diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index e2bda7604e48..6b706e4aeaa1 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -273,13 +273,6 @@
services.peertube.
-
-
- maddy, a
- composable all-in-one mail server. Available as
- services.maddy.
-
-
sourcehut, a
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index d5e3190bf288..296161fd84db 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -48,6 +48,13 @@
services.powerdns-admin.
+
+
+ maddy, a
+ composable all-in-one mail server. Available as
+ services.maddy.
+
+
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md
index 2520d176096a..48adc4ad33cb 100644
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).
-- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
-
- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).
- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 98709455ae74..94f600537c21 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -16,6 +16,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
+- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
+
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
diff --git a/nixos/modules/services/mail/maddy.nix b/nixos/modules/services/mail/maddy.nix
index 44cfa3c2908d..0b06905ac6f1 100644
--- a/nixos/modules/services/mail/maddy.nix
+++ b/nixos/modules/services/mail/maddy.nix
@@ -3,9 +3,16 @@
with lib;
let
+
name = "maddy";
+
cfg = config.services.maddy;
+
defaultConfig = ''
+ # Minimal configuration with TLS disabled, adapted from upstream example
+ # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
+ # Do not use this in production!
+
tls off
auth.pass_table local_authdb {
@@ -131,22 +138,34 @@ let
in {
options = {
services.maddy = {
+
enable = mkEnableOption "Maddy, a free an open source mail server";
user = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
- Name of the user under which maddy will run. If not specified, a
- default user will be created.
+ User account under which maddy runs.
+
+
+ If left as the default value this user will automatically be created
+ on system activation, otherwise the sysadmin is responsible for
+ ensuring the user exists before the maddy service starts.
+
'';
};
+
group = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
- Name of the group under which maddy will run. If not specified, a
- default group will be created.
+ Group account under which maddy runs.
+
+
+ If left as the default value this group will automatically be created
+ on system activation, otherwise the sysadmin is responsible for
+ ensuring the group exists before the maddy service starts.
+
'';
};
@@ -158,6 +177,7 @@ in {
Hostname to use. It should be FQDN.
'';
};
+
primaryDomain = mkOption {
default = "localhost";
type = with types; uniq string;
@@ -166,6 +186,7 @@ in {
Primary MX domain to use. It should be FQDN.
'';
};
+
localDomains = mkOption {
type = with types; listOf str;
default = ["$(primary_domain)"];
@@ -178,11 +199,18 @@ in {
Define list of allowed domains.
'';
};
+
config = mkOption {
type = with types; nullOr lines;
default = defaultConfig;
description = ''
- Server configuration.
+ Server configuration, see
+ https://maddy.email for
+ more information. The default configuration of this module will setup
+ minimal maddy instance for mail transfer without TLS encryption.
+
+ This should not be used in a production environment.
+
'';
};
@@ -203,9 +231,11 @@ in {
packages = [ pkgs.maddy ];
services.maddy = {
serviceConfig = {
- User = "${cfg.user}";
- Group = "${cfg.group}";
+ User = cfg.user;
+ Group = cfg.group;
+ StateDirectory = [ "maddy" ];
};
+ restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
wantedBy = [ "multi-user.target" ];
};
};
@@ -220,20 +250,16 @@ in {
'';
};
- users.users = optionalAttrs (cfg.user == "maddy") {
- maddy = {
- description = "Maddy service user";
- group = cfg.group;
- home = "/var/lib/maddy";
- createHome = true;
+ users.users = optionalAttrs (cfg.user == name) {
+ ${name} = {
isSystemUser = true;
+ group = cfg.group;
+ description = "Maddy mail transfer agent user";
};
};
- users.groups = mkIf (cfg.group == "maddy") {
- maddy = pkgs.lib.mkForce {
- name = cfg.group;
- };
+ users.groups = optionalAttrs (cfg.group == name) {
+ ${cfg.group} = { };
};
networking.firewall = mkIf cfg.openFirewall {