From 694e7d34f60028f4877517e1c7c73c9527fad400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Wed, 30 Nov 2022 12:30:29 +0100 Subject: [PATCH] docs: option docs improvements - add missing description and defaultText fields - add dmarcReporting option group - render examples --- default.nix | 6 +- docs/options.rst | 642 +++++++++++++++++++------------- scripts/generate-rst-options.py | 48 ++- 3 files changed, 420 insertions(+), 276 deletions(-) diff --git a/default.nix b/default.nix index 8584af2..275ac83 100644 --- a/default.nix +++ b/default.nix @@ -662,8 +662,11 @@ in email = mkOption { type = types.str; default = with cfg.dmarcReporting; "${localpart}@${domain}"; - example = "dmarc-noreply@example.com"; + defaultText = literalExpression ''"''${localpart}@''${domain}"''; readOnly = true; + description = '' + The email address used for outgoing DMARC reports. Read-only. + ''; }; organizationName = mkOption { @@ -678,6 +681,7 @@ in fromName = mkOption { type = types.str; default = cfg.dmarcReporting.organizationName; + defaultText = literalExpression "organizationName"; description = '' The sender name for DMARC reports. Defaults to the organization name. ''; diff --git a/docs/options.rst b/docs/options.rst index 0e3f7ab..5c23c83 100644 --- a/docs/options.rst +++ b/docs/options.rst @@ -15,73 +15,8 @@ intended be used for development purposes only, you probably don't want to enable this unless you're hacking on nixos-mailserver. -- Type: ``boolean`` -- Default: ``False`` - - -mailserver.dmarcReporting.domain --------------------------------- - -The domain from which outgoing DMARC reports are served. - - -- Type: ``value "example.com" (singular enum)`` - - - -mailserver.dmarcReporting.email -------------------------------- - -None - -- Type: ``string`` -- Default: ``dmarc-noreply@example.com`` - - -mailserver.dmarcReporting.enable --------------------------------- - -Whether to send out aggregated, daily DMARC reports in response to incoming -mail, when the sender domain defines a DMARC policy including the RUA tag. - -This is helpful for the mail ecosystem, because it allows third parties to -get notified about SPF/DKIM violations originating from their sender domains. - -See https://rspamd.com/doc/modules/dmarc.html#reporting - - -- Type: ``boolean`` -- Default: ``False`` - - -mailserver.dmarcReporting.fromName ----------------------------------- - -The sender name for DMARC reports. Defaults to the organization name. - - -- Type: ``string`` -- Default: ``Example Corp`` - - -mailserver.dmarcReporting.localpart ------------------------------------ - -The local part of the email address used for outgoing DMARC reports. - - -- Type: ``string`` -- Default: ``dmarc-noreply`` - - -mailserver.dmarcReporting.organizationName ------------------------------------------- - -The name of your organization used in the org_name attribute in -DMARC reports. - - -- Type: ``string`` +- type: ``boolean`` +- default: ``False`` @@ -90,8 +25,9 @@ mailserver.domains The domains that this mail server serves. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` +- example: ``['example.com']`` mailserver.enable @@ -99,8 +35,9 @@ mailserver.enable Whether to enable nixos-mailserver. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` +- example: ``True`` mailserver.enableImap @@ -109,8 +46,9 @@ mailserver.enableImap Whether to enable IMAP with STARTTLS on port 143. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.enableImapSsl @@ -119,8 +57,9 @@ mailserver.enableImapSsl Whether to enable IMAP with TLS in wrapper-mode on port 993. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.enableManageSieve @@ -133,8 +72,9 @@ The ManageSieve protocol allows users to manage their Sieve scripts on a remote server with a supported client, including Thunderbird. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.enablePop3 @@ -143,8 +83,9 @@ mailserver.enablePop3 Whether to enable POP3 with STARTTLS on port on port 110. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.enablePop3Ssl @@ -153,8 +94,9 @@ mailserver.enablePop3Ssl Whether to enable POP3 with TLS in wrapper-mode on port 995. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.enableSubmission @@ -163,8 +105,9 @@ mailserver.enableSubmission Whether to enable SMTP with STARTTLS on port 587. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.enableSubmissionSsl @@ -173,8 +116,9 @@ mailserver.enableSubmissionSsl Whether to enable SMTP with TLS in wrapper-mode on port 465. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.extraVirtualAliases @@ -191,8 +135,9 @@ example all mails for `multi@example.com` will be forwarded to both `user1@example.com` and `user2@example.com`. -- Type: ``attribute set of Login Account or non-empty list of Login Accountss`` -- Default: ``{}`` +- type: ``attribute set of Login Account or non-empty list of Login Accountss`` +- default: ``{}`` +- example: ``{'abuse@example.com': 'user1@example.com', 'info@example.com': 'user1@example.com', 'multi@example.com': ['user1@example.com', 'user2@example.com'], 'postmaster@example.com': 'user1@example.com'}`` mailserver.forwards @@ -207,8 +152,9 @@ can't send mail as `user@example.com`. Also, this option allows to forward mails to external addresses. -- Type: ``attribute set of list of strings or strings`` -- Default: ``{}`` +- type: ``attribute set of list of strings or strings`` +- default: ``{}`` +- example: ``{'user@example.com': 'user@elsewhere.com'}`` mailserver.fqdn @@ -216,8 +162,9 @@ mailserver.fqdn The fully qualified domain name of the mail server. -- Type: ``string`` +- type: ``string`` +- example: ``mx.example.com`` mailserver.hierarchySeparator @@ -231,8 +178,9 @@ This does not determine the way your mails are stored on disk. See https://wiki.dovecot.org/Namespaces for details. -- Type: ``string`` -- Default: ``.`` +- type: ``string`` +- default: ``.`` + mailserver.indexDir @@ -253,8 +201,9 @@ https://doc.dovecot.org/configuration_manual/mail_location/#variables for details. -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` +- example: ``/var/lib/dovecot/indices`` mailserver.keyFile @@ -264,8 +213,9 @@ Scheme 1) Location of the key file -- Type: ``path`` +- type: ``path`` +- example: ``/root/mail-server.key`` mailserver.lmtpSaveToDetailMailbox @@ -276,8 +226,9 @@ mailbox matching the string after the "+"? For example, user1+test@example.com would be filed into the mailbox "test". -- Type: ``one of "yes", "no"`` -- Default: ``yes`` +- type: ``one of "yes", "no"`` +- default: ``yes`` + mailserver.localDnsResolver @@ -286,8 +237,9 @@ mailserver.localDnsResolver Runs a local DNS resolver (kresd) as recommended when running rspamd. This prevents your log file from filling up with rspamd_monitored_dns_mon entries. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.mailDirectory @@ -296,8 +248,9 @@ mailserver.mailDirectory Where to store the mail. -- Type: ``path`` -- Default: ``/var/vmail`` +- type: ``path`` +- default: ``/var/vmail`` + mailserver.mailboxes @@ -307,8 +260,9 @@ The mailboxes for dovecot. Depending on the mail client used it might be necessary to change some mailbox's name. -- Type: ``unspecified`` -- Default: ``{'Drafts': {'auto': 'subscribe', 'specialUse': 'Drafts'}, 'Junk': {'auto': 'subscribe', 'specialUse': 'Junk'}, 'Sent': {'auto': 'subscribe', 'specialUse': 'Sent'}, 'Trash': {'auto': 'no', 'specialUse': 'Trash'}}`` +- type: ``unspecified`` +- default: ``{'Drafts': {'auto': 'subscribe', 'specialUse': 'Drafts'}, 'Junk': {'auto': 'subscribe', 'specialUse': 'Junk'}, 'Sent': {'auto': 'subscribe', 'specialUse': 'Sent'}, 'Trash': {'auto': 'no', 'specialUse': 'Trash'}}`` + mailserver.maxConnectionsPerUser @@ -319,8 +273,9 @@ E.g. a value of 50 allows for 50 IMAP and 50 POP3 connections at the same time for a single user. -- Type: ``signed integer`` -- Default: ``100`` +- type: ``signed integer`` +- default: ``100`` + mailserver.messageSizeLimit @@ -328,8 +283,9 @@ mailserver.messageSizeLimit Message size limit enforced by Postfix. -- Type: ``signed integer`` -- Default: ``20971520`` +- type: ``signed integer`` +- default: ``20971520`` +- example: ``52428800`` mailserver.openFirewall @@ -337,8 +293,9 @@ mailserver.openFirewall Automatically open ports in the firewall. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.policydSPFExtraConfig @@ -348,8 +305,14 @@ Extra configuration options for policyd-spf. This can be use to among other things skip spf checking for some IP addresses. -- Type: ``strings concatenated with "\n"`` -- Default: ``""`` +- type: ``strings concatenated with "\n"`` +- default: ``""`` +- example: +.. code:: + + skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 + + mailserver.rebootAfterKernelUpgrade.enable @@ -359,8 +322,9 @@ Whether to enable automatic reboot after kernel upgrades. This is to be used in conjunction with system.autoUpgrade.enable = true" -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` +- example: ``True`` mailserver.rebootAfterKernelUpgrade.method @@ -371,8 +335,9 @@ It is recommended to use the default value because the quicker kexec reboot has Also if your server is running in a virtual machine the regular reboot will already be very quick. -- Type: ``one of "reboot", "systemctl kexec"`` -- Default: ``reboot`` +- type: ``one of "reboot", "systemctl kexec"`` +- default: ``reboot`` + mailserver.recipientDelimiter @@ -381,8 +346,9 @@ mailserver.recipientDelimiter Configure the recipient delimiter. -- Type: ``string`` -- Default: ``+`` +- type: ``string`` +- default: ``+`` + mailserver.rejectRecipients @@ -393,8 +359,9 @@ Use if a spammer has found email addresses in a catchall domain but you do not want to disable the catchall. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` +- example: ``['sales@example.com', 'info@example.com']`` mailserver.rejectSender @@ -404,8 +371,9 @@ Reject emails from these addresses from unauthorized senders. Use if a spammer is using the same domain or the same sender over and over. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` +- example: ``['@example.com', 'spammer@example.net']`` mailserver.rewriteMessageId @@ -416,8 +384,9 @@ Please be aware that this may cause problems with some mail clients relying on the original Message-ID. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.sendingFqdn @@ -443,8 +412,9 @@ Set this to the name to which the sending IP's reverse DNS resolves. -- Type: ``string`` -- Default: ``config.mailserver.fqdn`` +- type: ``string`` +- default: ``config.mailserver.fqdn`` +- example: ``myserver.example.com`` mailserver.sieveDirectory @@ -453,8 +423,9 @@ mailserver.sieveDirectory Where to store the sieve scripts. -- Type: ``path`` -- Default: ``/var/sieve`` +- type: ``path`` +- default: ``/var/sieve`` + mailserver.useFsLayout @@ -468,8 +439,9 @@ Sets whether dovecot should organize mail in subdirectories: See https://wiki2.dovecot.org/MailboxFormat/Maildir for details. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.virusScanning @@ -479,8 +451,9 @@ Whether to activate virus scanning. Note that virus scanning is _very_ expensive memory wise. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.vmailGroupName @@ -490,8 +463,9 @@ The user name and group name of the user that owns the directory where all the mail is stored. -- Type: ``string`` -- Default: ``virtualMail`` +- type: ``string`` +- default: ``virtualMail`` + mailserver.vmailUID @@ -502,8 +476,9 @@ changed, you will need to manually adjust the permissions of mailDirectory. -- Type: ``signed integer`` -- Default: ``5000`` +- type: ``signed integer`` +- default: ``5000`` + mailserver.vmailUserName @@ -513,8 +488,9 @@ The user name and group name of the user that owns the directory where all the mail is stored. -- Type: ``string`` -- Default: ``virtualMail`` +- type: ``string`` +- default: ``virtualMail`` + mailserver.loginAccount ~~~~~~~~~~~~~~~~~~~~~~~ @@ -532,8 +508,9 @@ nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' ``` -- Type: ``attribute set of submodules`` -- Default: ``{}`` +- type: ``attribute set of submodules`` +- default: ``{}`` +- example: ``{'user1': {'hashedPassword': '$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/'}, 'user2': {'hashedPassword': '$6$oE0ZNv2n7Vk9gOf$9xcZWCCLGdMflIfuA0vR1Q1Xblw6RZqPrP94mEit2/81/7AKj2bqUai5yPyWE.QYPyv6wLMHZvjw3Rlg7yTCD/'}}`` mailserver.loginAccounts..aliases @@ -544,8 +521,9 @@ Note: Use list entries like "@example.com" to create a catchAll that allows sending from all email addresses in these domain. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` +- example: ``['abuse@example.com', 'postmaster@example.com']`` mailserver.loginAccounts..catchAll @@ -555,8 +533,9 @@ For which domains should this account act as a catch all? Note: Does not allow sending from all addresses of these domains. -- Type: ``list of value "example.com" (singular enum)s`` -- Default: ``[]`` +- type: ``list of value "example.com" (singular enum)s`` +- default: ``[]`` +- example: ``['example.com', 'example2.com']`` mailserver.loginAccounts..hashedPassword @@ -572,8 +551,9 @@ Warning: this is stored in plaintext in the Nix store! Use `hashedPasswordFile` instead. -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` +- example: ``$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/`` mailserver.loginAccounts..hashedPasswordFile @@ -586,8 +566,9 @@ nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' ``` -- Type: ``null or path`` -- Default: ``None`` +- type: ``null or path`` +- default: ``None`` +- example: ``/run/keys/user1-passwordhash`` mailserver.loginAccounts..name @@ -595,8 +576,9 @@ mailserver.loginAccounts..name Username -- Type: ``string`` +- type: ``string`` +- example: ``user1@example.com`` mailserver.loginAccounts..quota @@ -606,8 +588,9 @@ Per user quota rules. Accepted sizes are `xx k/M/G/T` with the obvious meaning. Leave blank for the standard quota `100G`. -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` +- example: ``2G`` mailserver.loginAccounts..sendOnly @@ -619,8 +602,9 @@ unauthorized senders with the sendOnlyRejectMessage stating the reason. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.loginAccounts..sendOnlyRejectMessage @@ -631,8 +615,9 @@ sent to a send-only account. Only used if the account is marked as send-only. -- Type: ``string`` -- Default: ``This account cannot receive emails.`` +- type: ``string`` +- default: ``This account cannot receive emails.`` + mailserver.loginAccounts..sieveScript @@ -641,8 +626,26 @@ mailserver.loginAccounts..sieveScript Per-user sieve script. -- Type: ``null or strings concatenated with "\n"`` -- Default: ``None`` +- type: ``null or strings concatenated with "\n"`` +- default: ``None`` +- example: +.. code:: + + require ["fileinto", "mailbox"]; + + if address :is "from" "gitlab@mg.gitlab.com" { + fileinto :create "GitLab"; + stop; + } + + # This must be the last rule, it will check if list-id is set, and + # file the message into the Lists folder for further investigation + elsif header :matches "list-id" "" { + fileinto :create "Lists"; + stop; + } + + mailserver.certificate ~~~~~~~~~~~~~~~~~~~~~~ @@ -657,8 +660,9 @@ hardcoded to "cert-DOMAIN.pem" and "key-DOMAIN.pem" and the certificate is valid for 10 years. -- Type: ``path`` -- Default: ``/var/certs`` +- type: ``path`` +- default: ``/var/certs`` + mailserver.certificateDomains @@ -666,8 +670,9 @@ mailserver.certificateDomains Secondary domains and subdomains for which it is necessary to generate a certificate. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` +- example: ``['imap.example.com', 'pop3.example.com']`` mailserver.certificateFile @@ -677,8 +682,9 @@ Scheme 1) Location of the certificate -- Type: ``path`` +- type: ``path`` +- example: ``/root/mail-server.crt`` mailserver.certificateScheme @@ -695,8 +701,9 @@ Certificate Files. There are three options for these. on how to set up the domain records, see the guide in the readme. -- Type: ``one of 1, 2, 3`` -- Default: ``2`` +- type: ``one of 1, 2, 3`` +- default: ``2`` + mailserver.dkim ~~~~~~~~~~~~~~~ @@ -710,8 +717,9 @@ DKIM canonicalization algorithm for message