From ebd0f656eda09cb55ca78ee01ce1273f8b953483 Mon Sep 17 00:00:00 2001 From: John Boehr Date: Thu, 9 Nov 2017 13:13:27 -0800 Subject: [PATCH 1/8] Preliminary multi-domain support --- default.nix | 10 ++++++++-- mail-server/nginx.nix | 35 +++++++++++++++++++++++------------ mail-server/postfix.nix | 16 +++++++++------- mail-server/systemd.nix | 2 +- mail-server/users.nix | 2 +- nixops/single-server.nix | 13 +++++++++---- 6 files changed, 51 insertions(+), 27 deletions(-) diff --git a/default.nix b/default.nix index 6a07f7e..f9303a7 100644 --- a/default.nix +++ b/default.nix @@ -28,8 +28,14 @@ in domain = mkOption { type = types.str; - example = "example.com"; - description = "The domain that this mail server serves. So far only one domain is supported"; + example = "[ example.com ]"; + description = "The primary domain that this mail server serves."; + }; + + extraDomains = mkOption { + type = types.listOf types.str; + example = "[ example.com ]"; + description = "Extra domains that this mail server serves."; }; hostPrefix = mkOption { diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix index 15bb596..71f6c28 100644 --- a/mail-server/nginx.nix +++ b/mail-server/nginx.nix @@ -21,23 +21,34 @@ with (import ./common.nix { inherit config; }); let cfg = config.mailserver; + allDomains = [ cfg.domain ] ++ cfg.extraDomains; + acmeRoot = "/var/lib/acme/acme-challenge"; in { config = with cfg; lib.mkIf (certificateScheme == 3) { - services.nginx = { enable = true; - virtualHosts = { - domain = { - serverName = "${hostPrefix}.${domain}"; - forceSSL = true; - enableACME = true; - locations."/" = { - root = "/var/www"; - }; - acmeRoot = "/var/lib/acme/acme-challenge"; - }; - }; + virtualHosts = genAttrs allDomains (domain: { + serverName = "${hostPrefix}.${domain}"; + forceSSL = true; + enableACME = true; + locations."/" = { + root = "/var/www"; + }; + acmeRoot = acmeRoot; + }); + }; + security.acme.certs."${hostPrefix}.${domain}" = { + # @todo what user/group should this run as? + user = "postfix"; # cfg.user; + group = "postfix"; # lib.mkDefault cfg.group; + domain = "${hostPrefix}.${domain}"; + extraDomains = map (domain: "${hostPrefix}.${domain}") extraDomains; + webroot = acmeRoot; + # @todo should we reload postfix here? + postRun = '' + systemctl reload nginx + ''; }; }; } diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index fedb53c..ee91da9 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -19,17 +19,19 @@ with (import ./common.nix { inherit config; }); let + inherit (lib.strings) concatStringsSep; cfg = config.mailserver; + allDomains = [ cfg.domain ] ++ cfg.extraDomains; # valiases_postfix :: [ String ] valiases_postfix = map (from: let to = cfg.virtualAliases.${from}; - in "${from}@${cfg.domain} ${to}@${cfg.domain}") + in "${from} ${to}") (builtins.attrNames cfg.virtualAliases); # accountToIdentity :: User -> String - accountToIdentity = account: "${account.name}@${cfg.domain} ${account.name}@${cfg.domain}"; + accountToIdentity = account: "${account.name} ${account.name}"; # vaccounts_identity :: [ String ] vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts); @@ -38,7 +40,7 @@ let valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix); # vhosts_file :: Path - vhosts_file = builtins.toFile "vhosts" cfg.domain; + vhosts_file = builtins.toFile "vhosts" (concatStringsSep ", " allDomains); # vaccounts_file :: Path # see @@ -47,7 +49,7 @@ let # every alias is owned (uniquely) by its user. We have to add the users own # address though vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" (vaccounts_identity ++ valiases_postfix)); - + submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" '' # Removes sensitive headers from mails handed in via the submission port. # See https://thomas-leister.de/mailserver-debian-stretch/ @@ -67,12 +69,12 @@ in enable = true; networksStyle = "host"; mapFiles."valias" = valiases_file; - mapFiles."vaccounts" = vaccounts_file; + mapFiles."vaccounts" = vaccounts_file; sslCert = certificatePath; sslKey = keyPath; enableSubmission = true; - extraConfig = + extraConfig = '' # Extra Config @@ -116,7 +118,7 @@ in ''; submissionOptions = - { + { smtpd_tls_security_level = "encrypt"; smtpd_sasl_auth_enable = "yes"; smtpd_sasl_type = "dovecot"; diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix index 48f5a5e..b6556a8 100644 --- a/mail-server/systemd.nix +++ b/mail-server/systemd.nix @@ -64,7 +64,7 @@ in # Create certificates and maildir folder systemd.services.postfix = { after = (if (certificateScheme == 3) then [ "nginx.service" ] else []); - preStart = + preStart = '' # Create mail directory and set permissions. See # . diff --git a/mail-server/users.nix b/mail-server/users.nix index c55375c..f49be1f 100644 --- a/mail-server/users.nix +++ b/mail-server/users.nix @@ -30,7 +30,7 @@ let # accountsToUser :: String -> UserRecord accountsToUser = account: { - name = account.name + "@" + domain; + name = account.name; isNormalUser = false; group = vmailGroupName; inherit (account) hashedPassword; diff --git a/nixops/single-server.nix b/nixops/single-server.nix index 15e9e5e..8072233 100644 --- a/nixops/single-server.nix +++ b/nixops/single-server.nix @@ -11,17 +11,22 @@ mailserver = { enable = true; domain = "example.com"; + extraDomains = [ "example2.com" ]; hostPrefix = "mail"; loginAccounts = { - user1 = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; }; virtualAliases = { - info = "user1"; - postmaster = "user1"; - abuse = "user1"; + "user1@example2.com" = "user1@example.com"; + "info@example.com" = "user1@example.com"; + "postmaster@example.com" = "user1@example.com"; + "abuse@example.com" = "user1@example.com"; + "info@example2.com" = "user1@example.com"; + "postmaster@example2.com" = "user1@example.com"; + "abuse@example2.com" = "user1@example.com"; }; }; }; From bbca0bd6783700a7aeefc05d3860a585c7037e06 Mon Sep 17 00:00:00 2001 From: John Boehr Date: Thu, 9 Nov 2017 13:16:06 -0800 Subject: [PATCH 2/8] Fix a few issues with ACME certs --- mail-server/common.nix | 4 ++-- mail-server/nginx.nix | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mail-server/common.nix b/mail-server/common.nix index 12d7b96..42d0180 100644 --- a/mail-server/common.nix +++ b/mail-server/common.nix @@ -26,7 +26,7 @@ in else if cfg.certificateScheme == 2 then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem" else if cfg.certificateScheme == 3 - then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/fullchain.pem" + then "/var/lib/acme/mailserver/fullchain.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; # key :: PATH @@ -35,6 +35,6 @@ in else if cfg.certificateScheme == 2 then "${cfg.certificateDirectory}/key-${cfg.domain}.pem" else if cfg.certificateScheme == 3 - then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/key.pem" + then "/var/lib/acme/mailserver/key.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; } diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix index 71f6c28..52a0bbb 100644 --- a/mail-server/nginx.nix +++ b/mail-server/nginx.nix @@ -20,6 +20,7 @@ with (import ./common.nix { inherit config; }); let + inherit (lib.attrsets) genAttrs; cfg = config.mailserver; allDomains = [ cfg.domain ] ++ cfg.extraDomains; acmeRoot = "/var/lib/acme/acme-challenge"; @@ -38,7 +39,7 @@ in acmeRoot = acmeRoot; }); }; - security.acme.certs."${hostPrefix}.${domain}" = { + security.acme.certs."mailserver" = { # @todo what user/group should this run as? user = "postfix"; # cfg.user; group = "postfix"; # lib.mkDefault cfg.group; From f3727540528b00aa7a1af818441ec41f2dfdb086 Mon Sep 17 00:00:00 2001 From: John Boehr Date: Thu, 9 Nov 2017 14:17:03 -0800 Subject: [PATCH 3/8] Qualify user names --- default.nix | 1 + mail-server/common.nix | 9 ++++++++- mail-server/dovecot.nix | 2 +- mail-server/nginx.nix | 13 +++++-------- mail-server/postfix.nix | 6 +++--- mail-server/users.nix | 6 ++++-- nixops/single-server.nix | 16 ++++++++-------- 7 files changed, 30 insertions(+), 23 deletions(-) diff --git a/default.nix b/default.nix index f9303a7..381a0d1 100644 --- a/default.nix +++ b/default.nix @@ -35,6 +35,7 @@ in extraDomains = mkOption { type = types.listOf types.str; example = "[ example.com ]"; + default = []; description = "Extra domains that this mail server serves."; }; diff --git a/mail-server/common.nix b/mail-server/common.nix index 42d0180..f491911 100644 --- a/mail-server/common.nix +++ b/mail-server/common.nix @@ -14,10 +14,11 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see -{ config }: +{ config, lib }: let cfg = config.mailserver; + inherit (lib.strings) stringToCharacters; in { # cert :: PATH @@ -37,4 +38,10 @@ in else if cfg.certificateScheme == 3 then "/var/lib/acme/mailserver/key.