move from real users to passwd file

2017-12-22 16:08:42 +01:00 · 2017-12-22 16:08:42 +01:00 · 2d0648e0f4
commit 2d0648e0f4
parent 4fc8a1ed05
4 changed files with 16 additions and 14 deletions
--- a/mail-server/common.nix
+++ b/mail-server/common.nix
@ -14,10 +14,14 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program. If not, see <http://www.gnu.org/licenses/>

-{ config }:
+{ config, lib }:

 let
  cfg = config.mailserver;
+  # passwd :: [ String ]
+  passwd = lib.mapAttrsToList
+    (name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:")
+            cfg.loginAccounts;
 in
 {
  # cert :: PATH
@ -37,4 +41,6 @@ in
              else if cfg.certificateScheme == 3
                   then "/var/lib/acme/${cfg.fqdn}/key.pem"
                   else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
+  # passwdFile :: PATH
+  passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd);
 }
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -16,7 +16,7 @@

 { config, pkgs, lib, ... }:

-with (import ./common.nix { inherit config; });
+with (import ./common.nix { inherit config lib; });

 let
  cfg = config.mailserver;
@ -31,6 +31,7 @@ in
      enable = true;
      enableImap = enableImap;
      enablePop3 = enablePop3;
+      enablePAM = false;
      mailGroup = vmailGroupName;
      mailUser = vmailUserName;
      mailLocation = dovecot_maildir;
@ -74,6 +75,11 @@ in
          mail_plugins = $mail_plugins sieve
        }

+        passdb {
+          driver = passwd-file
+          args = ${passwdFile}
+        }
+
        service auth {
          unix_listener /var/lib/postfix/queue/private/auth {
            mode = 0660
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@ -16,7 +16,7 @@

 { config, pkgs, lib, ... }:

-with (import ./common.nix { inherit config; });
+with (import ./common.nix { inherit config lib; });

 let
  inherit (lib.strings) concatStringsSep;
--- a/mail-server/users.nix
+++ b/mail-server/users.nix
@ -28,16 +28,6 @@ let
    group = vmailGroupName;
  };

-  # accountsToUser :: String -> UserRecord
-  accountsToUser = account: {
-    isNormalUser = false;
-    group = vmailGroupName;
-    inherit (account) hashedPassword name;
-  };
-
-  # mail_users :: { [String]: UserRecord }
-  mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
-    (map accountsToUser (lib.attrValues loginAccounts));

  virtualMailUsersActivationScript = pkgs.writeScript "activate-virtual-mail-users" ''
    #!${pkgs.stdenv.shell}
@ -77,7 +67,7 @@ in {
    };

    # define all users
-    users.users = mail_users // {
+    users.users = {
      "${vmail_user.name}" = lib.mkForce vmail_user;
    };