nixpkgs/nixos/modules/services/mail/postsrsd.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.postsrsd;

in {

  ###### interface

  options = {

    services.postsrsd = {

      enable = mkOption {
        type = types.bool;
        default = false;
        description = "Whether to enable the postsrsd SRS server for Postfix.";
      };

      secretsFile = mkOption {
        type = types.path;
        default = "/var/lib/postsrsd/postsrsd.secret";
        description = "Secret keys used for signing and verification";
      };

      domain = mkOption {
        type = types.str;
        description = "Domain name for rewrite";
      };

      separator = mkOption {
        type = types.enum ["-" "=" "+"];
        default = "=";
        description = "First separator character in generated addresses";
      };

      # bindAddress = mkOption { # uncomment once 1.5 is released
      #   type = types.str;
      #   default = "127.0.0.1";
      #   description = "Socket listen address";
      # };

      forwardPort = mkOption {
        type = types.int;
        default = 10001;
        description = "Port for the forward SRS lookup";
      };

      reversePort = mkOption {
        type = types.int;
        default = 10002;
        description = "Port for the reverse SRS lookup";
      };

      timeout = mkOption {
        type = types.int;
        default = 1800;
        description = "Timeout for idle client connections in seconds";
      };

      excludeDomains = mkOption {
        type = types.listOf types.str;
        default = [];
        description = "Origin domains to exclude from rewriting in addition to primary domain";
      };

      user = mkOption {
        type = types.str;
        default = "postsrsd";
        description = "User for the daemon";
      };

      group = mkOption {
        type = types.str;
        default = "postsrsd";
        description = "Group for the daemon";
      };

    };

  };


  ###### implementation

  config = mkIf cfg.enable {

    services.postsrsd.domain = mkDefault config.networking.hostName;

    users.users = optionalAttrs (cfg.user == "postsrsd") (singleton
      { name = "postsrsd";
        group = cfg.group;
        uid = config.ids.uids.postsrsd;
      });

    users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton
      { name = "postsrsd";
        gid = config.ids.gids.postsrsd;
      });

    systemd.services.postsrsd = {
      description = "PostSRSd SRS rewriting server";
      after = [ "network.target" ];
      before = [ "postfix.service" ];
      wantedBy = [ "multi-user.target" ];

      path = [ pkgs.coreutils ];

      serviceConfig = {
        ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -a${cfg.separator} -f${toString cfg.forwardPort} -r${toString cfg.reversePort} -t${toString cfg.timeout} "-X${concatStringsSep "," cfg.excludeDomains}"'';
        User = cfg.user;
        Group = cfg.group;
        PermissionsStartOnly = true;
      };

      preStart = ''
        if [ ! -e "${cfg.secretsFile}" ]; then
          echo "WARNING: secrets file not found, autogenerating!"
          DIR="$(dirname "${cfg.secretsFile}")"
          if [ ! -d "$DIR" ]; then
            mkdir -p -m750 "$DIR"
            chown "${cfg.user}:${cfg.group}" "$DIR"
          fi
          dd if=/dev/random bs=18 count=1 | base64 > "${cfg.secretsFile}"
          chmod 600 "${cfg.secretsFile}"
        fi
        chown "${cfg.user}:${cfg.group}" "${cfg.secretsFile}"
      '';
    };

  };
}
nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.services.postsrsd;`

			`in {`

			`###### interface`

			`options = {`

			`services.postsrsd = {`

			`enable = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = "Whether to enable the postsrsd SRS server for Postfix.";`
			`};`

postsrsd: additional configuration fixes #19933 2016-10-27 19:35:02 +02:00			`secretsFile = mkOption {`
			`type = types.path;`
			`default = "/var/lib/postsrsd/postsrsd.secret";`
			`description = "Secret keys used for signing and verification";`
			`};`

nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`domain = mkOption {`
			`type = types.str;`
			`description = "Domain name for rewrite";`
			`};`