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; + + # appends cfg.domain to argument if it does not contain "@" + qualifyUser = user: ( + if (builtins.any (c: c == "@") (stringToCharacters user)) + then user + else "${user}@${cfg.domain}"); } diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index 7ccaab1..fb8330b 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -16,7 +16,7 @@ { config, pkgs, lib, ... }: -with (import ./common.nix { inherit config; }); +with (import ./common.nix { inherit config lib; }); let cfg = config.mailserver; diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix index 52a0bbb..9eeace4 100644 --- a/mail-server/nginx.nix +++ b/mail-server/nginx.nix @@ -26,11 +26,11 @@ let acmeRoot = "/var/lib/acme/acme-challenge"; in { - config = with cfg; lib.mkIf (certificateScheme == 3) { + config = lib.mkIf (cfg.certificateScheme == 3) { services.nginx = { enable = true; - virtualHosts = genAttrs allDomains (domain: { - serverName = "${hostPrefix}.${domain}"; + virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: { + serverName = "${domain}"; forceSSL = true; enableACME = true; locations."/" = { @@ -40,11 +40,8 @@ in }); }; security.acme.certs."mailserver" = { - # @todo what user/group should this run as? - user = "postfix"; # cfg.user; - group = "postfix"; # lib.mkDefault cfg.group; - domain = "${hostPrefix}.${domain}"; - extraDomains = map (domain: "${hostPrefix}.${domain}") extraDomains; + domain = "${cfg.hostPrefix}.${cfg.domain}"; + extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null); webroot = acmeRoot; # @todo should we reload postfix here? postRun = '' diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index ee91da9..a03e366 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -16,7 +16,7 @@ { config, pkgs, lib, ... }: -with (import ./common.nix { inherit config; }); +with (import ./common.nix { inherit config lib; }); let inherit (lib.strings) concatStringsSep; @@ -27,11 +27,11 @@ let valiases_postfix = map (from: let to = cfg.virtualAliases.${from}; - in "${from} ${to}") + in "${qualifyUser from} ${qualifyUser to}") (builtins.attrNames cfg.virtualAliases); # accountToIdentity :: User -> String - accountToIdentity = account: "${account.name} ${account.name}"; + accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}"; # vaccounts_identity :: [ String ] vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts); diff --git a/mail-server/users.nix b/mail-server/users.nix index f49be1f..d813101 100644 --- a/mail-server/users.nix +++ b/mail-server/users.nix @@ -19,6 +19,8 @@ with config.mailserver; let + qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser; + vmail_user = { name = vmailUserName; isNormalUser = false; @@ -30,14 +32,14 @@ let # accountsToUser :: String -> UserRecord accountsToUser = account: { - name = account.name; + name = (qualifyUser account.name); isNormalUser = false; group = vmailGroupName; inherit (account) hashedPassword; }; # mail_users :: { [String]: UserRecord } - mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {} + mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {} (map accountsToUser (lib.attrValues loginAccounts)); in diff --git a/nixops/single-server.nix b/nixops/single-server.nix index 8072233..af909d1 100644 --- a/nixops/single-server.nix +++ b/nixops/single-server.nix @@ -15,18 +15,18 @@ hostPrefix = "mail"; loginAccounts = { - "user1@example.com" = { + "user1" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; }; virtualAliases = { - "user1@example2.com" = "user1@example.com"; - "info@example.com" = "user1@example.com"; - "postmaster@example.com" = "user1@example.com"; - "abuse@example.com" = "user1@example.com"; - "info@example2.com" = "user1@example.com"; - "postmaster@example2.com" = "user1@example.com"; - "abuse@example2.com" = "user1@example.com"; + "info" = "user1"; + "postmaster" = "user1"; + "abuse" = "user1"; + "user1@example2.com" = "user1"; + "info@example2.com" = "user1"; + "postmaster@example2.com" = "user1"; + "abuse@example2.com" = "user1"; }; }; }; From f79080d2d9f05ae71899dd0cc8a229efcbc0480e Mon Sep 17 00:00:00 2001 From: John Boehr Date: Thu, 9 Nov 2017 14:17:18 -0800 Subject: [PATCH 4/8] Add .editorconfig --- .editorconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..2d46cdd --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +indent_size = 2 +insert_final_newline = true +trim_trailing_whitespace = true + +[Makefile] +indent_style = tab +indent_size = 8 From a745abaa8ebcbaeb225243e54487a4816eeccdf8 Mon Sep 17 00:00:00 2001 From: John Boehr Date: Thu, 9 Nov 2017 14:32:33 -0800 Subject: [PATCH 5/8] Reload postfix and dovecot2 --- mail-server/nginx.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix index 9eeace4..f487d7a 100644 --- a/mail-server/nginx.nix +++ b/mail-server/nginx.nix @@ -46,6 +46,8 @@ in # @todo should we reload postfix here? postRun = '' systemctl reload nginx + systemctl reload postfix + systemctl reload dovecot2 ''; }; }; From 16fb41de0167face01d63ae02f86d96768b6d493 Mon Sep 17 00:00:00 2001 From: John Boehr Date: Sat, 11 Nov 2017 09:44:45 +0000 Subject: [PATCH 6/8] Change domain to fqdn and extraDomains to domains --- default.nix | 17 ++++------------- mail-server/common.nix | 17 +++++------------ mail-server/dovecot.nix | 2 +- mail-server/nginx.nix | 30 ++++++++++++------------------ mail-server/postfix.nix | 9 ++++----- mail-server/services.nix | 4 ++-- mail-server/systemd.nix | 8 ++++---- mail-server/users.nix | 6 ++---- nixops/single-server.nix | 22 ++++++++++------------ tests/extern.nix | 8 ++++---- tests/intern.nix | 6 +++--- 11 files changed, 51 insertions(+), 78 deletions(-) diff --git a/default.nix b/default.nix index 381a0d1..9b7f6fe 100644 --- a/default.nix +++ b/default.nix @@ -26,26 +26,17 @@ in options.mailserver = { enable = mkEnableOption "nixos-mailserver"; - domain = mkOption { + fqdn = mkOption { type = types.str; example = "[ example.com ]"; - description = "The primary domain that this mail server serves."; + description = "The fully qualified domain name of the mail server."; }; - extraDomains = mkOption { + domains = mkOption { type = types.listOf types.str; example = "[ example.com ]"; default = []; - description = "Extra domains that this mail server serves."; - }; - - hostPrefix = mkOption { - type = types.str; - default = "mail"; - description = '' - The prefix of the FQDN of the server. In this example the FQDN of the server - is given by 'mail.example.com' - ''; + description = "The domains that this mail server serves."; }; loginAccounts = mkOption { diff --git a/mail-server/common.nix b/mail-server/common.nix index f491911..910b5c2 100644 --- a/mail-server/common.nix +++ b/mail-server/common.nix @@ -14,34 +14,27 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see -{ config, lib }: +{ config }: let cfg = config.mailserver; - inherit (lib.strings) stringToCharacters; in { # cert :: PATH certificatePath = if cfg.certificateScheme == 1 then cfg.certificateFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem" else if cfg.certificateScheme == 3 - then "/var/lib/acme/mailserver/fullchain.pem" + then "/var/lib/acme/${cfg.fqdn}/fullchain.