aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
6826d11c58133fe633fd027171a595df1bc75e94
simple-nixos-mailserver/mail-server/users.nix
T
Martin Weinelt 6826d11c58 users: remove global with config.mailserver
2026-03-24 01:35:48 +01:00

138 lines
4.1 KiB
Nix
Raw Blame History

# nixos-mailserver: a simple mail server
# Copyright (C) 2016-2018 Robin Raymond
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
{
config,
options,
pkgs,
lib,
...
}:
with (import ./common.nix {
inherit
config
options
lib
pkgs
;
});
let
cfg = config.mailserver;
vmail_user = {
name = cfg.vmailUserName;
isSystemUser = true;
uid = cfg.vmailUID;
home = cfg.mailDirectory;
createHome = true;
group = cfg.vmailGroupName;
};
virtualMailUsersActivationScript =
pkgs.writeScript "activate-virtual-mail-users"
# bash
''
#!${pkgs.stdenv.shell}
set -euo pipefail
# Prevent world-readable paths, even temporarily.
umask 007
# Create directory to store user sieve scripts if it doesn't exist
if (! test -d "${cfg.sieveDirectory}"); then
mkdir "${cfg.sieveDirectory}"
chown "${cfg.vmailUserName}:${cfg.vmailGroupName}" "${cfg.sieveDirectory}"
chmod 770 "${cfg.sieveDirectory}"
fi
# Copy user's sieve script to the correct location (if it exists). If it
# is null, remove the file.
${lib.concatMapStringsSep "\n" (
{ name, sieveScript }:
if lib.isString sieveScript then
''
if (! test -d "${cfg.sieveDirectory}/${name}"); then
mkdir -p "${cfg.sieveDirectory}/${name}"
chown "${cfg.vmailUserName}:${cfg.vmailGroupName}" "${cfg.sieveDirectory}/${name}"
chmod 770 "${cfg.sieveDirectory}/${name}"
fi
cat << 'EOF' > "${cfg.sieveDirectory}/${name}/default.sieve"
${sieveScript}
EOF
chown "${cfg.vmailUserName}:${cfg.vmailGroupName}" "${cfg.sieveDirectory}/${name}/default.sieve"
''
else
''
if (test -f "${cfg.sieveDirectory}/${name}/default.sieve"); then
rm "${cfg.sieveDirectory}/${name}/default.sieve"
fi
if (test -f "${cfg.sieveDirectory}/${name}.svbin"); then
rm "${cfg.sieveDirectory}/${name}/default.svbin"
fi
''
) (map (user: { inherit (user) name sieveScript; }) (lib.attrValues cfg.accounts))}
'';
in
{
config = lib.mkIf cfg.enable {
# assert that all accounts provide a password
assertions = map (acct: {
assertion =
lib.length (
lib.filter (value: value != null) [
acct.hashedPassword
acct.hashedPasswordFile
acct.passwordFile
]
) == 1;
message = "Login account ${acct.name} must provide exactly one of password file, hashed password, or hashed password file";
}) (lib.attrValues cfg.accounts);
# warn for accounts that specify both password and file
warnings =
map (acct: "${acct.name} specifies both a password hash and hash file; hash file will be used")
(
lib.filter (acct: (acct.hashedPassword != null && acct.hashedPasswordFile != null)) (
lib.attrValues cfg.accounts
)
);
# set the vmail gid to a specific value
users.groups = {
"${cfg.vmailGroupName}" = {
gid = cfg.vmailUID;
};
};
# define all users
users.users = {
"${vmail_user.name}" = lib.mkForce vmail_user;
};
systemd.services.activate-virtual-mail-users = {
wantedBy = [ "multi-user.target" ];
before = [ "dovecot.service" ];
serviceConfig = {
ExecStart = virtualMailUsersActivationScript;
};
enable = true;
};
};
}
Reference in New Issue View Git Blame Copy Permalink