nixos/maddy: Better description, user and group handling
This commit is contained in:
parent
f5dd11f444
commit
71c423671b
@ -273,13 +273,6 @@
|
||||
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://maddy.email">maddy</link>, a
|
||||
composable all-in-one mail server. Available as
|
||||
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://sr.ht">sourcehut</link>, a
|
||||
|
@ -48,6 +48,13 @@
|
||||
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://maddy.email">maddy</link>, a
|
||||
composable all-in-one mail server. Available as
|
||||
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-incompatibilities">
|
||||
|
@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).
|
||||
|
||||
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
|
||||
|
||||
- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).
|
||||
|
||||
- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).
|
||||
|
@ -16,6 +16,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
|
||||
|
||||
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||
|
||||
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
|
||||
|
@ -3,9 +3,16 @@
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
name = "maddy";
|
||||
|
||||
cfg = config.services.maddy;
|
||||
|
||||
defaultConfig = ''
|
||||
# Minimal configuration with TLS disabled, adapted from upstream example
|
||||
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
|
||||
# Do not use this in production!
|
||||
|
||||
tls off
|
||||
|
||||
auth.pass_table local_authdb {
|
||||
@ -131,22 +138,34 @@ let
|
||||
in {
|
||||
options = {
|
||||
services.maddy = {
|
||||
|
||||
enable = mkEnableOption "Maddy, a free an open source mail server";
|
||||
|
||||
user = mkOption {
|
||||
default = "maddy";
|
||||
type = with types; uniq string;
|
||||
description = ''
|
||||
Name of the user under which maddy will run. If not specified, a
|
||||
default user will be created.
|
||||
User account under which maddy runs.
|
||||
|
||||
<note><para>
|
||||
If left as the default value this user will automatically be created
|
||||
on system activation, otherwise the sysadmin is responsible for
|
||||
ensuring the user exists before the maddy service starts.
|
||||
</para></note>
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
default = "maddy";
|
||||
type = with types; uniq string;
|
||||
description = ''
|
||||
Name of the group under which maddy will run. If not specified, a
|
||||
default group will be created.
|
||||
Group account under which maddy runs.
|
||||
|
||||
<note><para>
|
||||
If left as the default value this group will automatically be created
|
||||
on system activation, otherwise the sysadmin is responsible for
|
||||
ensuring the group exists before the maddy service starts.
|
||||
</para></note>
|
||||
'';
|
||||
};
|
||||
|
||||
@ -158,6 +177,7 @@ in {
|
||||
Hostname to use. It should be FQDN.
|
||||
'';
|
||||
};
|
||||
|
||||
primaryDomain = mkOption {
|
||||
default = "localhost";
|
||||
type = with types; uniq string;
|
||||
@ -166,6 +186,7 @@ in {
|
||||
Primary MX domain to use. It should be FQDN.
|
||||
'';
|
||||
};
|
||||
|
||||
localDomains = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = ["$(primary_domain)"];
|
||||
@ -178,11 +199,18 @@ in {
|
||||
Define list of allowed domains.
|
||||
'';
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = with types; nullOr lines;
|
||||
default = defaultConfig;
|
||||
description = ''
|
||||
Server configuration.
|
||||
Server configuration, see
|
||||
<link xlink:href="https://maddy.email">https://maddy.email</link> for
|
||||
more information. The default configuration of this module will setup
|
||||
minimal maddy instance for mail transfer without TLS encryption.
|
||||
<note><para>
|
||||
This should not be used in a production environment.
|
||||
</para></note>
|
||||
'';
|
||||
};
|
||||
|
||||
@ -203,9 +231,11 @@ in {
|
||||
packages = [ pkgs.maddy ];
|
||||
services.maddy = {
|
||||
serviceConfig = {
|
||||
User = "${cfg.user}";
|
||||
Group = "${cfg.group}";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
StateDirectory = [ "maddy" ];
|
||||
};
|
||||
restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
@ -220,20 +250,16 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
users.users = optionalAttrs (cfg.user == "maddy") {
|
||||
maddy = {
|
||||
description = "Maddy service user";
|
||||
group = cfg.group;
|
||||
home = "/var/lib/maddy";
|
||||
createHome = true;
|
||||
users.users = optionalAttrs (cfg.user == name) {
|
||||
${name} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
description = "Maddy mail transfer agent user";
|
||||
};
|
||||
};
|
||||
|
||||
users.groups = mkIf (cfg.group == "maddy") {
|
||||
maddy = pkgs.lib.mkForce {
|
||||
name = cfg.group;
|
||||
};
|
||||
users.groups = optionalAttrs (cfg.group == name) {
|
||||
${cfg.group} = { };
|
||||
};
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
|
Loading…
Reference in New Issue
Block a user