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; # key :: PATH keyPath = if cfg.certificateScheme == 1 then cfg.keyFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/key-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem" else if cfg.certificateScheme == 3 - then "/var/lib/acme/mailserver/key.pem" + then "/var/lib/acme/${cfg.fqdn}/key.pem" else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; - - # appends cfg.domain to argument if it does not contain "@" - qualifyUser = user: ( - if (builtins.any (c: c == "@") (stringToCharacters user)) - then user - else "${user}@${cfg.domain}"); } diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index fb8330b..7ccaab1 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -16,7 +16,7 @@ { config, pkgs, lib, ... }: -with (import ./common.nix { inherit config lib; }); +with (import ./common.nix { inherit config; }); let cfg = config.mailserver; diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix index f487d7a..0ba4a54 100644 --- a/mail-server/nginx.nix +++ b/mail-server/nginx.nix @@ -20,35 +20,29 @@ with (import ./common.nix { inherit config; }); let - inherit (lib.attrsets) genAttrs; cfg = config.mailserver; - allDomains = [ cfg.domain ] ++ cfg.extraDomains; acmeRoot = "/var/lib/acme/acme-challenge"; in { config = lib.mkIf (cfg.certificateScheme == 3) { services.nginx = { enable = true; - virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: { - serverName = "${domain}"; - forceSSL = true; - enableACME = true; - locations."/" = { - root = "/var/www"; - }; - acmeRoot = acmeRoot; - }); + virtualHosts."${cfg.fqdn}" = { + serverName = cfg.fqdn; + forceSSL = true; + enableACME = true; + acmeRoot = acmeRoot; + }; }; - security.acme.certs."mailserver" = { - domain = "${cfg.hostPrefix}.${cfg.domain}"; - extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null); - webroot = acmeRoot; - # @todo should we reload postfix here? - postRun = '' + security.acme.certs."${cfg.fqdn}".postRun = #{ + # domain = "${cfg.fqdn}"; +# webroot = acmeRoot; +# postRun = + '' systemctl reload nginx systemctl reload postfix systemctl reload dovecot2 ''; - }; +# }; }; } diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index a03e366..a57e63d 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -16,22 +16,21 @@ { config, pkgs, lib, ... }: -with (import ./common.nix { inherit config lib; }); +with (import ./common.nix { inherit config; }); let inherit (lib.strings) concatStringsSep; cfg = config.mailserver; - allDomains = [ cfg.domain ] ++ cfg.extraDomains; # valiases_postfix :: [ String ] valiases_postfix = map (from: let to = cfg.virtualAliases.${from}; - in "${qualifyUser from} ${qualifyUser to}") + in "${from} ${to}") (builtins.attrNames cfg.virtualAliases); # accountToIdentity :: User -> String - accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}"; + accountToIdentity = account: "${account.name} ${account.name}"; # vaccounts_identity :: [ String ] vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts); @@ -40,7 +39,7 @@ let valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix); # vhosts_file :: Path - vhosts_file = builtins.toFile "vhosts" (concatStringsSep ", " allDomains); + vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains); # vaccounts_file :: Path # see diff --git a/mail-server/services.nix b/mail-server/services.nix index 2cebdaf..41d2bb3 100644 --- a/mail-server/services.nix +++ b/mail-server/services.nix @@ -24,14 +24,14 @@ let cert = if cfg.certificateScheme == 1 then cfg.certificateFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/cert-${cfg.fqdn.pem" else ""; # key :: PATH key = if cfg.certificateScheme == 1 then cfg.keyFile else if cfg.certificateScheme == 2 - then "${cfg.certificateDirectory}/key-${cfg.domain}.pem" + then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem" else ""; in { diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix index b6556a8..ecfbbde 100644 --- a/mail-server/systemd.nix +++ b/mail-server/systemd.nix @@ -23,10 +23,10 @@ let '' # Create certificates if they do not exist yet dir="${cfg.certificateDirectory}" - fqdn="${cfg.hostPrefix}.