camelCase
This commit is contained in:
parent
061054926d
commit
b5fccc7e39
10 changed files with 65 additions and 64 deletions
43
default.nix
43
default.nix
|
@ -32,7 +32,7 @@ in
|
||||||
description = "The domain that this mail server serves. So far only one domain is supported";
|
description = "The domain that this mail server serves. So far only one domain is supported";
|
||||||
};
|
};
|
||||||
|
|
||||||
host_prefix = mkOption {
|
hostPrefix = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "mail";
|
default = "mail";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -41,7 +41,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
login_accounts = mkOption {
|
loginAccounts = mkOption {
|
||||||
type = types.loaOf (types.submodule ({ name, ... }: {
|
type = types.loaOf (types.submodule ({ name, ... }: {
|
||||||
options = {
|
options = {
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
|
@ -85,8 +85,8 @@ in
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
valiases = mkOption {
|
virtualAliases = mkOption {
|
||||||
type = types.attrsOf (types.enum (builtins.attrNames cfg.login_accounts));
|
type = types.attrsOf (types.enum (builtins.attrNames cfg.loginAccounts));
|
||||||
example = {
|
example = {
|
||||||
info = "user1";
|
info = "user1";
|
||||||
postmaster = "user1";
|
postmaster = "user1";
|
||||||
|
@ -102,16 +102,16 @@ in
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
vmail_id_start = mkOption {
|
vmailUIDStart = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 5000;
|
default = 5000;
|
||||||
description = ''
|
description = ''
|
||||||
The unix UID where the login_accounts are created. 5000 means that the first
|
The unix UID where the loginAccounts are created. 5000 means that the first
|
||||||
user will get 5000, the second 5001, ...
|
user will get 5000, the second 5001, ...
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
vmail_user_name = mkOption {
|
vmailUserName = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "vmail";
|
default = "vmail";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -120,7 +120,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
vmail_group_name = mkOption {
|
vmailGroupName = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "vmail";
|
default = "vmail";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -129,7 +129,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
mail_dir = mkOption {
|
mailDirectory = mkOption {
|
||||||
type = types.string;
|
type = types.string;
|
||||||
default = "/var/vmail";
|
default = "/var/vmail";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -137,7 +137,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
certificate_scheme = mkOption {
|
certificateScheme = mkOption {
|
||||||
type = types.enum [ 1 2 ];
|
type = types.enum [ 1 2 ];
|
||||||
default = 2;
|
default = 2;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -154,7 +154,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
cert_file = mkOption {
|
certificateFile = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
example = "/root/mail-server.crt";
|
example = "/root/mail-server.crt";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -163,7 +163,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
key_file = mkOption {
|
keyFile = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
example = "/root/mail-server.key";
|
example = "/root/mail-server.key";
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -212,7 +212,7 @@ in
|
||||||
# imapSsl = mkOption {} #< TODO
|
# imapSsl = mkOption {} #< TODO
|
||||||
# pop3Ssl = mkOption {} #< TODO
|
# pop3Ssl = mkOption {} #< TODO
|
||||||
|
|
||||||
virus_scanning = mkOption {
|
virusScanning = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -254,30 +254,31 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services = import ./mail-server/services.nix {
