Merge branch 'assertions-guard-reformat' into 'master'

assertions: guard by enable flag and reformat See merge request simple-nixos-mailserver/nixos-mailserver!407
2025-06-04 00:47:51 +05:00 · 2025-05-31 10:51:28 +00:00 · 2025-05-31 10:51:28 +00:00 · 145afc5393
commit 145afc5393
parent c8bc3e4f1f ea1b0f8e2b
1 changed files with 45 additions and 35 deletions
--- a/mail-server/assertions.nix
+++ b/mail-server/assertions.nix
@ -1,38 +1,48 @@
 { config, lib, ... }:
 {
-  assertions = [
+  config,
-    
+  lib,
-  ] ++ lib.optionals config.mailserver.enable [
+  ...
-    {
+}:
-      assertion = config.mailserver.stateVersion != null;
+{
-      message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at.";
+  # We guard all assertions by requiring mailserver to be actually enabled
-    }
+  assertions = lib.optionals config.mailserver.enable (
-  ] ++ lib.optionals config.mailserver.ldap.enable [
+    [
-    {
+      {
-      assertion = config.mailserver.loginAccounts == {};
+        assertion = config.mailserver.stateVersion != null;
-      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts";
+        message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at.";
-    }
+      }
-    {
+    ]
-      assertion = config.mailserver.extraVirtualAliases == {};
+    ++ lib.optionals config.mailserver.ldap.enable [
-      message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases";
+      {
-    }
+        assertion = config.mailserver.loginAccounts == { };
-  ] ++ lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail") [
+        message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts";
-    {
+      }
-      assertion = config.mailserver.stateVersion >= 2;
+      {
-      message = ''
+        assertion = config.mailserver.extraVirtualAliases == { };
-        Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`.
+        message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases";
-        Remediation:
+      }
-          - Stop the `dovecot2.service`
+    ]
-          - Move `/var/vmail/ldap` below your `mailserver.mailDirectory`
+    ++
-          - Increase the `stateVersion` to 2.
+      lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail")
        [
          {
            assertion = config.mailserver.stateVersion >= 2;
            message = ''
              Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`.
              Remediation:
                - Stop the `dovecot2.service`
                - Move `/var/vmail/ldap` below your `mailserver.mailDirectory`
                - Increase the `stateVersion` to 2.
-        Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information.
+              Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information.
-      ''; 
+            '';
-    }
+          }
-  ] ++ lib.optionals (config.mailserver.enable && config.mailserver.certificateScheme != "acme") [
+        ]
-    {
+    ++ lib.optionals (config.mailserver.certificateScheme != "acme") [
-      assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn;
+      {
-      message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
+        assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn;
-    }
+        message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
-  ];
+      }
    ]
  );
 }