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {}
+ mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
(map accountsToUser (lib.attrValues loginAccounts));
in
diff --git a/nixops/single-server.nix b/nixops/single-server.nix
index af909d1..abcd671 100644
--- a/nixops/single-server.nix
+++ b/nixops/single-server.nix
@@ -10,23 +10,21 @@
mailserver = {
enable = true;
- domain = "example.com";
- extraDomains = [ "example2.com" ];
-
- hostPrefix = "mail";
+ fqdn = "mail.example.com";
+ domains = [ "example.com", "example2.com" ];
loginAccounts = {
- "user1" = {
+ "user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};
virtualAliases = {
- "info" = "user1";
- "postmaster" = "user1";
- "abuse" = "user1";
- "user1@example2.com" = "user1";
- "info@example2.com" = "user1";
- "postmaster@example2.com" = "user1";
- "abuse@example2.com" = "user1";
+ "info@example.com" = "user1@example.com";
+ "postmaster@example.com" = "user1@example.com";
+ "abuse@example.com" = "user1@example.com";
+ "user1@example2.com" = "user1@example.com";
+ "info@example2.com" = "user1@example.com";
+ "postmaster@example2.com" = "user1@example.com";
+ "abuse@example2.com" = "user1@example.com";
};
};
};
diff --git a/tests/extern.nix b/tests/extern.nix
index f98f10e..03c53c6 100644
--- a/tests/extern.nix
+++ b/tests/extern.nix
@@ -25,14 +25,14 @@ import {
mailserver = {
enable = true;
- domain = "example.com";
+ fqdn = "mail.example.com";
+ domains = [ "example.com" ];
- hostPrefix = "mail";
loginAccounts = {
- user1 = {
+ "user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
- user2 = {
+ "user2@example.com" = {
hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0";
};
};
diff --git a/tests/intern.nix b/tests/intern.nix
index 58c4b75..bcfce2a 100644
--- a/tests/intern.nix
+++ b/tests/intern.nix
@@ -25,11 +25,11 @@ import {
mailserver = {
enable = true;
- domain = "example.com";
+ fqdn = "mail.example.com";
+ domains = [ "example.com" ];
- hostPrefix = "mail";
loginAccounts = {
- user1 = {
+ "user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};