From 16fb41de0167face01d63ae02f86d96768b6d493 Mon Sep 17 00:00:00 2001 From: John Boehr Date: Sat, 11 Nov 2017 09:44:45 +0000 Subject: [PATCH] Change domain to fqdn and extraDomains to domains --- default.nix | 17 ++++------------- mail-server/common.nix | 17 +++++------------ mail-server/dovecot.nix | 2 +- mail-server/nginx.nix | 30 ++++++++++++------------------ mail-server/postfix.nix | 9 ++++----- mail-server/services.nix | 4 ++-- mail-server/systemd.nix | 8 ++++---- mail-server/users.nix | 6 ++---- nixops/single-server.nix | 22 ++++++++++------------ tests/extern.nix | 8 ++++---- tests/intern.nix | 6 +++--- 11 files changed, 51 insertions(+), 78 deletions(-) diff --git a/default.nix b/default.nix index 381a0d1..9b7f6fe 100644 --- a/default.nix +++ b/default.nix @@ -26,26 +26,17 @@ in options.mailserver = { enable = mkEnableOption "nixos-mailserver"; - domain = mkOption { + fqdn = mkOption { type = types.str; example = "[ example.com ]"; - description = "The primary domain that this mail server serves."; + description = "The fully qualified domain name of the mail server."; }; - extraDomains = mkOption { + domains = mkOption { type = types.listOf types.str; example = "[ example.com ]"; default = []; - description = "Extra domains that this mail server serves."; - }; - - hostPrefix = mkOption { - type = types.str; - default = "mail"; - description = '' - The prefix of the FQDN of the server. In this example the FQDN of the server - is given by 'mail.example.com' - ''; + description = "The domains that this mail server serves."; }; loginAccounts = mkOption { diff --git a/mail-server/common.nix b/mail-server/common.nix index f491911..910b5c2 100644 --- a/mail-server/common.nix +++ b/mail-server/common.nix @@ -14,34 +14,27 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see -{ config, lib }: +{ config }: let cfg = config.mailserver; - inherit (lib.strings) stringToCharacters; in { # cert :: PATH certificatePath = if cfg.certificateScheme == 1 then cfg.certificateFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem" else if cfg.certificateScheme == 3 - then "/var/lib/acme/mailserver/fullchain.pem" + then "/var/lib/acme/${cfg.fqdn}/fullchain.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; # key :: PATH keyPath = if cfg.certificateScheme == 1 then cfg.keyFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/key-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem" else if cfg.certificateScheme == 3 - then "/var/lib/acme/mailserver/key.pem" + then "/var/lib/acme/${cfg.fqdn}/key.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; - - # appends cfg.domain to argument if it does not contain "@" - qualifyUser = user: ( - if (builtins.any (c: c == "@") (stringToCharacters user)) - then user - else "${user}@${cfg.domain}"); } diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index fb8330b..7ccaab1 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -16,7 +16,7 @@ { config, pkgs, lib, ... }: -with (import ./common.nix { inherit config lib; }); +with (import ./common.nix { inherit config; }); let cfg = config.mailserver; diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix index f487d7a..0ba4a54 100644 --- a/mail-server/nginx.nix +++ b/mail-server/nginx.nix @@ -20,35 +20,29 @@ with (import ./common.nix { inherit config; }); let - inherit (lib.attrsets) genAttrs; cfg = config.mailserver; - allDomains = [ cfg.domain ] ++ cfg.extraDomains; acmeRoot = "/var/lib/acme/acme-challenge"; in { config = lib.mkIf (cfg.certificateScheme == 3) { services.nginx = { enable = true; - virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: { - serverName = "${domain}"; - forceSSL = true; - enableACME = true; - locations."/" = { - root = "/var/www"; - }; - acmeRoot = acmeRoot; - }); + virtualHosts."${cfg.fqdn}" = { + serverName = cfg.fqdn; + forceSSL = true; + enableACME = true; + acmeRoot = acmeRoot; + }; }; - security.acme.certs."mailserver" = { - domain = "${cfg.hostPrefix}.${cfg.domain}"; - extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null); - webroot = acmeRoot; - # @todo should we reload postfix here? - postRun = '' + security.acme.certs."${cfg.fqdn}".postRun = #{ + # domain = "${cfg.fqdn}"; +# webroot = acmeRoot; +# postRun = + '' systemctl reload nginx systemctl reload postfix systemctl reload dovecot2 ''; - }; +# }; }; } diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index a03e366..a57e63d 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -16,22 +16,21 @@ { config, pkgs, lib, ... }: -with (import ./common.nix { inherit config lib; }); +with (import ./common.nix { inherit config; }); let inherit (lib.strings) concatStringsSep; cfg = config.mailserver; - allDomains = [ cfg.domain ] ++ cfg.extraDomains; # valiases_postfix :: [ String ] valiases_postfix = map (from: let to = cfg.virtualAliases.${from}; - in "${qualifyUser from} ${qualifyUser to}") + in "${from} ${to}") (builtins.attrNames cfg.virtualAliases); # accountToIdentity :: User -> String - accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}"; + accountToIdentity = account: "${account.name} ${account.name}"; # vaccounts_identity :: [ String ] vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts); @@ -40,7 +39,7 @@ let valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix); # vhosts_file :: Path - vhosts_file = builtins.toFile "vhosts" (concatStringsSep ", " allDomains); + vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains); # vaccounts_file :: Path # see diff --git a/mail-server/services.nix b/mail-server/services.nix index 2cebdaf..41d2bb3 100644 --- a/mail-server/services.nix +++ b/mail-server/services.nix @@ -24,14 +24,14 @@ let cert = if cfg.certificateScheme == 1 then cfg.certificateFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/cert-${cfg.fqdn.pem" else ""; # key :: PATH key = if cfg.certificateScheme == 1 then cfg.keyFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/key-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem" else ""; in { diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix index b6556a8..ecfbbde 100644 --- a/mail-server/systemd.nix +++ b/mail-server/systemd.nix @@ -23,10 +23,10 @@ let '' # Create certificates if they do not exist yet dir="${cfg.certificateDirectory}" - fqdn="${cfg.hostPrefix}.${cfg.domain}" + fqdn="${cfg.fqdn}" case $fqdn in /*) fqdn=$(cat "$fqdn");; esac - key="''${dir}/key-${cfg.domain}.pem"; - cert="''${dir}/cert-${cfg.domain}.pem"; + key="''${dir}/key-${cfg.fqdn}.pem"; + cert="''${dir}/cert-${cfg.fqdn}.pem"; if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ] then @@ -50,7 +50,7 @@ let then ${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \ - -d ${cfg.domain} \ + -d ${cfg.fqdn} \ --directory="${cfg.dkimKeyDirectory}" chown rmilter:rmilter "${dkim_key}" fi diff --git a/mail-server/users.nix b/mail-server/users.nix index d813101..f49be1f 100644 --- a/mail-server/users.nix +++ b/mail-server/users.nix @@ -19,8 +19,6 @@ with config.mailserver; let - qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser; - vmail_user = { name = vmailUserName; isNormalUser = false; @@ -32,14 +30,14 @@ let # accountsToUser :: String -> UserRecord accountsToUser = account: { - name = (qualifyUser account.name); + name = account.name; isNormalUser = false; group = vmailGroupName; inherit (account) hashedPassword; }; # mail_users :: { [String]: UserRecord } - mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {} + mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {} (map accountsToUser (lib.attrValues loginAccounts)); in diff --git a/nixops/single-server.nix b/nixops/single-server.nix index af909d1..abcd671 100644 --- a/nixops/single-server.nix +++ b/nixops/single-server.nix @@ -10,23 +10,21 @@ mailserver = { enable = true; - domain = "example.com"; - extraDomains = [ "example2.com" ]; - - hostPrefix = "mail"; + fqdn = "mail.example.com"; + domains = [ "example.com", "example2.com" ]; loginAccounts = { - "user1" = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; }; virtualAliases = { - "info" = "user1"; - "postmaster" = "user1"; - "abuse" = "user1"; - "user1@example2.com" = "user1"; - "info@example2.com" = "user1"; - "postmaster@example2.com" = "user1"; - "abuse@example2.com" = "user1"; + "info@example.com" = "user1@example.com"; + "postmaster@example.com" = "user1@example.com"; + "abuse@example.com" = "user1@example.com"; + "user1@example2.com" = "user1@example.com"; + "info@example2.com" = "user1@example.com"; + "postmaster@example2.com" = "user1@example.com"; + "abuse@example2.com" = "user1@example.com"; }; }; }; diff --git a/tests/extern.nix b/tests/extern.nix index f98f10e..03c53c6 100644 --- a/tests/extern.nix +++ b/tests/extern.nix @@ -25,14 +25,14 @@ import { mailserver = { enable = true; - domain = "example.com"; + fqdn = "mail.example.com"; + domains = [ "example.com" ]; - hostPrefix = "mail"; loginAccounts = { - user1 = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; - user2 = { + "user2@example.com" = { hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0"; }; }; diff --git a/tests/intern.nix b/tests/intern.nix index 58c4b75..bcfce2a 100644 --- a/tests/intern.nix +++ b/tests/intern.nix @@ -25,11 +25,11 @@ import { mailserver = { enable = true; - domain = "example.com"; + fqdn = "mail.example.com"; + domains = [ "example.com" ]; - hostPrefix = "mail"; loginAccounts = { - user1 = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; };