Qualify user names
This commit is contained in:
parent
bbca0bd678
commit
f372754052
|
@ -35,6 +35,7 @@ in
|
||||||
extraDomains = mkOption {
|
extraDomains = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
example = "[ example.com ]";
|
example = "[ example.com ]";
|
||||||
|
default = [];
|
||||||
description = "Extra domains that this mail server serves.";
|
description = "Extra domains that this mail server serves.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -14,10 +14,11 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
|
||||||
{ config }:
|
{ config, lib }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.mailserver;
|
cfg = config.mailserver;
|
||||||
|
inherit (lib.strings) stringToCharacters;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# cert :: PATH
|
# cert :: PATH
|
||||||
|
@ -37,4 +38,10 @@ in
|
||||||
else if cfg.certificateScheme == 3
|
else if cfg.certificateScheme == 3
|
||||||
then "/var/lib/acme/mailserver/key.pem"
|
then "/var/lib/acme/mailserver/key.pem"
|
||||||
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
||||||
|
|
||||||
|
# appends cfg.domain to argument if it does not contain "@"
|
||||||
|
qualifyUser = user: (
|
||||||
|
if (builtins.any (c: c == "@") (stringToCharacters user))
|
||||||
|
then user
|
||||||
|
else "${user}@${cfg.domain}");
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with (import ./common.nix { inherit config; });
|
with (import ./common.nix { inherit config lib; });
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.mailserver;
|
cfg = config.mailserver;
|
||||||
|
|
|
@ -26,11 +26,11 @@ let
|
||||||
acmeRoot = "/var/lib/acme/acme-challenge";
|
acmeRoot = "/var/lib/acme/acme-challenge";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = with cfg; lib.mkIf (certificateScheme == 3) {
|
config = lib.mkIf (cfg.certificateScheme == 3) {
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = genAttrs allDomains (domain: {
|
virtualHosts = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") allDomains) (domain: {
|
||||||
serverName = "${hostPrefix}.${domain}";
|
serverName = "${domain}";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
@ -40,11 +40,8 @@ in
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
security.acme.certs."mailserver" = {
|
security.acme.certs."mailserver" = {
|
||||||
# @todo what user/group should this run as?
|
domain = "${cfg.hostPrefix}.${cfg.domain}";
|
||||||
user = "postfix"; # cfg.user;
|
extraDomains = genAttrs (map (domain: "${cfg.hostPrefix}.${domain}") cfg.extraDomains) (domain: null);
|
||||||
group = "postfix"; # lib.mkDefault cfg.group;
|
|
||||||
domain = "${hostPrefix}.${domain}";
|
|
||||||
extraDomains = map (domain: "${hostPrefix}.${domain}") extraDomains;
|
|
||||||
webroot = acmeRoot;
|
webroot = acmeRoot;
|
||||||
# @todo should we reload postfix here?
|
# @todo should we reload postfix here?
|
||||||
postRun = ''
|
postRun = ''
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with (import ./common.nix { inherit config; });
|
with (import ./common.nix { inherit config lib; });
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib.strings) concatStringsSep;
|
inherit (lib.strings) concatStringsSep;
|
||||||
|
@ -27,11 +27,11 @@ let
|
||||||
valiases_postfix = map
|
valiases_postfix = map
|
||||||
(from:
|
(from:
|
||||||
let to = cfg.virtualAliases.${from};
|
let to = cfg.virtualAliases.${from};
|
||||||
in "${from} ${to}")
|
in "${qualifyUser from} ${qualifyUser to}")
|
||||||
(builtins.attrNames cfg.virtualAliases);
|
(builtins.attrNames cfg.virtualAliases);
|
||||||
|
|
||||||
# accountToIdentity :: User -> String
|
# accountToIdentity :: User -> String
|
||||||
accountToIdentity = account: "${account.name} ${account.name}";
|
accountToIdentity = account: "${qualifyUser account.name} ${qualifyUser account.name}";
|
||||||
|
|
||||||
# vaccounts_identity :: [ String ]
|
# vaccounts_identity :: [ String ]
|
||||||
vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts);
|
vaccounts_identity = map accountToIdentity (lib.attrValues cfg.loginAccounts);
|
||||||
|
|
|
@ -19,6 +19,8 @@
|
||||||
with config.mailserver;
|
with config.mailserver;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
qualifyUser = (import ./common.nix { inherit config lib; }).qualifyUser;
|
||||||
|
|
||||||
vmail_user = {
|
vmail_user = {
|
||||||
name = vmailUserName;
|
name = vmailUserName;
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
|
@ -30,14 +32,14 @@ let
|
||||||
|
|
||||||
# accountsToUser :: String -> UserRecord
|
# accountsToUser :: String -> UserRecord
|
||||||
accountsToUser = account: {
|
accountsToUser = account: {
|
||||||
name = account.name;
|
name = (qualifyUser account.name);
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
group = vmailGroupName;
|
group = vmailGroupName;
|
||||||
inherit (account) hashedPassword;
|
inherit (account) hashedPassword;
|
||||||
};
|
};
|
||||||
|
|
||||||
# mail_users :: { [String]: UserRecord }
|
# mail_users :: { [String]: UserRecord }
|
||||||
mail_users = lib.foldl (prev: next: prev // { "${next.name}" = next; }) {}
|
mail_users = lib.foldl (prev: next: prev // { "${qualifyUser next.name}" = next; }) {}
|
||||||
(map accountsToUser (lib.attrValues loginAccounts));
|
(map accountsToUser (lib.attrValues loginAccounts));
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
|
@ -15,18 +15,18 @@
|
||||||
|
|
||||||
hostPrefix = "mail";
|
hostPrefix = "mail";
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1" = {
|
||||||
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
|
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
virtualAliases = {
|
virtualAliases = {
|
||||||
"user1@example2.com" = "user1@example.com";
|
"info" = "user1";
|
||||||
"info@example.com" = "user1@example.com";
|
"postmaster" = "user1";
|
||||||
"postmaster@example.com" = "user1@example.com";
|
"abuse" = "user1";
|
||||||
"abuse@example.com" = "user1@example.com";
|
"user1@example2.com" = "user1";
|
||||||
"info@example2.com" = "user1@example.com";
|
"info@example2.com" = "user1";
|
||||||
"postmaster@example2.com" = "user1@example.com";
|
"postmaster@example2.com" = "user1";
|
||||||
"abuse@example2.com" = "user1@example.com";
|
"abuse@example2.com" = "user1";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue