Skip to content

Commit

Permalink
nixos/maddy: Better description, user and group handling
Browse files Browse the repository at this point in the history
  • Loading branch information
onny committed Dec 30, 2021
1 parent f5dd11f commit 71c4236
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 26 deletions.
7 changes: 0 additions & 7 deletions nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
Original file line number Diff line number Diff line change
Expand Up @@ -273,13 +273,6 @@
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://sr.ht">sourcehut</link>, a
Expand Down
7 changes: 7 additions & 0 deletions nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,13 @@
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
Expand Down
2 changes: 0 additions & 2 deletions nixos/doc/manual/release-notes/rl-2111.section.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin

- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).

- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).

- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).

- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).
Expand Down
2 changes: 2 additions & 0 deletions nixos/doc/manual/release-notes/rl-2205.section.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ In addition to numerous new and upgraded packages, this release has the followin

- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).

- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).

## Backward Incompatibilities {#sec-release-22.05-incompatibilities}

- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
Expand Down
60 changes: 43 additions & 17 deletions nixos/modules/services/mail/maddy.nix
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,16 @@
with lib;

let

name = "maddy";

cfg = config.services.maddy;

defaultConfig = ''
# Minimal configuration with TLS disabled, adapted from upstream example
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
# Do not use this in production!
tls off
auth.pass_table local_authdb {
Expand Down Expand Up @@ -131,22 +138,34 @@ let
in {
options = {
services.maddy = {

enable = mkEnableOption "Maddy, a free an open source mail server";

user = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the user under which maddy will run. If not specified, a
default user will be created.
User account under which maddy runs.
<note><para>
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists before the maddy service starts.
</para></note>
'';
};

group = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the group under which maddy will run. If not specified, a
default group will be created.
Group account under which maddy runs.
<note><para>
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the group exists before the maddy service starts.
</para></note>
'';
};

Expand All @@ -158,6 +177,7 @@ in {
Hostname to use. It should be FQDN.
'';
};

primaryDomain = mkOption {
default = "localhost";
type = with types; uniq string;
Expand All @@ -166,6 +186,7 @@ in {
Primary MX domain to use. It should be FQDN.
'';
};

localDomains = mkOption {
type = with types; listOf str;
default = ["$(primary_domain)"];
Expand All @@ -178,11 +199,18 @@ in {
Define list of allowed domains.
'';
};

config = mkOption {
type = with types; nullOr lines;
default = defaultConfig;
description = ''
Server configuration.
Server configuration, see
<link xlink:href="https://maddy.email">https://maddy.email</link> for
more information. The default configuration of this module will setup
minimal maddy instance for mail transfer without TLS encryption.
<note><para>
This should not be used in a production environment.
</para></note>
'';
};

Expand All @@ -203,9 +231,11 @@ in {
packages = [ pkgs.maddy ];
services.maddy = {
serviceConfig = {
User = "${cfg.user}";
Group = "${cfg.group}";
User = cfg.user;
Group = cfg.group;
StateDirectory = [ "maddy" ];
};
restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
wantedBy = [ "multi-user.target" ];
};
};
Expand All @@ -220,20 +250,16 @@ in {
'';
};

users.users = optionalAttrs (cfg.user == "maddy") {
maddy = {
description = "Maddy service user";
group = cfg.group;
home = "/var/lib/maddy";
createHome = true;
users.users = optionalAttrs (cfg.user == name) {
${name} = {
isSystemUser = true;
group = cfg.group;
description = "Maddy mail transfer agent user";
};
};

users.groups = mkIf (cfg.group == "maddy") {
maddy = pkgs.lib.mkForce {
name = cfg.group;
};
users.groups = optionalAttrs (cfg.group == name) {
${cfg.group} = { };
};

networking.firewall = mkIf cfg.openFirewall {
Expand Down

0 comments on commit 71c4236

Please sign in to comment.