Change domain to fqdn and extraDomains to domains

This commit is contained in:
John Boehr 2017-11-11 09:44:45 +00:00 committed by John Boehr
parent a745abaa8e
commit 16fb41de01
11 changed files with 51 additions and 78 deletions

View File

@ -26,26 +26,17 @@ in
options.mailserver = {
enable = mkEnableOption "nixos-mailserver";
domain = mkOption {
fqdn = mkOption {
type = types.str;
example = "[ example.com ]";
description = "The primary domain that this mail server serves.";
description = "The fully qualified domain name of the mail server.";
};
extraDomains = mkOption {
domains = mkOption {
type = types.listOf types.str;
example = "[ example.com ]";
default = [];
description = "Extra domains that this mail server serves.";
};
hostPrefix = mkOption {
type = types.str;
default = "mail";
description = ''
The prefix of the FQDN of the server. In this example the FQDN of the server
is given by 'mail.example.com'
'';
description = "The domains that this mail server serves.";
};
loginAccounts = mkOption {

View File

@ -14,34 +14,27 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
{ config, lib }:
{ config }:
let
cfg = config.mailserver;
inherit (lib.strings) stringToCharacters;
in
{
# cert :: PATH
certificatePath = if cfg.certificateScheme == 1
then cfg.certificateFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem"
else if cfg.certificateScheme == 3
then "/var/lib/acme/mailserver/fullchain.pem"
then "/var/lib/acme/${cfg.fqdn}/fullchain.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# key :: PATH
keyPath = if cfg.certificateScheme == 1
then cfg.keyFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
else if cfg.certificateScheme == 3
then "/var/lib/acme/mailserver/key.pem"
then "/var/lib/acme/${cfg.fqdn}/key.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# appends cfg.domain to argument if it does not contain "@"
qualifyUser = user: (
if (builtins.any (c: c == "@") (stringToCharacters user))
then user
else "${user}@${cfg.domain}");
}

View File

@ -16,7 +16,7 @@
{ config, pkgs, lib, ... }:
with (import ./common.nix { inherit config lib; });
with (import ./common.nix { inherit config; });
let
cfg = config.mailserver;

View File

@ -20,35 +20,29 @@
with (import ./common.nix { inherit config; });
let
inherit (lib.attrsets) genAttrs;
cfg = config.mailserver;
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
acmeRoot = "/var/lib/acme/acme-challenge";
in
{
config = lib.mkIf (cfg.certificateScheme == 3) {
services.nginx = {
enable = true;
virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: {
serverName = "${domain}";
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/var/www";
};
acmeRoot = acmeRoot;
});
virtualHosts."${cfg.fqdn}" = {
serverName = cfg.fqdn;
forceSSL = true;
enableACME = true;
acmeRoot = acmeRoot;
};
};
security.acme.certs."mailserver" = {
domain = "${cfg.hostPrefix}.${cfg.domain}";
extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null);
webroot = acmeRoot;
# @todo should we reload postfix here?
postRun = ''
security.acme.certs."${cfg.fqdn}".postRun = #{
# domain = "${cfg.fqdn}";
# webroot = acmeRoot;
# postRun =
''
systemctl reload nginx
systemctl reload postfix
systemctl reload dovecot2
'';
};
# };
};
}

View File

@ -16,22 +16,21 @@
{ config, pkgs, lib, ... }:
with (import ./common.nix { inherit config lib; });
with (import ./common.nix { inherit config; });
let
inherit (lib.strings) concatStringsSep;
cfg = config.mailserver;
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
# valiases_postfix :: [ String ]
valiases_postfix = map
(from:
let to = cfg.virtualAliases.${from};
in "${qualifyUser from} ${qualifyUser to}")
in "${from} ${to}")
(builtins.attrNames cfg.virtualAliases);
# accountToIdentity :: User -> String
accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}";
accountToIdentity = account: "${account.name} ${account.name}";
# vaccounts_identity :: [ String ]
vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts);
@ -40,7 +39,7 @@ let
valiases_file = builtins.toFile "valias" (lib.concatStringsSep "\n" valiases_postfix);
# vhosts_file :: Path
vhosts_file = builtins.toFile "vhosts" (concatStringsSep ", " allDomains);
vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains);
# vaccounts_file :: Path
# see