bodies. See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. -- Type: ``one of "relaxed", "simple"`` -- Default: ``relaxed`` +- type: ``one of "relaxed", "simple"`` +- default: ``relaxed`` + mailserver.dkimHeaderCanonicalization @@ -722,8 +730,9 @@ DKIM canonicalization algorithm for message headers. See https://datatracker.ietf.org/doc/html/rfc6376/#section-3.4 for details. -- Type: ``one of "relaxed", "simple"`` -- Default: ``relaxed`` +- type: ``one of "relaxed", "simple"`` +- default: ``relaxed`` + mailserver.dkimKeyBits @@ -737,8 +746,9 @@ this package to generate a key with the new number of bits, you will either have change the selector or delete the old key file. -- Type: ``signed integer`` -- Default: ``1024`` +- type: ``signed integer`` +- default: ``1024`` + mailserver.dkimKeyDirectory @@ -747,8 +757,9 @@ mailserver.dkimKeyDirectory -- Type: ``path`` -- Default: ``/var/dkim`` +- type: ``path`` +- default: ``/var/dkim`` + mailserver.dkimSelector @@ -757,8 +768,9 @@ mailserver.dkimSelector -- Type: ``string`` -- Default: ``mail`` +- type: ``string`` +- default: ``mail`` + mailserver.dkimSigning @@ -767,8 +779,85 @@ mailserver.dkimSigning Whether to activate dkim signing. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + + +mailserver.dmarcReporting +~~~~~~~~~~~~~~~~~~~~~~~~~ + + +mailserver.dmarcReporting.domain +-------------------------------- + +The domain from which outgoing DMARC reports are served. + + +- type: ``value "example.com" (singular enum)`` + +- example: ``example.com`` + + +mailserver.dmarcReporting.email +------------------------------- + +The email address used for outgoing DMARC reports. Read-only. + + +- type: ``string`` +- default: ``"${localpart}@${domain}"`` + + + +mailserver.dmarcReporting.enable +-------------------------------- + +Whether to send out aggregated, daily DMARC reports in response to incoming +mail, when the sender domain defines a DMARC policy including the RUA tag. + +This is helpful for the mail ecosystem, because it allows third parties to +get notified about SPF/DKIM violations originating from their sender domains. + +See https://rspamd.com/doc/modules/dmarc.html#reporting + + +- type: ``boolean`` +- default: ``False`` + + + +mailserver.dmarcReporting.fromName +---------------------------------- + +The sender name for DMARC reports. Defaults to the organization name. + + +- type: ``string`` +- default: ``organizationName`` + + + +mailserver.dmarcReporting.localpart +----------------------------------- + +The local part of the email address used for outgoing DMARC reports. + + +- type: ``string`` +- default: ``dmarc-noreply`` +- example: ``dmarc-report`` + + +mailserver.dmarcReporting.organizationName +------------------------------------------ + +The name of your organization used in the org_name attribute in +DMARC reports. + + +- type: ``string`` + +- example: ``ACME Corp.`` mailserver.fullTextSearch ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -779,8 +868,9 @@ mailserver.fullTextSearch.autoIndex Enable automatic indexing of messages as they are received or modified. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.fullTextSearch.autoIndexExclude @@ -789,8 +879,9 @@ mailserver.fullTextSearch.autoIndexExclude Mailboxes to exclude from automatic indexing. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` +- example: ``['\\Trash', 'SomeFolder', 'Other/*']`` mailserver.fullTextSearch.enable @@ -798,8 +889,9 @@ mailserver.fullTextSearch.enable Whether to enable Full text search indexing with xapian. This has significant performance and disk space cost.. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` +- example: ``True`` mailserver.fullTextSearch.enforced @@ -811,8 +903,9 @@ header) are affected. If set to no, searches may fall back to a very slow brute force search. -- Type: ``one of "yes", "no", "body"`` -- Default: ``no`` +- type: ``one of "yes", "no", "body"`` +- default: ``no`` + mailserver.fullTextSearch.indexAttachments @@ -820,8 +913,9 @@ mailserver.fullTextSearch.indexAttachments Also index text-only attachements. Binary attachements are never indexed. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.fullTextSearch.maintenance.enable @@ -829,8 +923,9 @@ mailserver.fullTextSearch.maintenance.enable Regularly optmize indices, as recommended by upstream. -- Type: ``boolean`` -- Default: ``True`` +- type: ``boolean`` +- default: ``True`` + mailserver.fullTextSearch.maintenance.onCalendar @@ -838,8 +933,9 @@ mailserver.fullTextSearch.maintenance.onCalendar When to run the maintenance job. See systemd.time(7) for more information about the format. -- Type: ``string`` -- Default: ``daily`` +- type: ``string`` +- default: ``daily`` + mailserver.fullTextSearch.maintenance.randomizedDelaySec @@ -847,8 +943,9 @@ mailserver.fullTextSearch.maintenance.randomizedDelaySec Run the maintenance job not exactly at the time specified with onCalendar, but plus or minus this many seconds. -- Type: ``signed integer`` -- Default: ``1000`` +- type: ``signed integer`` +- default: ``1000`` + mailserver.fullTextSearch.maxSize @@ -856,8 +953,9 @@ mailserver.fullTextSearch.maxSize Size of the largest n-gram to index. -- Type: ``signed integer`` -- Default: ``20`` +- type: ``signed integer`` +- default: ``20`` + mailserver.fullTextSearch.memoryLimit @@ -865,8 +963,9 @@ mailserver.fullTextSearch.memoryLimit Memory limit for the indexer process, in MiB. If null, leaves the default (which is rather low), and if 0, no limit. -- Type: ``null or signed integer`` -- Default: ``None`` +- type: ``null or signed integer`` +- default: ``None`` +- example: ``2000`` mailserver.fullTextSearch.minSize @@ -874,8 +973,9 @@ mailserver.fullTextSearch.minSize Size of the smallest n-gram to index. -- Type: ``signed integer`` -- Default: ``2`` +- type: ``signed integer`` +- default: ``2`` + mailserver.redis ~~~~~~~~~~~~~~~~ @@ -887,8 +987,9 @@ mailserver.redis.address Address that rspamd should use to contact redis. -- Type: ``string`` -- Default: computed from +- type: ``string`` +- default: computed from + mailserver.redis.password @@ -897,8 +998,9 @@ mailserver.redis.password Password that rspamd should use to contact redis, or null if not required. -- Type: ``null or string`` -- Default: ``config.services.redis.servers.rspamd.requirePass`` +- type: ``null or string`` +- default: ``config.services.redis.servers.rspamd.requirePass`` + mailserver.redis.port @@ -907,8 +1009,9 @@ mailserver.redis.port Port that rspamd should use to contact redis. -- Type: ``16 bit unsigned integer; between 0 and 65535 (both inclusive)`` -- Default: ``config.services.redis.servers.rspamd.port`` +- type: ``16 bit unsigned integer; between 0 and 65535 (both inclusive)`` +- default: ``config.services.redis.servers.rspamd.port`` + mailserver.monitoring ~~~~~~~~~~~~~~~~~~~~~ @@ -920,7 +1023,8 @@ mailserver.monitoring.alertAddress The email address to send alerts to. -- Type: ``string`` +- type: ``string`` + @@ -931,8 +1035,9 @@ The configuration used for monitoring via monit. Use a mail address that you actively check and set it via 'set alert ...'. -- Type: ``string`` -- Default: see source +- type: ``string`` +- default: see source + mailserver.monitoring.enable @@ -940,8 +1045,9 @@ mailserver.monitoring.enable Whether to enable monitoring via monit. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` +- example: ``True`` mailserver.backup ~~~~~~~~~~~~~~~~~ @@ -952,8 +1058,9 @@ mailserver.backup.cmdPostexec The command to be executed after each backup operation. This is wrapped in a shell script to be called by rsnapshot. -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` + mailserver.backup.cmdPreexec @@ -962,8 +1069,9 @@ mailserver.backup.cmdPreexec The command to be executed before each backup operation. This is wrapped in a shell script to be called by rsnapshot. -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` + mailserver.backup.cronIntervals @@ -974,8 +1082,9 @@ Note that the intervals also have to exist in configuration as retain options. -- Type: ``attribute set of strings`` -- Default: ``{'daily': '30 3 * * *', 'hourly': ' 0 * * * *', 'weekly': ' 0 5 * * 0'}`` +- type: ``attribute set of strings`` +- default: ``{'daily': '30 3 * * *', 'hourly': ' 0 * * * *', 'weekly': ' 0 5 * * 0'}`` + mailserver.backup.enable @@ -983,8 +1092,9 @@ mailserver.backup.enable Whether to enable backup via rsnapshot. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` +- example: ``True`` mailserver.backup.retain.daily @@ -992,8 +1102,9 @@ mailserver.backup.retain.daily How many daily snapshots are retained. -- Type: ``signed integer`` -- Default: ``7`` +- type: ``signed integer`` +- default: ``7`` + mailserver.backup.retain.hourly @@ -1001,8 +1112,9 @@ mailserver.backup.retain.hourly How many hourly snapshots are retained. -- Type: ``signed integer`` -- Default: ``24`` +- type: ``signed integer`` +- default: ``24`` + mailserver.backup.retain.weekly @@ -1010,8 +1122,9 @@ mailserver.backup.retain.weekly How many weekly snapshots are retained. -- Type: ``signed integer`` -- Default: ``54`` +- type: ``signed integer`` +- default: ``54`` + mailserver.backup.snapshotRoot @@ -1020,8 +1133,9 @@ mailserver.backup.snapshotRoot The directory where rsnapshot stores the backup. -- Type: ``path`` -- Default: ``/var/rsnapshot`` +- type: ``path`` +- default: ``/var/rsnapshot`` + mailserver.borg ~~~~~~~~~~~~~~~ @@ -1035,8 +1149,9 @@ This is called after borg create completed successfully and in the same script t cmdPreexec, borg init and create. -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` + mailserver.borgbackup.cmdPreexec @@ -1048,8 +1163,9 @@ Example: export BORG_RSH="ssh -i /path/to/private/key" -- Type: ``null or string`` -- Default: ``None`` +- type: ``null or string`` +- default: ``None`` + mailserver.borgbackup.compression.auto @@ -1057,8 +1173,9 @@ mailserver.borgbackup.compression.auto Leaves it to borg to determine whether an individual file should be compressed. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` + mailserver.borgbackup.compression.level @@ -1069,8 +1186,9 @@ Most methods accept levels from 0 to 9 but zstd which accepts values from 1 to 2 If null the decision is left up to borg. -- Type: ``null or signed integer`` -- Default: ``None`` +- type: ``null or signed integer`` +- default: ``None`` + mailserver.borgbackup.compression.method @@ -1078,8 +1196,9 @@ mailserver.borgbackup.compression.method Leaving this unset allows borg to choose. The default for borg 1.1.4 is lz4. -- Type: ``null or one of "none", "lz4", "zstd", "zlib", "lzma"`` -- Default: ``None`` +- type: ``null or one of "none", "lz4", "zstd", "zlib", "lzma"`` +- default: ``None`` + mailserver.borgbackup.enable @@ -1087,8 +1206,9 @@ mailserver.borgbackup.enable Whether to enable backup via borgbackup. -- Type: ``boolean`` -- Default: ``False`` +- type: ``boolean`` +- default: ``False`` +- example: ``True`` mailserver.borgbackup.encryption.method @@ -1098,8 +1218,9 @@ The backup can be encrypted by choosing any other value than 'none'. When using encryption the password / passphrase must be provided in passphraseFile. -- Type: ``one of "none", "authenticated", "authenticated-blake2", "repokey", "keyfile", "repokey-blake2", "keyfile-blake2"`` -- Default: ``none`` +- type: ``one of "none", "authenticated", "authenticated-blake2", "repokey", "keyfile", "repokey-blake2", "keyfile-blake2"`` +- default: ``none`` + mailserver.borgbackup.encryption.passphraseFile @@ -1107,8 +1228,9 @@ mailserver.borgbackup.encryption.passphraseFile Path to a file containing the encryption password or passphrase. -- Type: ``null or path`` -- Default: ``None`` +- type: ``null or path`` +- default: ``None`` + mailserver.borgbackup.extraArgumentsForCreate @@ -1116,8 +1238,9 @@ mailserver.borgbackup.extraArgumentsForCreate Additional arguments to add to the borg create command line e.g. '--stats'. -- Type: ``list of strings`` -- Default: ``[]`` +- type: ``list of strings`` +- default: ``[]`` + mailserver.borgbackup.extraArgumentsForInit @@ -1125,8 +1248,9 @@ mailserver.borgbackup.extraArgumentsForInit Additional arguments