From f9d64a068b90f196d43b91c81311547016b75fe9 Mon Sep 17 00:00:00 2001 From: Marius Bergmann Date: Thu, 28 Sep 2017 08:36:51 +0200 Subject: [PATCH 1/4] nullmailer: fix relative -> absolute path in preStart script --- nixos/modules/services/mail/nullmailer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index b2c738ab6eb..2eb2d39fc62 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -192,7 +192,7 @@ with lib; preStart = '' mkdir -p /var/spool/nullmailer/{queue,tmp} - rm -f var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger + rm -f /var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger chown ${cfg.user} /var/spool/nullmailer/* ''; From 02e89de71c402aa4e4a96737a54e07e86a1ef253 Mon Sep 17 00:00:00 2001 From: Marius Bergmann Date: Thu, 28 Sep 2017 08:37:48 +0200 Subject: [PATCH 2/4] nullmailer: use proper description for `remotes` option --- nixos/modules/services/mail/nullmailer.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 2eb2d39fc62..68cba4a7436 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -142,7 +142,16 @@ with lib; type = types.nullOr types.str; default = null; description = '' - If set, content will override the envelope sender on all messages. + A list of remote servers to which to send each message. Each line + contains a remote host name or address followed by an optional + protocol string, separated by white space. + + See man 8 nullmailer-send for syntax and available + options. + + WARNING: This is stored world-readable in the nix store. If you need + to specify any secret credentials here, consider using the + remotesFile option instead. ''; }; From e741cc488190ab79e26b96d8e6f1402ab5965b6a Mon Sep 17 00:00:00 2001 From: Marius Bergmann Date: Thu, 28 Sep 2017 08:38:59 +0200 Subject: [PATCH 3/4] nullmailer: add `remotesFile` option The current `remotes` option is a string option containing nullmailer remote definitions. However, those definitions may contain secret credentials and should therefore not be put world-readable in the nix store. I added a `remotesFile` option, which allows to specify a path to the remotes definition file instead. This way, the definitions can be kept outside of the nix store with more secure file permissions. --- nixos/modules/services/mail/nullmailer.nix | 30 ++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 68cba4a7436..c5af1d4d381 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -35,6 +35,18 @@ with lib; description = "Whether to set the system sendmail to nullmailer's."; }; + remotesFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Path to the remotes control file. This file contains a + list of remote servers to which to send each message. + + See man 8 nullmailer-send for syntax and available + options. + ''; + }; + config = { adminaddr = mkOption { type = types.nullOr types.str; @@ -173,13 +185,27 @@ with lib; cfg = config.services.nullmailer; in mkIf cfg.enable { + assertions = [ + { assertion = cfg.config.remotes == null || cfg.remotesFile == null; + message = "Only one of `remotesFile` or `config.remotes` may be used at a time."; + } + ]; + environment = { systemPackages = [ pkgs.nullmailer ]; etc = let getval = attr: builtins.getAttr attr cfg.config; attrs = builtins.attrNames cfg.config; - attrs' = builtins.filter (attr: ! isNull (getval attr)) attrs; - in foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs'; + remotesFilter = if cfg.remotesFile != null + then (attr: attr != "remotes") + else (_: true); + optionalRemotesFileLink = if cfg.remotesFile != null + then { "nullmailer/remotes".source = cfg.remotesFile; } + else {}; + attrs' = builtins.filter (attr: (! isNull (getval attr)) && (remotesFilter attr)) attrs; + in + (foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs') + // optionalRemotesFileLink; }; users = { From 91eb6cf82cc7fa2eaa2802f64a15ab75be726fae Mon Sep 17 00:00:00 2001 From: Joerg Thalheim Date: Thu, 28 Sep 2017 10:47:19 +0100 Subject: [PATCH 4/4] nullmailer: simplify config generation --- nixos/modules/services/mail/nullmailer.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index c5af1d4d381..59cb512c115 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -194,18 +194,10 @@ with lib; environment = { systemPackages = [ pkgs.nullmailer ]; etc = let - getval = attr: builtins.getAttr attr cfg.config; - attrs = builtins.attrNames cfg.config; - remotesFilter = if cfg.remotesFile != null - then (attr: attr != "remotes") - else (_: true); - optionalRemotesFileLink = if cfg.remotesFile != null - then { "nullmailer/remotes".source = cfg.remotesFile; } - else {}; - attrs' = builtins.filter (attr: (! isNull (getval attr)) && (remotesFilter attr)) attrs; + validAttrs = filterAttrs (name: value: value != null) cfg.config; in - (foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs') - // optionalRemotesFileLink; + (foldl' (as: name: as // { "nullmailer/${name}".text = validAttrs.${name}; }) {} (attrNames validAttrs)) + // optionalAttrs (cfg.remotesFile != null) { "nullmailer/remotes".source = cfg.remotesFile; }; }; users = {