treewide: remove overly broad with cfg

Makes it really hard to follow references and we were being explicit in most places already anyway.
2025-06-15 05:39:20 +02:00 · 2025-06-15 05:39:20 +02:00 · a2152f9807
commit a2152f9807
parent fb56bcf747
6 changed files with 686 additions and 698 deletions
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@ -32,61 +32,59 @@ let
      [ "acme-finished-${cfg.fqdn}.target" ];
 in
 {
-  config =
-    with cfg;
-    lib.mkIf enable {
-      # Create self signed certificate
-      systemd.services.mailserver-selfsigned-certificate =
-        lib.mkIf (cfg.certificateScheme == "selfsigned")
-          {
-            after = [ "local-fs.target" ];
-            script = ''
-              # Create certificates if they do not exist yet
-              dir="${cfg.certificateDirectory}"
-              fqdn="${cfg.fqdn}"
-              [[ $fqdn == /* ]] && fqdn=$(< "$fqdn")
-              key="$dir/key-${cfg.fqdn}.pem";
-              cert="$dir/cert-${cfg.fqdn}.pem";
+  config = lib.mkIf cfg.enable {
+    # Create self signed certificate
+    systemd.services.mailserver-selfsigned-certificate =
+      lib.mkIf (cfg.certificateScheme == "selfsigned")
+        {
+          after = [ "local-fs.target" ];
+          script = ''
+            # Create certificates if they do not exist yet
+            dir="${cfg.certificateDirectory}"
+            fqdn="${cfg.fqdn}"
+            [[ $fqdn == /* ]] && fqdn=$(< "$fqdn")
+            key="$dir/key-${cfg.fqdn}.pem";
+            cert="$dir/cert-${cfg.fqdn}.pem";

-              if [[ ! -f $key || ! -f $cert ]]; then
-                  mkdir -p "${cfg.certificateDirectory}"
-                  (umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "$key" 2048) &&
-                      "${pkgs.openssl}/bin/openssl" req -new -key "$key" -x509 -subj "/CN=$fqdn" \
-                              -days 3650 -out "$cert"
-              fi
-            '';
-            serviceConfig = {
-              Type = "oneshot";
-              PrivateTmp = true;
-            };
-          };
-
-      # Create maildir folder before dovecot startup
-      systemd.services.dovecot2 = {
-        wants = certificatesDeps;
-        after = certificatesDeps;
-        preStart =
-          let
-            directories = lib.strings.escapeShellArgs (
-              [ mailDirectory ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
-            );
-          in
-          ''
-            # Create mail directory and set permissions. See
-            # <https://doc.dovecot.org/main/core/config/shared_mailboxes.html#filesystem-permissions-1>.
-            # Prevent world-readable paths, even temporarily.
-            umask 007
-            mkdir -p ${directories}
-            chgrp "${vmailGroupName}" ${directories}
-            chmod 02770 ${directories}
+            if [[ ! -f $key || ! -f $cert ]]; then
+                mkdir -p "${cfg.certificateDirectory}"
+                (umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "$key" 2048) &&
+                    "${pkgs.openssl}/bin/openssl" req -new -key "$key" -x509 -subj "/CN=$fqdn" \
+                            -days 3650 -out "$cert"
+            fi
          '';
-      };
+          serviceConfig = {
+            Type = "oneshot";
+            PrivateTmp = true;
+          };
+        };

-      # Postfix requires dovecot lmtp socket, dovecot auth socket and certificate to work
-      systemd.services.postfix = {
-        wants = certificatesDeps;
-        after = [ "dovecot2.service" ] ++ lib.optional cfg.dkimSigning "rspamd.service" ++ certificatesDeps;
-        requires = [ "dovecot2.service" ] ++ lib.optional cfg.dkimSigning "rspamd.service";
-      };
+    # Create maildir folder before dovecot startup
+    systemd.services.dovecot2 = {
+      wants = certificatesDeps;
+      after = certificatesDeps;
+      preStart =
+        let
+          directories = lib.strings.escapeShellArgs (
+            [ cfg.mailDirectory ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
+          );
+        in
+        ''
+          # Create mail directory and set permissions. See
+          # <https://doc.dovecot.org/main/core/config/shared_mailboxes.html#filesystem-permissions-1>.
+          # Prevent world-readable paths, even temporarily.
+          umask 007
+          mkdir -p ${directories}
+          chgrp "${cfg.vmailGroupName}" ${directories}
+          chmod 02770 ${directories}
+        '';
    };
+
+    # Postfix requires dovecot lmtp socket, dovecot auth socket and certificate to work
+    systemd.services.postfix = {
+      wants = certificatesDeps;
+      after = [ "dovecot2.service" ] ++ lib.optional cfg.dkimSigning "rspamd.service" ++ certificatesDeps;
+      requires = [ "dovecot2.service" ] ++ lib.optional cfg.dkimSigning "rspamd.service";
+    };
+  };
 }