diff --git a/mail-server/assertions.nix b/mail-server/assertions.nix index a2749a0..4a7b3b0 100644 --- a/mail-server/assertions.nix +++ b/mail-server/assertions.nix @@ -1,38 +1,48 @@ -{ config, lib, ... }: { - assertions = [ - - ] ++ lib.optionals config.mailserver.enable [ - { - assertion = config.mailserver.stateVersion != null; - message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at."; - } - ] ++ lib.optionals config.mailserver.ldap.enable [ - { - assertion = config.mailserver.loginAccounts == {}; - message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts"; - } - { - assertion = config.mailserver.extraVirtualAliases == {}; - message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases"; - } - ] ++ lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail") [ - { - assertion = config.mailserver.stateVersion >= 2; - message = '' - Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`. - Remediation: - - Stop the `dovecot2.service` - - Move `/var/vmail/ldap` below your `mailserver.mailDirectory` - - Increase the `stateVersion` to 2. + config, + lib, + ... +}: +{ + # We guard all assertions by requiring mailserver to be actually enabled + assertions = lib.optionals config.mailserver.enable ( + [ + { + assertion = config.mailserver.stateVersion != null; + message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at."; + } + ] + ++ lib.optionals config.mailserver.ldap.enable [ + { + assertion = config.mailserver.loginAccounts == { }; + message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts"; + } + { + assertion = config.mailserver.extraVirtualAliases == { }; + message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases"; + } + ] + ++ + lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail") + [ + { + assertion = config.mailserver.stateVersion >= 2; + message = '' + Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`. + Remediation: + - Stop the `dovecot2.service` + - Move `/var/vmail/ldap` below your `mailserver.mailDirectory` + - Increase the `stateVersion` to 2. - Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information. - ''; - } - ] ++ lib.optionals (config.mailserver.enable && config.mailserver.certificateScheme != "acme") [ - { - assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn; - message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName"; - } - ]; + Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information. + ''; + } + ] + ++ lib.optionals (config.mailserver.certificateScheme != "acme") [ + { + assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn; + message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName"; + } + ] + ); }