treewide: remove overly broad with cfg

Makes it really hard to follow references and we were being explicit in most places already anyway.
2025-06-15 05:39:20 +02:00 · 2025-06-15 05:39:20 +02:00 · a2152f9807
commit a2152f9807
parent fb56bcf747
6 changed files with 686 additions and 698 deletions
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -163,9 +163,7 @@ let
 in
 {
-  config =
+  config = lib.mkIf cfg.enable {
    with cfg;
    lib.mkIf enable {
    assertions = [
      {
        assertion = junkMailboxNumber == 1;
@ -200,12 +198,12 @@ in
    services.dovecot2 = {
      enable = true;
-        enableImap = enableImap || enableImapSsl;
+      enableImap = cfg.enableImap || cfg.enableImapSsl;
-        enablePop3 = enablePop3 || enablePop3Ssl;
+      enablePop3 = cfg.enablePop3 || cfg.enablePop3Ssl;
      enablePAM = false;
      enableQuota = true;
-        mailGroup = vmailGroupName;
+      mailGroup = cfg.vmailGroupName;
-        mailUser = vmailUserName;
+      mailUser = cfg.vmailUserName;
      mailLocation = dovecotMaildir;
      sslServerCert = certificatePath;
      sslServerKey = keyPath;
@ -264,7 +262,7 @@ in
      extraConfig = ''
        #Extra Config
-          ${lib.optionalString debug ''
+        ${lib.optionalString cfg.debug ''
          mail_debug = yes
          auth_debug = yes
          verbose_ssl = yes
@ -346,7 +344,7 @@ in
          mail_max_userip_connections = ${toString cfg.maxConnectionsPerUser}
        }
-          mail_access_groups = ${vmailGroupName}
+        mail_access_groups = ${cfg.vmailGroupName}
        # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.21&config=intermediate&openssl=3.4.1&guideline=5.7
        ssl = required
--- a/mail-server/environment.nix
+++ b/mail-server/environment.nix
@ -25,9 +25,7 @@ let
  cfg = config.mailserver;
 in
 {
-  config =
+  config = lib.mkIf cfg.enable {
    with cfg;
    lib.mkIf enable {
    environment.systemPackages =
      with pkgs;
      [
@ -36,6 +34,6 @@ in
        postfix
        rspamd
      ]
-        ++ (if certificateScheme == "selfsigned" then [ openssl ] else [ ]);
+      ++ (if cfg.certificateScheme == "selfsigned" then [ openssl ] else [ ]);
  };
 }
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@ -20,21 +20,19 @@ let
  cfg = config.mailserver;
 in
 {
-  config =
+  config = lib.mkIf (cfg.enable && cfg.openFirewall) {
    with cfg;
    lib.mkIf (enable && openFirewall) {
    networking.firewall = {
      allowedTCPPorts =
        [ 25 ]
-          ++ lib.optional enableSubmission 587
+        ++ lib.optional cfg.enableSubmission 587
-          ++ lib.optional enableSubmissionSsl 465
+        ++ lib.optional cfg.enableSubmissionSsl 465
-          ++ lib.optional enableImap 143
+        ++ lib.optional cfg.enableImap 143
-          ++ lib.optional enableImapSsl 993
+        ++ lib.optional cfg.enableImapSsl 993
-          ++ lib.optional enablePop3 110
+        ++ lib.optional cfg.enablePop3 110
-          ++ lib.optional enablePop3Ssl 995
+        ++ lib.optional cfg.enablePop3Ssl 995
-          ++ lib.optional enableManageSieve 4190
+        ++ lib.optional cfg.enableManageSieve 4190
-          ++ lib.optional (certificateScheme == "acme-nginx") 80;
+        ++ lib.optional (cfg.certificateScheme == "acme-nginx") 80;
    };
  };
 }
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@ -233,9 +233,7 @@ let
  };
 in
 {
-  config =
+  config = lib.mkIf cfg.enable {
    with cfg;
    lib.mkIf enable {
    systemd.services.postfix-setup = lib.mkIf cfg.ldap.enable {
      preStart = ''
@ -250,7 +248,7 @@ in
    services.postfix = {
      enable = true;
-        hostname = "${sendingFqdn}";
+      hostname = "${cfg.sendingFqdn}";
      networksStyle = "host";
      mapFiles."valias" = valiases_file;
      mapFiles."regex_valias" = regex_valiases_file;
@ -276,14 +274,14 @@ in
        # Extra Config
        mydestination = "";
        recipient_delimiter = cfg.recipientDelimiter;
-          smtpd_banner = "${fqdn} ESMTP NO UCE";
+        smtpd_banner = "${cfg.fqdn} ESMTP NO UCE";
        disable_vrfy_command = true;
        message_size_limit = toString cfg.messageSizeLimit;
        # virtual mail system
        virtual_uid_maps = "static:5000";
        virtual_gid_maps = "static:5000";
-          virtual_mailbox_base = mailDirectory;
+        virtual_mailbox_base = cfg.mailDirectory;
        virtual_mailbox_domains = vhosts_file;
        virtual_mailbox_maps =
          [
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@ -52,9 +52,7 @@ let
    '';
 in
 {
-  config =
+  config = lib.mkIf cfg.enable {
    with cfg;
    lib.mkIf enable {
    environment.systemPackages = lib.mkBefore [
      (pkgs.runCommand "rspamc-wrapped"
        {
@ -69,7 +67,7 @@ in
    services.rspamd = {
      enable = true;
-        inherit debug;
+      inherit (cfg) debug;
      locals = {
        "milter_headers.conf" = {
          text = ''
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@ -32,9 +32,7 @@ let
      [ "acme-finished-${cfg.fqdn}.target" ];
 in
 {
-  config =
+  config = lib.mkIf cfg.enable {
    with cfg;
    lib.mkIf enable {
    # Create self signed certificate
    systemd.services.mailserver-selfsigned-certificate =
      lib.mkIf (cfg.certificateScheme == "selfsigned")
@ -68,7 +66,7 @@ in
      preStart =
        let
          directories = lib.strings.escapeShellArgs (
-              [ mailDirectory ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
+            [ cfg.mailDirectory ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
          );
        in
        ''
@ -77,7 +75,7 @@ in
          # Prevent world-readable paths, even temporarily.
          umask 007
          mkdir -p ${directories}
-            chgrp "${vmailGroupName}" ${directories}
+          chgrp "${cfg.vmailGroupName}" ${directories}
          chmod 02770 ${directories}
        '';
    };