to add to the borg init command line. -- Type: ``list of strings`` -- Default: ``['--critical']`` +- type: ``list of strings`` +- default: ``['--critical']`` + mailserver.borgbackup.group @@ -1134,8 +1258,9 @@ mailserver.borgbackup.group The group borg and its launch script is run as. -- Type: ``string`` -- Default: ``virtualMail`` +- type: ``string`` +- default: ``virtualMail`` + mailserver.borgbackup.locations @@ -1143,8 +1268,9 @@ mailserver.borgbackup.locations The locations that are to be backed up by borg. -- Type: ``list of paths`` -- Default: ``['/var/vmail']`` +- type: ``list of paths`` +- default: ``['/var/vmail']`` + mailserver.borgbackup.name @@ -1154,8 +1280,9 @@ The name of the individual backups as used by borg. Certain placeholders will be replaced by borg. -- Type: ``string`` -- Default: ``{hostname}-{user}-{now}`` +- type: ``string`` +- default: ``{hostname}-{user}-{now}`` + mailserver.borgbackup.repoLocation @@ -1166,8 +1293,9 @@ This can be a local path or a remote location such as user@host:/path/to/repo. It is exported and thus available as an environment variable to cmdPreexec and cmdPostexec. -- Type: ``string`` -- Default: ``/var/borgbackup`` +- type: ``string`` +- default: ``/var/borgbackup`` + mailserver.borgbackup.startAt @@ -1175,8 +1303,9 @@ mailserver.borgbackup.startAt When or how often the backup should run. Must be in the format described in systemd.time 7. -- Type: ``string`` -- Default: ``hourly`` +- type: ``string`` +- default: ``hourly`` + mailserver.borgbackup.user @@ -1184,6 +1313,7 @@ mailserver.borgbackup.user The user borg and its launch script is run as. -- Type: ``string`` -- Default: ``virtualMail`` +- type: ``string`` +- default: ``virtualMail`` + diff --git a/scripts/generate-rst-options.py b/scripts/generate-rst-options.py index a7d751e..8c5ce9c 100644 --- a/scripts/generate-rst-options.py +++ b/scripts/generate-rst-options.py @@ -1,6 +1,7 @@ import json import sys import re +import textwrap header = """ Mailserver Options @@ -19,6 +20,7 @@ template = """ {type} {default} +{example} """ f = open(sys.argv[1]) @@ -30,36 +32,44 @@ options = {k: v for k, v in options.items() groups = ["mailserver.loginAccount", "mailserver.certificate", "mailserver.dkim", + "mailserver.dmarcReporting", "mailserver.fullTextSearch", "mailserver.redis", "mailserver.monitoring", "mailserver.backup", "mailserver.borg"] +def render_option_value(opt, attr): + if attr in opt: + if isinstance(opt[attr], dict) and '_type' in opt[attr]: + if opt[attr]['_type'] == 'literalExpression': + if '\n' in opt[attr]['text']: + res = '\n.. code:: nix\n\n' + textwrap.indent(opt[attr]['text'], ' ') + '\n' + else: + res = '``{}``'.format(opt[attr]['text']) + elif opt[attr]['_type'] == 'literalDocBook': + res = opt[attr]['text'] + else: + s = str(opt[attr]) + if s == "": + res = '``""``' + elif '\n' in s: + res = '\n.. code::\n\n' + textwrap.indent(s, ' ') + '\n' + else: + res = '``{}``'.format(s) + res = '- ' + attr + ': ' + res + else: + res = "" + return res def print_option(name, value): - if 'default' in value: - if value['default'] == "": - default = '``""``' - elif isinstance(value['default'], dict) and '_type' in value['default']: - if value['default']['_type'] == 'literalExpression': - default = '``{}``'.format(value['default']['text']) - if value['default']['_type'] == 'literalDocBook': - default = value['default']['text'] - else: - default = '``{}``'.format(value['default']) - # Some default values contains OUTPUTPATHS which make the - # output not stable across nixpkgs updates. - default = re.sub('/nix/store/[\w.-]*/', '/', default) # noqa - default = '- Default: ' + default - else: - default = "" print(template.format( key=name, line="-"*len(name), - description=value['description'], - type="- Type: ``{}``".format(value['type']), - default=default)) + description=value['description'] or "", + type="- type: ``{}``".format(value['type']), + default=render_option_value(value, 'default'), + example=render_option_value(value, 'example'))) print(header)