diff --git a/configuration.nix b/configuration.nix index 75148d1..221d424 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { imports = [ - ./variables-module.nix + ./selfprivacy-module.nix ./volumes.nix ./users.nix ./letsencrypt/acme.nix diff --git a/flake.nix b/flake.nix index 5960ec5..bce9d7a 100644 --- a/flake.nix +++ b/flake.nix @@ -25,9 +25,10 @@ deployment ./configuration.nix (import ./files.nix top-level-flake.outPath) - (import ./userdata-variables.nix userdata) selfprivacy-api.nixosModules.default { + # pass userdata (parsed from JSON) options to selfprivacy module + selfprivacy = userdata; # embed top-level flake source folder into the build environment.etc."selfprivacy/nixos-config-source".source = top-level-flake.outPath; diff --git a/variables-module.nix b/selfprivacy-module.nix similarity index 91% rename from variables-module.nix rename to selfprivacy-module.nix index da509d0..95508fe 100644 --- a/variables-module.nix +++ b/selfprivacy-module.nix @@ -86,32 +86,25 @@ with lib; ############# dns = { provider = mkOption { - description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE"; + description = "DNS provider that was defined at the initial setup process."; type = types.nullOr types.str; }; useStagingACME = mkOption { description = "Use staging ACME server. Default is false"; type = types.nullOr types.bool; + default = false; }; }; backup = { bucket = mkOption { description = "Bucket name used for userdata backups"; type = types.nullOr types.str; + default = ""; }; }; server = { provider = mkOption { - description = "Server provider that was defined at the initial setup process. Default is HETZNER"; - type = types.nullOr types.str; - }; - }; - ############## - # Services # - ############## - email = { - location = mkOption { - default = "sda1"; + description = "Server provider that was defined at the initial setup process."; type = types.nullOr types.str; }; }; @@ -125,7 +118,7 @@ with lib; }; rootKeys = mkOption { description = '' - Root SSH Keys + Root SSH authorized keys ''; type = types.nullOr (types.listOf types.str); default = [ "" ]; @@ -163,9 +156,5 @@ with lib; default = false; description = "Whether to bind-mount vmail and sieve folders"; }; - ############## - # Modules # - ############## - # modules = }; } diff --git a/sp-modules/simple-nixos-mailserver/config-paths-needed.json b/sp-modules/simple-nixos-mailserver/config-paths-needed.json index 2fad79c..27c44ff 100644 --- a/sp-modules/simple-nixos-mailserver/config-paths-needed.json +++ b/sp-modules/simple-nixos-mailserver/config-paths-needed.json @@ -1,7 +1,6 @@ [ [ "mailserver" ], [ "selfprivacy", "domain" ], - [ "selfprivacy", "email" ], [ "selfprivacy", "hashedMasterPassword" ], [ "selfprivacy", "useBinds" ], [ "selfprivacy", "username" ], diff --git a/sp-modules/simple-nixos-mailserver/config.nix b/sp-modules/simple-nixos-mailserver/config.nix index 2787be8..7d53090 100644 --- a/sp-modules/simple-nixos-mailserver/config.nix +++ b/sp-modules/simple-nixos-mailserver/config.nix @@ -2,21 +2,23 @@ mailserverDate: { config, lib, ... }: let sp = config.selfprivacy; in +lib.mkIf sp.modules.simple-nixos-mailserver.enable { - fileSystems = - lib.mkIf (sp.modules.simple-nixos-mailserver.enable && sp.useBinds) - { - "/var/vmail" = { - device = "/volumes/${sp.email.location}/vmail"; - options = [ "bind" ]; - }; - "/var/sieve" = { - device = "/volumes/${sp.email.location}/sieve"; - options = [ "bind" ]; - }; + fileSystems = lib.mkIf sp.useBinds + { + "/var/vmail" = { + device = + "/volumes/${sp.modules.simple-nixos-mailserver.location}/vmail"; + options = [ "bind" ]; }; + "/var/sieve" = { + device = + "/volumes/${sp.modules.simple-nixos-mailserver.location}/sieve"; + options = [ "bind" ]; + }; + }; - users.users = lib.mkIf sp.modules.simple-nixos-mailserver.enable { + users.users = { virtualMail = { isNormalUser = false; }; @@ -24,16 +26,30 @@ in users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ]; - selfprivacy.modules.simple-nixos-mailserver = - lib.mkIf sp.modules.simple-nixos-mailserver.enable { - fqdn = sp.domain; - domains = [ sp.domain ]; + mailserver = { + enable = true; + fqdn = sp.domain; + domains = [ sp.domain ]; - # A list of all login accounts. To create the password hashes, use - # mkpasswd -m sha-512 "super secret password" - loginAccounts = { - "${sp.username}@${sp.domain}" = { - hashedPassword = sp.hashedMasterPassword; + # A list of all login accounts. To create the password hashes, use + # mkpasswd -m sha-512 "super secret password" + loginAccounts = { + "${sp.username}@${sp.domain}" = { + hashedPassword = sp.hashedMasterPassword; + sieveScript = '' + require ["fileinto", "mailbox"]; + if header :contains "Chat-Version" "1.0" + { + fileinto :create "DeltaChat"; + stop; + } + ''; + }; + } // builtins.listToAttrs (builtins.map + (user: { + name = "${user.username}@${sp.domain}"; + value = { + hashedPassword = user.hashedPassword; sieveScript = '' require ["fileinto", "mailbox"]; if header :contains "Chat-Version" "1.0" @@ -43,45 +59,31 @@ in } ''; }; - } // builtins.listToAttrs (builtins.map - (user: { - name = "${user.username}@${sp.domain}"; - value = { - hashedPassword = user.hashedPassword; - sieveScript = '' - require ["fileinto", "mailbox"]; - if header :contains "Chat-Version" "1.0" - { - fileinto :create "DeltaChat"; - stop; - } - ''; - }; - }) - sp.users); + }) + sp.users); - extraVirtualAliases = { - "admin@${sp.domain}" = "${sp.username}@${sp.domain}"; - }; - - certificateScheme = - if builtins.compareVersions mailserverDate "20230525011002" - >= 0 - then "manual" - else 1; - certificateFile = "/var/lib/acme/${sp.domain}/fullchain.pem"; - keyFile = "/var/lib/acme/${sp.domain}/key.pem"; - - # Enable IMAP and POP3 - enableImap = true; - enableImapSsl = true; - enablePop3 = false; - enablePop3Ssl = false; - dkimSelector = "selector"; - - # Enable the ManageSieve protocol - enableManageSieve = true; - - virusScanning = false; + extraVirtualAliases = { + "admin@${sp.domain}" = "${sp.username}@${sp.domain}"; }; + + certificateScheme = + if builtins.compareVersions mailserverDate "20230525011002" + >= 0 + then "manual" + else 1; + certificateFile = "/var/lib/acme/${sp.domain}/fullchain.pem"; + keyFile = "/var/lib/acme/${sp.domain}/key.pem"; + + # Enable IMAP and POP3 + enableImap = true; + enableImapSsl = true; + enablePop3 = false; + enablePop3Ssl = false; + dkimSelector = "selector"; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + }; } diff --git a/sp-modules/simple-nixos-mailserver/flake.nix b/sp-modules/simple-nixos-mailserver/flake.nix index f37594f..8a36b23 100644 --- a/sp-modules/simple-nixos-mailserver/flake.nix +++ b/sp-modules/simple-nixos-mailserver/flake.nix @@ -5,23 +5,13 @@ gitlab:simple-nixos-mailserver/nixos-mailserver; outputs = { self, mailserver }: { - nixosModules.default = args@{ config, ... }: - let - module = mailserver.nixosModules.default args; - in - { - imports = [ - module - { - # tricks to rename (alias) the original module - config.mailserver = - config.selfprivacy.modules.simple-nixos-mailserver; - options.selfprivacy.modules.simple-nixos-mailserver = - module.options.mailserver; - } - (import ./config.nix mailserver.lastModifiedDate) - ]; - }; + nixosModules.default = _: { + imports = [ + mailserver.nixosModules.default + ./options.nix + (import ./config.nix mailserver.lastModifiedDate) + ]; + }; configPathsNeeded = builtins.fromJSON (builtins.readFile ./config-paths-needed.json); diff --git a/sp-modules/simple-nixos-mailserver/options.nix b/sp-modules/simple-nixos-mailserver/options.nix new file mode 100644 index 0000000..0f83abe --- /dev/null +++ b/sp-modules/simple-nixos-mailserver/options.nix @@ -0,0 +1,13 @@ +{ lib, ... }: +{ + options.selfprivacy.modules.simple-nixos-mailserver = { + enable = lib.mkOption { + default = false; + type = with lib.types; nullOr bool; + }; + location = lib.mkOption { + default = "sda1"; + type = with lib.types; nullOr str; + }; + }; +} diff --git a/userdata-variables.nix b/userdata-variables.nix deleted file mode 100644 index f2d9775..0000000 --- a/userdata-variables.nix +++ /dev/null @@ -1,32 +0,0 @@ -jsonData: { lib, ... }: -{ - selfprivacy = jsonData // { - hostname = lib.attrsets.attrByPath [ "hostname" ] null jsonData; - domain = lib.attrsets.attrByPath [ "domain" ] null jsonData; - timezone = lib.attrsets.attrByPath [ "timezone" ] "Europe/Uzhgorod" jsonData; - stateVersion = lib.attrsets.attrByPath [ "stateVersion" ] "22.05" jsonData; - username = lib.attrsets.attrByPath [ "username" ] null jsonData; - hashedMasterPassword = lib.attrsets.attrByPath [ "hashedMasterPassword" ] null jsonData; - sshKeys = lib.attrsets.attrByPath [ "sshKeys" ] [ ] jsonData; - dns = { - provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData; - useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData; - }; - backup = { - bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData; - }; - server = { - provider = lib.attrsets.attrByPath [ "server" "provider" ] "HETZNER" jsonData; - }; - ssh = { - enable = lib.attrsets.attrByPath [ "ssh" "enable" ] true jsonData; - rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData; - passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData; - }; - email = { - location = lib.attrsets.attrByPath [ "email" "location" ] "sda1" jsonData; - }; - users = lib.attrsets.attrByPath [ "users" ] [ ] jsonData; - volumes = lib.attrsets.attrByPath [ "volumes" ] [ ] jsonData; - }; -}