|
services = import ./mail-server/services.nix {
|
||||||
inherit lib;
|
inherit lib;
|
||||||
inherit (cfg) mail_dir vmail_user_name vmail_group_name valiases domain
|
inherit (cfg) mailDirectory vmailUserName vmailGroupName virtualAliases domain
|
||||||
enable_imap enable_pop3 dkim_signing dkim_selector dkim_dir
|
enable_imap enable_pop3 dkim_signing dkim_selector dkim_dir
|
||||||
certificate_scheme cert_file key_file cert_dir virus_scanning;
|
certificateScheme certificateFile keyFile cert_dir virusScanning;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment = import ./mail-server/environment.nix {
|
environment = import ./mail-server/environment.nix {
|
||||||
inherit pkgs;
|
inherit pkgs;
|
||||||
inherit (cfg) certificate_scheme;
|
inherit (cfg) certificateScheme;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = import ./mail-server/networking.nix {
|
networking = import ./mail-server/networking.nix {
|
||||||
inherit (cfg) domain host_prefix enable_imap enable_pop3;
|
inherit (cfg) domain hostPrefix enable_imap enable_pop3;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = import ./mail-server/systemd.nix {
|
systemd = import ./mail-server/systemd.nix {
|
||||||
inherit pkgs;
|
inherit pkgs;
|
||||||
inherit (cfg) mail_dir vmail_group_name certificate_scheme cert_dir host_prefix
|
inherit (cfg) mailDirectory vmailGroupName certificateScheme cert_dir
|
||||||
domain dkim_selector dkim_dir;
|
hostPrefix domain dkim_selector dkim_dir;
|
||||||
};
|
};
|
||||||
|
|
||||||
users = import ./mail-server/users.nix {
|
users = import ./mail-server/users.nix {
|
||||||
inherit lib;
|
inherit lib;
|
||||||
inherit (cfg) vmail_id_start vmail_user_name vmail_group_name domain mail_dir
|
inherit (cfg) vmailUIDStart vmailUserName vmailGroupName domain
|
||||||
login_accounts;
|
mailDirectory
|
||||||
|
loginAccounts;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ let
|
||||||
cfg = config.mailserver;
|
cfg = config.mailserver;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.virus_scanning {
|
config = lib.mkIf cfg.virusScanning {
|
||||||
services.clamav.daemon.enable = true;
|
services.clamav.daemon.enable = true;
|
||||||
services.clamav.updater.enable = true;
|
services.clamav.updater.enable = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -14,27 +14,27 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ vmail_group_name, vmail_user_name, mail_dir, enable_imap, enable_pop3, cert,
|
{ vmailGroupName, vmailUserName, mailDirectory, enable_imap, enable_pop3, cert,
|
||||||
key }:
|
key }:
|
||||||
|
|
||||||
let
|
let
|
||||||
# maildir in format "/${domain}/${user}/"
|
# maildir in format "/${domain}/${user}/"
|
||||||
dovecot_maildir = "maildir:${mail_dir}/%d/%n/";
|
dovecot_maildir = "maildir:${mailDirectory}/%d/%n/";
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
enableImap = enable_imap;
|
enableImap = enable_imap;
|
||||||
enablePop3 = enable_pop3;
|
enablePop3 = enable_pop3;
|
||||||
mailGroup = vmail_group_name;
|
mailGroup = vmailGroupName;
|
||||||
mailUser = vmail_user_name;
|
mailUser = vmailUserName;
|
||||||
mailLocation = dovecot_maildir;
|
mailLocation = dovecot_maildir;
|
||||||
sslServerCert = cert;
|
sslServerCert = cert;
|
||||||
sslServerKey = key;
|
sslServerKey = key;
|
||||||
enableLmtp = true;
|
enableLmtp = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
#Extra Config
|
#Extra Config
|
||||||
mail_access_groups = ${vmail_group_name}
|
mail_access_groups = ${vmailGroupName}
|
||||||
ssl = required
|
ssl = required
|
||||||
|
|
||||||
service lmtp {
|
service lmtp {
|
||||||
|
|
|
@ -14,10 +14,10 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ pkgs, certificate_scheme }:
|
{ pkgs, certificateScheme }:
|
||||||
|
|
||||||
{
|
{
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
dovecot opendkim openssh postfix clamav rspamd rmilter
