Wrap service options in service

2023-09-23 17:18:40 -07:00 · 2023-09-23 17:18:40 -07:00 · 765792dc54
commit 765792dc54
parent 2faf1a8a02
1 changed files with 47 additions and 35 deletions
--- a/mail-server.nix
+++ b/mail-server.nix
@ -188,16 +188,18 @@ in {
        in {
          smtp = {
-            networks = [
+            service = {
-              "internal_network"
+              networks = [
-              # Needs access to internet to forward emails
+                "internal_network"
-              "external_network"
+                # Needs access to internet to forward emails
-            ];
+                "external_network"
-            volumes = [
+              ];
-              "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
+              volumes = [
-              "${cfg.smtp.ssl-directory}:/run/certs/smtp"
+                "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
-            ];
+                "${cfg.smtp.ssl-directory}:/run/certs/smtp"
-            ports = [ "25:25" "587:587" "465:465" "2525:2525" ];
+              ];
              ports = [ "25:25" "587:587" "465:465" "2525:2525" ];
            };
            nixos = {
              useSystemd = true;
              configuration = [
@ -250,14 +252,16 @@ in {
            };
          };
          imap = {
-            networks = [ "internal_network" ];
+            service = {
-            ports = [ "143:143" "993:993" ];
+              networks = [ "internal_network" ];
-            user = mkUserMap "mailserver-dovecot";
+              ports = [ "143:143" "993:993" ];
-            volumes = [
+              user = mkUserMap "mailserver-dovecot";
-              "${cfg.state-directory}/dovecot:/state"
+              volumes = [
-              "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
+                "${cfg.state-directory}/dovecot:/state"
-              "${cfg.imap.ssl-directory}:/run/certs/imap"
+                "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
-            ];
+                "${cfg.imap.ssl-directory}:/run/certs/imap"
              ];
            };
            nixos = {
              useSystemd = true;
              configuration = [
@ -302,11 +306,13 @@ in {
            envFile = hostSecrets.mailLdapProxyEnv.target-file;
          };
          antispam = {
-            networks = [
+            service = {
-              "internal_network"
+              networks = [
-              # Needs external access for blacklist checks
+                "internal_network"
-              "external_network"
+                # Needs external access for blacklist checks
-            ];
+                "external_network"
              ];
            };
            nixos = {
              useSystemd = true;
              configuration = [
@ -331,13 +337,15 @@ in {
            };
          };
          antivirus = {
-            networks = [
+            service = {
-              "internal_network"
+              networks = [
-              # Needs external access for database updates
+                "internal_network"
-              "external_network"
+                # Needs external access for database updates
-            ];
+                "external_network"
-            user = mkUserMap "mailserver-antivirus";
+              ];
-            volumes = [ "${cfg.state-directory}/antivirus:/state" ];
+              user = mkUserMap "mailserver-antivirus";
              volumes = [ "${cfg.state-directory}/antivirus:/state" ];
            };
            nixos = {
              useSystemd = true;
              configuration = [
@ -355,9 +363,11 @@ in {
            };
          };
          dkim = {
-            networks = [ "internal_network" ];
+            service = {
-            user = mkUserMap "mailserver-dkim";
+              networks = [ "internal_network" ];
-            volumes = [ "${cfg.state-directory}/dkim:/state" ];
+              user = mkUserMap "mailserver-dkim";
              volumes = [ "${cfg.state-directory}/dkim:/state" ];
            };
            nixos = {
              useSystemd = true;
              configuration = [
@ -377,8 +387,10 @@ in {
            };
          };
          metrics-proxy = {
-            networks = [ "internal_network" ];
+            service = {
-            ports = [ "${toString cfg.metricsPort}:80" ];
+              networks = [ "internal_network" ];
              ports = [ "${toString cfg.metricsPort}:80" ];
            };
            nixos = {
              useSystemd = true;
              configuration = {