2b240501e0
Bring them up from the DMARC reporting section to the mailserver toplevel so they become reusable for the upcoming TLSRPT integration. We default to the first domain in the domains option, if not set explicitly, so that `systemDomain` doesn't become a blocker for existing setups. We still encourage picking out the intended one, which is likely the one used for the MX hostname. This also simplifies the DMARC reporting configuration, which doesn't need to be so fine-grained. Co-Authored-By: Emily <git@emilylange.de>
220 lines
5.9 KiB
Nix
220 lines
5.9 KiB
Nix
{
|
|
description = "A complete and Simple Nixos Mailserver";
|
|
|
|
inputs = {
|
|
flake-compat = {
|
|
# for shell.nix compat
|
|
url = "github:edolstra/flake-compat";
|
|
flake = false;
|
|
};
|
|
git-hooks = {
|
|
url = "github:cachix/git-hooks.nix";
|
|
inputs.flake-compat.follows = "flake-compat";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
nixpkgs-25_05.url = "github:NixOS/nixpkgs/nixos-25.05";
|
|
blobs = {
|
|
url = "gitlab:simple-nixos-mailserver/blobs";
|
|
flake = false;
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
blobs,
|
|
git-hooks,
|
|
nixpkgs,
|
|
nixpkgs-25_05,
|
|
...
|
|
}:
|
|
let
|
|
lib = nixpkgs.lib;
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
releases = [
|
|
{
|
|
name = "unstable";
|
|
nixpkgs = nixpkgs;
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
}
|
|
{
|
|
name = "25.05";
|
|
nixpkgs = nixpkgs-25_05;
|
|
pkgs = nixpkgs-25_05.legacyPackages.${system};
|
|
}
|
|
];
|
|
testNames = [
|
|
"clamav"
|
|
"external"
|
|
"internal"
|
|
"ldap"
|
|
"multiple"
|
|
];
|
|
|
|
genTest =
|
|
testName: release:
|
|
let
|
|
pkgs = release.pkgs;
|
|
nixos-lib = import (release.nixpkgs + "/nixos/lib") {
|
|
inherit (pkgs) lib;
|
|
};
|
|
in
|
|
{
|
|
name = "${testName}-${builtins.replaceStrings [ "." ] [ "_" ] release.name}";
|
|
value = nixos-lib.runTest {
|
|
hostPkgs = pkgs;
|
|
imports = [ ./tests/${testName}.nix ];
|
|
_module.args = { inherit blobs; };
|
|
extraBaseModules.imports = [ ./default.nix ];
|
|
};
|
|
};
|
|
|
|
# Generate an attribute set such as
|
|
# {
|
|
# external-unstable = <derivation>;
|
|
# external-21_05 = <derivation>;
|
|
# ...
|
|
# }
|
|
allTests = lib.listToAttrs (lib.flatten (map (t: map (r: genTest t r) releases) testNames));
|
|
|
|
mailserverModule = import ./.;
|
|
|
|
# Generate a MarkDown file describing the options of the NixOS mailserver module
|
|
optionsDoc =
|
|
let
|
|
eval = lib.evalModules {
|
|
modules = [
|
|
mailserverModule
|
|
{
|
|
_module.check = false;
|
|
mailserver = {
|
|
fqdn = "mx.example.com";
|
|
domains = [
|
|
"example.com"
|
|
];
|
|
};
|
|
}
|
|
];
|
|
};
|
|
options = builtins.toFile "options.json" (
|
|
builtins.toJSON (
|
|
lib.filter (opt: opt.visible && !opt.internal && lib.head opt.loc == "mailserver") (
|
|
lib.optionAttrSetToDocList eval.options
|
|
)
|
|
)
|
|
);
|
|
in
|
|
pkgs.runCommand "options.md" { buildInputs = [ pkgs.python3Minimal ]; } ''
|
|
echo "Generating options.md from ${options}"
|
|
python ${./scripts/generate-options.py} ${options} > $out
|
|
echo $out
|
|
'';
|
|
|
|
documentation = pkgs.stdenv.mkDerivation {
|
|
name = "documentation";
|
|
src = lib.sourceByRegex ./docs [
|
|
"logo\\.png"
|
|
"conf\\.py"
|
|
"Makefile"
|
|
".*\\.rst"
|
|
];
|
|
buildInputs = [
|
|
(pkgs.python3.withPackages (
|
|
p: with p; [
|
|
sphinx
|
|
sphinx_rtd_theme
|
|
myst-parser
|
|
linkify-it-py
|
|
]
|
|
))
|
|
];
|
|
buildPhase = ''
|
|
cp ${optionsDoc} options.md
|
|
# Workaround for https://github.com/sphinx-doc/sphinx/issues/3451
|
|
unset SOURCE_DATE_EPOCH
|
|
make html
|
|
'';
|
|
installPhase = ''
|
|
cp -Tr _build/html $out
|
|
'';
|
|
};
|
|
|
|
in
|
|
{
|
|
nixosModules = rec {
|
|
mailserver = mailserverModule;
|
|
default = mailserver;
|
|
};
|
|
nixosModule = self.nixosModules.default; # compatibility
|
|
hydraJobs.${system} = allTests // {
|
|
inherit documentation;
|
|
inherit (self.checks.${system}) pre-commit;
|
|
};
|
|
checks.${system} = allTests // {
|
|
pre-commit = git-hooks.lib.${system}.run {
|
|
src = ./.;
|
|
hooks = {
|
|
# docs
|
|
markdownlint = {
|
|
enable = true;
|
|
settings.configuration = {
|
|
# Max line length, doesn't seem to correclty account for lines containing links
|
|
# https://github.com/DavidAnson/markdownlint/blob/main/doc/md013.md
|
|
MD013 = false;
|
|
};
|
|
};
|
|
rstcheck = {
|
|
enable = true;
|
|
package = pkgs.rstcheckWithSphinx;
|
|
entry = lib.getExe pkgs.rstcheckWithSphinx;
|
|
files = "\\.rst$";
|
|
};
|
|
|
|
# nix
|
|
deadnix.enable = true;
|
|
nixfmt-rfc-style.enable = true;
|
|
|
|
# python
|
|
pyright.enable = true;
|
|
ruff = {
|
|
enable = true;
|
|
args = [
|
|
"--extend-select"
|
|
"I"
|
|
];
|
|
};
|
|
ruff-format.enable = true;
|
|
|
|
# scripts
|
|
shellcheck.enable = true;
|
|
|
|
# sieve
|
|
check-sieve = {
|
|
enable = true;
|
|
package = pkgs.check-sieve;
|
|
entry = lib.getExe pkgs.check-sieve;
|
|
files = "\\.sieve$";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
packages.${system} = {
|
|
inherit optionsDoc documentation;
|
|
};
|
|
devShells.${system}.default = pkgs.mkShellNoCC {
|
|
inputsFrom = [ documentation ];
|
|
packages =
|
|
with pkgs;
|
|
[
|
|
glab
|
|
]
|
|
++ self.checks.${system}.pre-commit.enabledPackages;
|
|
shellHook = self.checks.${system}.pre-commit.shellHook;
|
|
};
|
|
devShell.${system} = self.devShells.${system}.default; # compatibility
|
|
|
|
formatter.${system} = pkgs.nixfmt-tree;
|
|
};
|
|
}
|