|
dovecot opendkim openssh postfix clamav rspamd rmilter
|
||||||
] ++ (if certificate_scheme == 2 then [ openssl ] else []);
|
] ++ (if certificateScheme == 2 then [ openssl ] else []);
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,10 +14,10 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ domain, host_prefix, enable_imap, enable_pop3 }:
|
{ domain, hostPrefix, enable_imap, enable_pop3 }:
|
||||||
|
|
||||||
{
|
{
|
||||||
#hostName = "${host_prefix}.${domain}";
|
#hostName = "${hostPrefix}.${domain}";
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -14,15 +14,15 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ lib, mail_dir, domain, valiases, cert, key }:
|
{ lib, mailDirectory, domain, virtualAliases, cert, key }:
|
||||||
|
|
||||||
let
|
let
|
||||||
# valiases_postfix :: [ String ]
|
# valiases_postfix :: [ String ]
|
||||||
valiases_postfix = map
|
valiases_postfix = map
|
||||||
(from:
|
(from:
|
||||||
let to = valiases.${from};
|
let to = virtualAliases.${from};
|
||||||
in "${from}@${domain} ${to}@${domain}")
|
in "${from}@${domain} ${to}@${domain}")
|
||||||
(builtins.attrNames valiases);
|
(builtins.attrNames virtualAliases);
|
||||||
|
|
||||||
# valiases_file :: Path
|
# valiases_file :: Path
|
||||||
valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix);
|
valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix);
|
||||||
|
@ -60,7 +60,7 @@ in
|
||||||
# virtual mail system
|
# virtual mail system
|
||||||
virtual_uid_maps = static:5000
|
virtual_uid_maps = static:5000
|
||||||
virtual_gid_maps = static:5000
|
virtual_gid_maps = static:5000
|
||||||
virtual_mailbox_base = ${mail_dir}
|
virtual_mailbox_base = ${mailDirectory}
|
||||||
virtual_mailbox_domains = ${vhosts_file}
|
virtual_mailbox_domains = ${vhosts_file}
|
||||||
virtual_alias_maps = hash:/var/lib/postfix/conf/valias
|
virtual_alias_maps = hash:/var/lib/postfix/conf/valias
|
||||||
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||||||
|
|
|
@ -14,10 +14,10 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ domain, virus_scanning, dkim_signing, dkim_dir, dkim_selector }:
|
{ domain, virusScanning, dkim_signing, dkim_dir, dkim_selector }:
|
||||||
|
|
||||||
let
|
let
|
||||||
clamav = if virus_scanning
|
clamav = if virusScanning
|
||||||
then
|
then
|
||||||
''
|
''
|
||||||
clamav {
|
clamav {
|
||||||
|
|
|
@ -14,22 +14,22 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ lib, mail_dir, vmail_user_name, vmail_group_name, valiases, domain, enable_imap,
|
{ lib, mailDirectory, vmailUserName, vmailGroupName, virtualAliases, domain, enable_imap,
|
||||||
enable_pop3, virus_scanning, dkim_signing, dkim_selector, dkim_dir,
|
enable_pop3, virusScanning, dkim_signing, dkim_selector, dkim_dir,
|
||||||
certificate_scheme, cert_file, key_file, cert_dir }:
|
certificateScheme, certificateFile, keyFile, cert_dir }:
|
||||||
|
|
||||||
let
|
let
|
||||||
# cert :: PATH
|
# cert :: PATH
|
||||||
cert = if certificate_scheme == 1
|
cert = if certificateScheme == 1
|
||||||
then cert_file
|
then certificateFile
|
||||||
else if certificate_scheme == 2
|
else if certificateScheme == 2
|
||||||
then "${cert_dir}/cert-${domain}.pem"
|
then "${cert_dir}/cert-${domain}.pem"
|
||||||
else "";
|
else "";
|
||||||
|
|
||||||
# key :: PATH
|
# key :: PATH
|
||||||
key = if certificate_scheme == 1
|
key = if certificateScheme == 1
|
||||||
then key_file
|
then keyFile
|
||||||
else if certificate_scheme == 2
|
else if certificateScheme == 2
|
||||||
then "${cert_dir}/key-${domain}.pem"
|
then "${cert_dir}/key-${domain}.pem"
|
||||||
else "";
|
else "";
|
||||||
in
|
in
|
||||||
|
@ -40,15 +40,15 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
rmilter = import ./rmilter.nix {
|
rmilter = import ./rmilter.nix {
|
||||||
inherit domain virus_scanning dkim_signing dkim_selector dkim_dir;
