nixos-mailserver/mail-server/assertions.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.mailserver;
in {
  assertions = lib.optionals cfg.ldap.enable [
    {
      assertion = cfg.loginAccounts == {};
      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts";
    }
    {
      assertion = cfg.extraVirtualAliases == {};
      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases";
    }
    {
      assertion = cfg.forwards == {};
      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.forwards";
    }
  ] ++ lib.optionals (cfg.enable && cfg.certificateScheme != "acme") [
    {
      assertion = cfg.acmeCertificateName == cfg.fqdn;
      message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
    }
  ] ++ lib.optionals cfg.dkimSigning (
    let
      missingDomains = builtins.filter (d: !(cfg.dkimSelector ? "${d}")) cfg.domains;
    in [
      {
        assertion = missingDomains == [];
        message = "Missing DKIM selector for domains: ${builtins.concatStringsSep ", " missingDomains}";
      }
    ]);
}
ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-05-20 09:52:25 +02:00			`{ config, lib, pkgs, ... }:`
assertions: extract cfg variable With the lines much shorter it is easier to read what is actually asserted 2025-04-15 07:31:12 +02:00			`let`
			`cfg = config.mailserver;`
			`in {`
			`assertions = lib.optionals cfg.ldap.enable [`
ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-05-20 09:52:25 +02:00			`{`
assertions: extract cfg variable With the lines much shorter it is easier to read what is actually asserted 2025-04-15 07:31:12 +02:00			`assertion = cfg.loginAccounts == {};`
ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-05-20 09:52:25 +02:00			`message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts";`
			`}`
			`{`
assertions: extract cfg variable With the lines much shorter it is easier to read what is actually asserted 2025-04-15 07:31:12 +02:00			`assertion = cfg.extraVirtualAliases == {};`
ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-05-20 09:52:25 +02:00			`message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases";`
			`}`
			`{`
assertions: extract cfg variable With the lines much shorter it is easier to read what is actually asserted 2025-04-15 07:31:12 +02:00			`assertion = cfg.forwards == {};`
ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-05-20 09:52:25 +02:00			`message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.forwards";`
			`}`
assertions: extract cfg variable With the lines much shorter it is easier to read what is actually asserted 2025-04-15 07:31:12 +02:00			`] ++ lib.optionals (cfg.enable && cfg.certificateScheme != "acme") [`
acme: Add new option acmeCertificateName Allow the user to specify the name of the ACME configuration that the mailserver should use. This allows users that request certificates that aren't the FQDN of the mailserver, for example a wildcard certificate. 2023-06-28 20:42:37 +01:00			`{`
assertions: extract cfg variable With the lines much shorter it is easier to read what is actually asserted 2025-04-15 07:31:12 +02:00			`assertion = cfg.acmeCertificateName == cfg.fqdn;`
acme: Add new option acmeCertificateName Allow the user to specify the name of the ACME configuration that the mailserver should use. This allows users that request certificates that aren't the FQDN of the mailserver, for example a wildcard certificate. 2023-06-28 20:42:37 +01:00			`message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";`
			`}`
WIP: make DKIM selector configurable per domain 2025-04-15 07:20:46 +02:00			`] ++ lib.optionals cfg.dkimSigning (`
			`let`
			`missingDomains = builtins.filter (d: !(cfg.dkimSelector ? "${d}")) cfg.domains;`
			`in [`
			`{`
			`assertion = missingDomains == [];`
			`message = "Missing DKIM selector for domains: ${builtins.concatStringsSep ", " missingDomains}";`
			`}`
			`]);`
ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-05-20 09:52:25 +02:00			`}`