postsrsd: additional configuration fixes #19933 2016-10-27 19:35:02 +02:00			`separator = mkOption {`
			`type = types.enum ["-" "=" "+"];`
			`default = "=";`
			`description = "First separator character in generated addresses";`
nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`};`

postsrsd: additional configuration fixes #19933 2016-10-27 19:35:02 +02:00			`# bindAddress = mkOption { # uncomment once 1.5 is released`
			`# type = types.str;`
			`# default = "127.0.0.1";`
			`# description = "Socket listen address";`
			`# };`

nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`forwardPort = mkOption {`
			`type = types.int;`
			`default = 10001;`
			`description = "Port for the forward SRS lookup";`
			`};`

			`reversePort = mkOption {`
			`type = types.int;`
			`default = 10002;`
			`description = "Port for the reverse SRS lookup";`
			`};`

postsrsd: additional configuration fixes #19933 2016-10-27 19:35:02 +02:00			`timeout = mkOption {`
			`type = types.int;`
			`default = 1800;`
			`description = "Timeout for idle client connections in seconds";`
			`};`

			`excludeDomains = mkOption {`
			`type = types.listOf types.str;`
			`default = [];`
			`description = "Origin domains to exclude from rewriting in addition to primary domain";`
			`};`

nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`user = mkOption {`
			`type = types.str;`
			`default = "postsrsd";`
			`description = "User for the daemon";`
			`};`

			`group = mkOption {`
			`type = types.str;`
			`default = "postsrsd";`
			`description = "Group for the daemon";`
			`};`

			`};`

			`};`


			`###### implementation`

			`config = mkIf cfg.enable {`

			`services.postsrsd.domain = mkDefault config.networking.hostName;`

nixos/modules: users.(extraUsers\|extraGroup->users\|group) 2018-06-30 01:58:35 +02:00			`users.users = optionalAttrs (cfg.user == "postsrsd") (singleton`
nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`{ name = "postsrsd";`
			`group = cfg.group;`
			`uid = config.ids.uids.postsrsd;`
			`});`

nixos/modules: users.(extraUsers\|extraGroup->users\|group) 2018-06-30 01:58:35 +02:00			`users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton`
nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`{ name = "postsrsd";`
			`gid = config.ids.gids.postsrsd;`
			`});`

			`systemd.services.postsrsd = {`
			`description = "PostSRSd SRS rewriting server";`
			`after = [ "network.target" ];`
			`before = [ "postfix.service" ];`
			`wantedBy = [ "multi-user.target" ];`

			`path = [ pkgs.coreutils ];`

			`serviceConfig = {`
postsrsd: additional configuration fixes #19933 2016-10-27 19:35:02 +02:00			`ExecStart = ''${pkgs.postsrsd}/sbin/postsrsd "-s${cfg.secretsFile}" "-d${cfg.domain}" -a${cfg.separator} -f${toString cfg.forwardPort} -r${toString cfg.reversePort} -t${toString cfg.timeout} "-X${concatStringsSep "," cfg.excludeDomains}"'';`
nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`User = cfg.user;`
			`Group = cfg.group;`
			`PermissionsStartOnly = true;`
			`};`

			`preStart = ''`
			`if [ ! -e "${cfg.secretsFile}" ]; then`
			`echo "WARNING: secrets file not found, autogenerating!"`
postsrsd: fix secret generation 2016-02-09 12:57:42 +03:00			`DIR="$(dirname "${cfg.secretsFile}")"`
			`if [ ! -d "$DIR" ]; then`
			`mkdir -p -m750 "$DIR"`
			`chown "${cfg.user}:${cfg.group}" "$DIR"`
			`fi`
nixos/postsrsd: add module 2016-01-06 06:04:50 +03:00			`dd if=/dev/random bs=18 count=1 \| base64 > "${cfg.secretsFile}"`
			`chmod 600 "${cfg.secretsFile}"`
			`fi`
			`chown "${cfg.user}:${cfg.group}" "${cfg.secretsFile}"`
			`'';`
			`};`

			`};`
			`}`