ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2024-11-11 11:29:17 +05:00
Code Issues Packages Projects Releases Wiki Activity

Change domain to fqdn and extraDomains to domains

Browse Source
This commit is contained in:
John Boehr 2017-11-11 09:44:45 +00:00 committed by John Boehr
parent a745abaa8e
commit 16fb41de01
11 changed files with 51 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
default.nix
View File

@ -26,26 +26,17 @@ in
options.mailserver = {
enable = mkEnableOption "nixos-mailserver";
domain = mkOption {
fqdn = mkOption {
type = types.str;
example = "[ example.com ]";
description = "The primary domain that this mail server serves.";
description = "The fully qualified domain name of the mail server.";
};
extraDomains = mkOption {
domains = mkOption {
type = types.listOf types.str;
example = "[ example.com ]";
default = [];
description = "Extra domains that this mail server serves.";
};
hostPrefix = mkOption {
type = types.str;
default = "mail";
description = ''
The prefix of the FQDN of the server. In this example the FQDN of the server
is given by 'mail.example.com'
'';
description = "The domains that this mail server serves.";
};
loginAccounts = mkOption {

17
mail-server/common.nix
View File

@ -14,34 +14,27 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
{ config, lib }:
{ config }:
let
cfg = config.mailserver;
inherit (lib.strings) stringToCharacters;
in
{
# cert :: PATH
certificatePath = if cfg.certificateScheme == 1
then cfg.certificateFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem"
else if cfg.certificateScheme == 3
then "/var/lib/acme/mailserver/fullchain.pem"
then "/var/lib/acme/${cfg.fqdn}/fullchain.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# key :: PATH
keyPath = if cfg.certificateScheme == 1
then cfg.keyFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
else if cfg.certificateScheme == 3
then "/var/lib/acme/mailserver/key.pem"
then "/var/lib/acme/${cfg.fqdn}/key.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# appends cfg.domain to argument if it does not contain "@"
qualifyUser = user: (
if (builtins.any (c: c == "@") (stringToCharacters user))
then user
else "${user}@${cfg.domain}");
}

2
mail-server/dovecot.nix
View File

@ -16,7 +16,7 @@
{ config, pkgs, lib, ... }:
with (import ./common.nix { inherit config lib; });
with (import ./common.nix { inherit config; });
let
cfg = config.mailserver;

24
mail-server/nginx.nix
View File

@ -20,35 +20,29 @@
with (import ./common.nix { inherit config; });
let
inherit (lib.attrsets) genAttrs;
cfg = config.mailserver;
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
acmeRoot = "/var/lib/acme/acme-challenge";
in
{
config = lib.mkIf (cfg.certificateScheme == 3) {
services.nginx = {
enable = true;
virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: {
serverName = "${domain}";
virtualHosts."${cfg.fqdn}" = {
serverName = cfg.fqdn;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/var/www";
};
acmeRoot = acmeRoot;
});
};
security.acme.certs."mailserver" = {
domain = "${cfg.hostPrefix}.${cfg.domain}";
extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null);
webroot = acmeRoot;
# @todo should we reload postfix here?
postRun = ''
};
security.acme.certs."${cfg.fqdn}".postRun = #{
# domain = "${cfg.fqdn}";
# webroot = acmeRoot;
# postRun =
''
systemctl reload nginx
systemctl reload postfix
systemctl reload dovecot2
'';
};
# };
};
}

9
mail-server/postfix.nix
View File

@ -16,22 +16,21 @@
{ config, pkgs, lib, ... }:
with (import ./common.nix { inherit config lib; });
with (import ./common.nix { inherit config; });
let
inherit (lib.strings) concatStringsSep;
cfg = config.mailserver;
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
# valiases_postfix :: [ String ]
valiases_postfix = map
(from:
let to = cfg.virtualAliases.${from};
in "${qualifyUser from} ${qualifyUser to}")
in "${from} ${to}")
(builtins.attrNames cfg.virtualAliases);
# accountToIdentity :: User -> String
accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}";
accountToIdentity = account: "${account.name} ${account.name}";
# vaccounts_identity :: [ String ]
vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts);
@ -40,7 +39,7 @@ let
valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix);
# vhosts_file :: Path
vhosts_file = builtins.toFile "vhosts" (concatStringsSep ", " allDomains);
vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains);
# vaccounts_file :: Path
# see

4
mail-server/services.nix
View File

@ -24,14 +24,14 @@ let
cert = if cfg.certificateScheme == 1
then cfg.certificateFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/cert-${cfg.fqdn.pem"
else "";
# key :: PATH
key = if cfg.certificateScheme == 1
then cfg.keyFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
else "";
in
{

8
mail-server/systemd.nix
View File

@ -23,10 +23,10 @@ let
''
# Create certificates if they do not exist yet
dir="${cfg.certificateDirectory}"
fqdn="${cfg.hostPrefix}.${cfg.domain}"
fqdn="${cfg.fqdn}"
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
key="''${dir}/key-${cfg.domain}.pem";
cert="''${dir}/cert-${cfg.domain}.pem";
key="''${dir}/key-${cfg.fqdn}.pem";
cert="''${dir}/cert-${cfg.fqdn}.pem";
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
then
@ -50,7 +50,7 @@ let
then
${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
-d ${cfg.domain} \
-d ${cfg.fqdn} \
--directory="${cfg.dkimKeyDirectory}"
chown rmilter:rmilter "${dkim_key}"
fi

6
mail-server/users.nix
View File

@ -19,8 +19,6 @@
with config.mailserver;
let
qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser;
vmail_user = {
name = vmailUserName;
isNormalUser = false;
@ -32,14 +30,14 @@ let
# accountsToUser :: String -> UserRecord
accountsToUser = account: {
name = (qualifyUser account.name);
name = account.name;
isNormalUser = false;
group = vmailGroupName;
inherit (account) hashedPassword;
};
# mail_users :: { [String]: UserRecord }
mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {}
mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
(map accountsToUser (lib.attrValues loginAccounts));
in

22
nixops/single-server.nix
View File

@ -10,23 +10,21 @@
mailserver = {
enable = true;
domain = "example.com";
extraDomains = [ "example2.com" ];
hostPrefix = "mail";
fqdn = "mail.example.com";
domains = [ "example.com", "example2.com" ];
loginAccounts = {
"user1" = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};
virtualAliases = {
"info" = "user1";
"postmaster" = "user1";
"abuse" = "user1";
"user1@example2.com" = "user1";
"info@example2.com" = "user1";
"postmaster@example2.com" = "user1";
"abuse@example2.com" = "user1";
"info@example.com" = "user1@example.com";
"postmaster@example.com" = "user1@example.com";
"abuse@example.com" = "user1@example.com";
"user1@example2.com" = "user1@example.com";
"info@example2.com" = "user1@example.com";
"postmaster@example2.com" = "user1@example.com";
"abuse@example2.com" = "user1@example.com";
};
};
};

8
tests/extern.nix
View File

@ -25,14 +25,14 @@ import <nixpkgs/nixos/tests/make-test.nix> {
mailserver = {
enable = true;
domain = "example.com";
fqdn = "mail.example.com";
domains = [ "example.com" ];
hostPrefix = "mail";
loginAccounts = {
user1 = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
user2 = {
"user2@example.com" = {
hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0";
};
};

6
tests/intern.nix
View File

@ -25,11 +25,11 @@ import <nixpkgs/nixos/tests/make-test.nix> {
mailserver = {
enable = true;
domain = "example.com";
fqdn = "mail.example.com";
domains = [ "example.com" ];
hostPrefix = "mail";
loginAccounts = {
user1 = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};