emilylange
65 lines
1.9 KiB
Nix
65 lines
1.9 KiB
Nix
# nixos-mailserver: a simple mail server
|
|
# Copyright (C) 2016-2018 Robin Raymond
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.mailserver;
|
|
in
|
|
{
|
|
config = lib.mkIf cfg.enable {
|
|
# assert that all accounts provide a password
|
|
assertions = map (acct: {
|
|
assertion =
|
|
lib.length (
|
|
lib.filter (value: value != null) [
|
|
acct.hashedPassword
|
|
acct.hashedPasswordFile
|
|
acct.passwordFile
|
|
]
|
|
) == 1;
|
|
message = "Login account ${acct.name} must provide exactly one of password file, hashed password, or hashed password file";
|
|
}) (lib.attrValues cfg.accounts);
|
|
|
|
# warn for accounts that specify both password and file
|
|
warnings =
|
|
map (acct: "${acct.name} specifies both a password hash and hash file; hash file will be used")
|
|
(
|
|
lib.filter (acct: (acct.hashedPassword != null && acct.hashedPasswordFile != null)) (
|
|
lib.attrValues cfg.accounts
|
|
)
|
|
);
|
|
|
|
users.groups.${cfg.storage.group} = {
|
|
inherit (cfg.storage) gid;
|
|
};
|
|
users.users.${cfg.storage.owner} = lib.mkForce {
|
|
inherit (cfg.storage)
|
|
group
|
|
uid
|
|
;
|
|
name = cfg.storage.owner;
|
|
isSystemUser = true;
|
|
home = cfg.storage.path;
|
|
createHome = true;
|
|
};
|
|
};
|
|
}
|