nixos/maddy: Better description, user and group handling

This commit is contained in:
Jonas Heinrich 2021-12-29 12:49:14 +01:00
parent f5dd11f444
commit 71c423671b
5 changed files with 52 additions and 26 deletions

View File

@ -273,13 +273,6 @@
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://sr.ht">sourcehut</link>, a

View File

@ -48,6 +48,13 @@
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">

View File

@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).
- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).

View File

@ -16,6 +16,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.

View File

@ -3,9 +3,16 @@
with lib;
let
name = "maddy";
cfg = config.services.maddy;
defaultConfig = ''
# Minimal configuration with TLS disabled, adapted from upstream example
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
# Do not use this in production!
tls off
auth.pass_table local_authdb {
@ -131,22 +138,34 @@ let
in {
options = {
services.maddy = {
enable = mkEnableOption "Maddy, a free an open source mail server";
user = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the user under which maddy will run. If not specified, a
default user will be created.
User account under which maddy runs.
<note><para>
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists before the maddy service starts.
</para></note>
'';
};
group = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the group under which maddy will run. If not specified, a
default group will be created.
Group account under which maddy runs.
<note><para>
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the group exists before the maddy service starts.
</para></note>
'';
};
@ -158,6 +177,7 @@ in {
Hostname to use. It should be FQDN.
'';
};
primaryDomain = mkOption {
default = "localhost";
type = with types; uniq string;
@ -166,6 +186,7 @@ in {
Primary MX domain to use. It should be FQDN.
'';
};
localDomains = mkOption {
type = with types; listOf str;
default = ["$(primary_domain)"];
@ -178,11 +199,18 @@ in {
Define list of allowed domains.
'';
};
config = mkOption {
type = with types; nullOr lines;
default = defaultConfig;
description = ''
Server configuration.
Server configuration, see
<link xlink:href="https://maddy.email">https://maddy.email</link> for
more information. The default configuration of this module will setup
minimal maddy instance for mail transfer without TLS encryption.
<note><para>
This should not be used in a production environment.
</para></note>
'';
};
@ -203,9 +231,11 @@ in {
packages = [ pkgs.maddy ];
services.maddy = {
serviceConfig = {
User = "${cfg.user}";
Group = "${cfg.group}";
User = cfg.user;
Group = cfg.group;
StateDirectory = [ "maddy" ];
};
restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
wantedBy = [ "multi-user.target" ];
};
};
@ -220,20 +250,16 @@ in {
'';
};
users.users = optionalAttrs (cfg.user == "maddy") {
maddy = {
description = "Maddy service user";
group = cfg.group;
home = "/var/lib/maddy";
createHome = true;
users.users = optionalAttrs (cfg.user == name) {
${name} = {
isSystemUser = true;
group = cfg.group;
description = "Maddy mail transfer agent user";
};
};
users.groups = mkIf (cfg.group == "maddy") {
maddy = pkgs.lib.mkForce {
name = cfg.group;
};
users.groups = optionalAttrs (cfg.group == name) {
${cfg.group} = { };
};
networking.firewall = mkIf cfg.openFirewall {