${cfg.domain}" + fqdn="${cfg.fqdn}" case $fqdn in /*) fqdn=$(cat "$fqdn");; esac - key="''${dir}/key-${cfg.domain}.pem"; - cert="''${dir}/cert-${cfg.domain}.pem"; + key="''${dir}/key-${cfg.fqdn}.pem"; + cert="''${dir}/cert-${cfg.fqdn}.pem"; if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ] then @@ -50,7 +50,7 @@ let then ${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \ - -d ${cfg.domain} \ + -d ${cfg.fqdn} \ --directory="${cfg.dkimKeyDirectory}" chown rmilter:rmilter "${dkim_key}" fi diff --git a/mail-server/users.nix b/mail-server/users.nix index d813101..f49be1f 100644 --- a/mail-server/users.nix +++ b/mail-server/users.nix @@ -19,8 +19,6 @@ with config.mailserver; let - qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser; - vmail_user = { name = vmailUserName; isNormalUser = false; @@ -32,14 +30,14 @@ let # accountsToUser :: String -> UserRecord accountsToUser = account: { - name = (qualifyUser account.name); + name = account.name; isNormalUser = false; group = vmailGroupName; inherit (account) hashedPassword; }; # mail_users :: { [String]: UserRecord } - mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {} + mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {} (map accountsToUser (lib.attrValues loginAccounts)); in diff --git a/nixops/single-server.nix b/nixops/single-server.nix index af909d1..abcd671 100644 --- a/nixops/single-server.nix +++ b/nixops/single-server.nix @@ -10,23 +10,21 @@ mailserver = { enable = true; - domain = "example.com"; - extraDomains = [ "example2.com" ]; - - hostPrefix = "mail"; + fqdn = "mail.example.com"; + domains = [ "example.com", "example2.com" ]; loginAccounts = { - "user1" = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; }; virtualAliases = { - "info" = "user1"; - "postmaster" = "user1"; - "abuse" = "user1"; - "user1@example2.com" = "user1"; - "info@example2.com" = "user1"; - "postmaster@example2.com" = "user1"; - "abuse@example2.com" = "user1"; + "info@example.com" = "user1@example.com"; + "postmaster@example.com" = "user1@example.com"; + "abuse@example.com" = "user1@example.com"; + "user1@example2.com" = "user1@example.com"; + "info@example2.com" = "user1@example.com"; + "postmaster@example2.com" = "user1@example.com"; + "abuse@example2.com" = "user1@example.com"; }; }; }; diff --git a/tests/extern.nix b/tests/extern.nix index f98f10e..03c53c6 100644 --- a/tests/extern.nix +++ b/tests/extern.nix @@ -25,14 +25,14 @@ import { mailserver = { enable = true; - domain = "example.com"; + fqdn = "mail.example.com"; + domains = [ "example.com" ]; - hostPrefix = "mail"; loginAccounts = { - user1 = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; - user2 = { + "user2@example.com" = { hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0"; }; }; diff --git a/tests/intern.nix b/tests/intern.nix index 58c4b75..bcfce2a 100644 --- a/tests/intern.nix +++ b/tests/intern.nix @@ -25,11 +25,11 @@ import { mailserver = { enable = true; - domain = "example.com"; + fqdn = "mail.example.com"; + domains = [ "example.com" ]; - hostPrefix = "mail"; loginAccounts = { - user1 = { + "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; }; }; From d249edc13524efc2ae00b1f24f5e27671dd4721a Mon Sep 17 00:00:00 2001 From: John Boehr Date: Sat, 11 Nov 2017 09:47:25 +0000 Subject: [PATCH 7/8] Remove makefile section from editorconfig --- .editorconfig | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.editorconfig b/.editorconfig index 2d46cdd..86a63dc 100644 --- a/.editorconfig +++ b/.editorconfig @@ -7,7 +7,3 @@ indent_style = space indent_size = 2 insert_final_newline = true trim_trailing_whitespace = true - -[Makefile] -indent_style = tab -indent_size = 8 From 76fc3d67ae855de80fc9523add5bc5a41ec8bc5d Mon Sep 17 00:00:00 2001 From: John Boehr Date: Sat, 11 Nov 2017 09:53:35 +0000 Subject: [PATCH 8/8] Fix syntax error in sample nixops config --- nixops/single-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixops/single-server.nix b/nixops/single-server.nix index abcd671..1976809 100644 --- a/nixops/single-server.nix +++ b/nixops/single-server.nix @@ -11,7 +11,7 @@ mailserver = { enable = true; fqdn = "mail.example.com"; - domains = [ "example.com", "example2.com" ]; + domains = [ "example.com" "example2.com" ]; loginAccounts = { "user1@example.com" = { hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";