|
inherit domain virusScanning dkim_signing dkim_selector dkim_dir;
|
||||||
};
|
};
|
||||||
|
|
||||||
postfix = import ./postfix.nix {
|
postfix = import ./postfix.nix {
|
||||||
inherit lib mail_dir domain valiases cert key;
|
inherit lib mailDirectory domain virtualAliases cert key;
|
||||||
};
|
};
|
||||||
|
|
||||||
dovecot2 = import ./dovecot.nix {
|
dovecot2 = import ./dovecot.nix {
|
||||||
inherit vmail_group_name vmail_user_name mail_dir enable_imap
|
inherit vmailGroupName vmailUserName mailDirectory enable_imap
|
||||||
enable_pop3 cert key;
|
enable_pop3 cert key;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,15 +14,15 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ pkgs, mail_dir, vmail_group_name, certificate_scheme, cert_dir, host_prefix,
|
{ pkgs, mailDirectory, vmailGroupName, certificateScheme, cert_dir, hostPrefix,
|
||||||
domain, dkim_selector, dkim_dir}:
|
domain, dkim_selector, dkim_dir}:
|
||||||
|
|
||||||
let
|
let
|
||||||
create_certificate = if certificate_scheme == 2 then
|
create_certificate = if certificateScheme == 2 then
|
||||||
''
|
''
|
||||||
# Create certificates if they do not exist yet
|
# Create certificates if they do not exist yet
|
||||||
dir="${cert_dir}"
|
dir="${cert_dir}"
|
||||||
fqdn="${host_prefix}.${domain}"
|
fqdn="${hostPrefix}.${domain}"
|
||||||
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
|
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
|
||||||
key="''${dir}/key-${domain}.pem";
|
key="''${dir}/key-${domain}.pem";
|
||||||
cert="''${dir}/cert-${domain}.pem";
|
cert="''${dir}/cert-${domain}.pem";
|
||||||
|
@ -68,9 +68,9 @@ in
|
||||||
preStart =
|
preStart =
|
||||||
''
|
''
|
||||||
# Create mail directory and set permissions
|
# Create mail directory and set permissions
|
||||||
mkdir -p "${mail_dir}"
|
mkdir -p "${mailDirectory}"
|
||||||
chgrp "${vmail_group_name}" "${mail_dir}"
|
chgrp "${vmailGroupName}" "${mailDirectory}"
|
||||||
chmod 02770 "${mail_dir}"
|
chmod 02770 "${mailDirectory}"
|
||||||
|
|
||||||
${create_certificate}
|
${create_certificate}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -14,35 +14,35 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ lib, vmail_id_start, vmail_user_name, vmail_group_name, domain, mail_dir,
|
{ lib, vmailUIDStart, vmailUserName, vmailGroupName, domain, mailDirectory,
|
||||||
login_accounts }:
|
loginAccounts }:
|
||||||
|
|
||||||
let
|
let
|
||||||
vmail_user = [{
|
vmail_user = [{
|
||||||
name = vmail_user_name;
|
name = vmailUserName;
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
uid = vmail_id_start;
|
uid = vmailUIDStart;
|
||||||
home = mail_dir;
|
home = mailDirectory;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
group = vmail_group_name;
|
group = vmailGroupName;
|
||||||
}];
|
}];
|
||||||
|
|
||||||
# accountsToUser :: String -> UserRecord
|
# accountsToUser :: String -> UserRecord
|
||||||
accountsToUser = account: {
|
accountsToUser = account: {
|
||||||
name = account.name + "@" + domain;
|
name = account.name + "@" + domain;
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
group = vmail_group_name;
|
group = vmailGroupName;
|
||||||
inherit (account) hashedPassword;
|
inherit (account) hashedPassword;
|
||||||
};
|
};
|
||||||
|
|
||||||
# mail_user :: [ UserRecord ]
|
# mail_user :: [ UserRecord ]
|
||||||
mail_user = map accountsToUser (lib.attrValues login_accounts);
|
mail_user = map accountsToUser (lib.attrValues loginAccounts);
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# set the vmail gid to a specific value
|
# set the vmail gid to a specific value
|
||||||
groups = {
|
groups = {
|
||||||
vmail = { gid = vmail_id_start; };
|
vmail = { gid = vmailUIDStart; };
|
||||||
};
|
};
|
||||||
|
|
||||||
# define all users
|
# define all users
|
||||||
|
|
Loading…
Reference in a new issue