View File

@ -24,14 +24,14 @@ let
cert = if cfg.certificateScheme == 1
then cfg.certificateFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/cert-${cfg.fqdn.pem"
else "";
# key :: PATH
key = if cfg.certificateScheme == 1
then cfg.keyFile
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
else "";
in
{

View File

@ -23,10 +23,10 @@ let
''
# Create certificates if they do not exist yet
dir="${cfg.certificateDirectory}"
fqdn="${cfg.hostPrefix}.${cfg.domain}"
fqdn="${cfg.fqdn}"
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
key="''${dir}/key-${cfg.domain}.pem";
cert="''${dir}/cert-${cfg.domain}.pem";
key="''${dir}/key-${cfg.fqdn}.pem";
cert="''${dir}/cert-${cfg.fqdn}.pem";
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
then
@ -50,7 +50,7 @@ let
then
${pkgs.opendkim}/bin/opendkim-genkey -s "${cfg.dkimSelector}" \
-d ${cfg.domain} \
-d ${cfg.fqdn} \
--directory="${cfg.dkimKeyDirectory}"
chown rmilter:rmilter "${dkim_key}"
fi

View File

@ -19,8 +19,6 @@
with config.mailserver;
let
qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser;
vmail_user = {
name = vmailUserName;
isNormalUser = false;
@ -32,14 +30,14 @@ let
# accountsToUser :: String -> UserRecord
accountsToUser = account: {
name = (qualifyUser account.name);
name = account.name;
isNormalUser = false;
group = vmailGroupName;
inherit (account) hashedPassword;
};
# mail_users :: { [String]: UserRecord }
mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {}
mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
(map accountsToUser (lib.attrValues loginAccounts));
in

View File

@ -10,23 +10,21 @@
mailserver = {
enable = true;
domain = "example.com";
extraDomains = [ "example2.com" ];
hostPrefix = "mail";
fqdn = "mail.example.com";
domains = [ "example.com", "example2.com" ];
loginAccounts = {
"user1" = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};
virtualAliases = {
"info" = "user1";
"postmaster" = "user1";
"abuse" = "user1";
"user1@example2.com" = "user1";
"info@example2.com" = "user1";
"postmaster@example2.com" = "user1";
"abuse@example2.com" = "user1";
"info@example.com" = "user1@example.com";
"postmaster@example.com" = "user1@example.com";
"abuse@example.com" = "user1@example.com";
"user1@example2.com" = "user1@example.com";
"info@example2.com" = "user1@example.com";
"postmaster@example2.com" = "user1@example.com";
"abuse@example2.com" = "user1@example.com";
};
};
};

View File

@ -25,14 +25,14 @@ import <nixpkgs/nixos/tests/make-test.nix> {
mailserver = {
enable = true;
domain = "example.com";
fqdn = "mail.example.com";
domains = [ "example.com" ];
hostPrefix = "mail";
loginAccounts = {
user1 = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
user2 = {
"user2@example.com" = {
hashedPassword = "$6$u61JrAtuI0a$nGEEfTP5.eefxoScUGVG/Tl0alqla2aGax4oTd85v3j3xSmhv/02gNfSemv/aaMinlv9j/ZABosVKBrRvN5Qv0";
};
};

View File

@ -25,11 +25,11 @@ import <nixpkgs/nixos/tests/make-test.nix> {
mailserver = {
enable = true;
domain = "example.com";
fqdn = "mail.example.com";
domains = [ "example.com" ];
hostPrefix = "mail";
loginAccounts = {
user1 = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};