nixos-mailserver/mail-server/users.nix

99 lines
3.1 KiB
Nix
Raw Normal View History

# nixos-mailserver: a simple mail server
2018-01-29 14:34:27 +05:00
# Copyright (C) 2016-2018 Robin Raymond
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
2017-09-02 16:58:42 +05:00
{ config, pkgs, lib, ... }:
with config.mailserver;
let
2017-11-05 13:42:39 +05:00
vmail_user = {
2017-10-18 12:20:44 +05:00
name = vmailUserName;
isNormalUser = false;
uid = vmailUID;
2017-09-02 16:23:37 +05:00
home = mailDirectory;
createHome = true;
2017-10-18 12:20:44 +05:00
group = vmailGroupName;
2017-11-05 13:42:39 +05:00
};
# accountsToUser :: String -> UserRecord
2017-08-30 03:58:44 +05:00
accountsToUser = account: {
isNormalUser = false;
2017-09-02 16:23:37 +05:00
group = vmailGroupName;
inherit (account) hashedPassword name;
};
2017-11-05 13:42:39 +05:00
# mail_users :: { [String]: UserRecord }
mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
2017-11-05 13:42:39 +05:00
(map accountsToUser (lib.attrValues loginAccounts));
virtualMailUsersActivationScript = pkgs.writeScript "activate-virtual-mail-users" ''
#!${pkgs.stdenv.shell}
set -euo pipefail
# Create directory to store user sieve scripts if it doesn't exist
if (! test -d "/var/sieve"); then
mkdir "/var/sieve"
chown "${vmailUserName}:${vmailGroupName}" "/var/sieve"
chmod 770 "/var/sieve"
fi
# Copy user's sieve script to the correct location (if it exists). If it
# is null, remove the file.
${lib.concatMapStringsSep "\n" ({ name, sieveScript }:
if lib.isString sieveScript then ''
if (! test -d "/var/sieve/${name}"); then
mkdir -p "/var/sieve/${name}"
chown "${name}:${vmailGroupName}" "/var/sieve/${name}"
chmod 770 "/var/sieve/${name}"
fi
cat << EOF > "/var/sieve/${name}/default.sieve"
${sieveScript}
EOF
chown "${name}:${vmailGroupName}" "/var/sieve/${name}/default.sieve"
'' else ''
if (test -f "/var/sieve/${name}/default.sieve"); then
rm "/var/sieve/${name}/default.sieve"
fi
if (test -f "/var/sieve/${name}.svbin"); then
rm "/var/sieve/${name}/default.svbin"
fi
'') (map (user: { inherit (user) name sieveScript; })
(lib.attrValues loginAccounts))}
'';
in {
2017-09-02 16:58:42 +05:00
config = lib.mkIf enable {
# set the vmail gid to a specific value
users.groups = {
"${vmailGroupName}" = { gid = vmailUID; };
2017-09-02 16:58:42 +05:00
};
# define all users
2017-11-05 13:42:39 +05:00
users.users = mail_users // {
"${vmail_user.name}" = lib.mkForce vmail_user;
};
systemd.services.activate-virtual-mail-users = {
wantedBy = [ "multi-user.target" ];
before = [ "dovecot2.service" ];
serviceConfig = {
ExecStart = virtualMailUsersActivationScript;
};
enable = true;
};
2017-09-02 16:58:42 +05:00
};
}