3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/services/mail/listmonk.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

223 lines
8 KiB
Nix
Raw Normal View History

2022-08-30 12:15:41 +01:00
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.listmonk;
tomlFormat = pkgs.formats.toml { };
cfgFile = tomlFormat.generate "listmonk.toml" cfg.settings;
# Escaping is done according to https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
setDatabaseOption = key: value:
"UPDATE settings SET value = '${
lib.replaceChars [ "'" ] [ "''" ] (builtins.toJSON value)
}' WHERE key = '${key}';";
updateDatabaseConfigSQL = pkgs.writeText "update-database-config.sql"
(concatStringsSep "\n" (mapAttrsToList setDatabaseOption
(if (cfg.database.settings != null) then
cfg.database.settings
else
{ })));
updateDatabaseConfigScript =
pkgs.writeShellScriptBin "update-database-config.sh" ''
${if cfg.database.mutableSettings then ''
if [ ! -f /var/lib/listmonk/.db_settings_initialized ]; then
${pkgs.postgresql}/bin/psql -d listmonk -f ${updateDatabaseConfigSQL} ;
touch /var/lib/listmonk/.db_settings_initialized
fi
'' else
"${pkgs.postgresql}/bin/psql -d listmonk -f ${updateDatabaseConfigSQL}"}
'';
databaseSettingsOpts = with types; {
freeformType =
oneOf [ (listOf str) (listOf (attrsOf anything)) str int bool ];
options = {
"app.notify_emails" = mkOption {
type = listOf str;
default = [ ];
description = lib.mdDoc "Administrator emails for system notifications";
};
"privacy.exportable" = mkOption {
type = listOf str;
default = [ "profile" "subscriptions" "campaign_views" "link_clicks" ];
description = lib.mdDoc
"List of fields which can be exported through an automatic export request";
};
"privacy.domain_blocklist" = mkOption {
type = listOf str;
default = [ ];
description = lib.mdDoc
"E-mail addresses with these domains are disallowed from subscribing.";
};
smtp = mkOption {
type = listOf (submodule {
freeformType = with types; attrsOf (oneOf [ str int bool ]);
options = {
enabled = mkEnableOption (lib.mdDoc "this SMTP server for listmonk");
host = mkOption {
type = types.str;
description = lib.mdDoc "Hostname for the SMTP server";
};
port = mkOption {
type = types.port;
description = lib.mdDoc "Port for the SMTP server";
};
max_conns = mkOption {
type = types.int;
description = lib.mdDoc
"Maximum number of simultaneous connections, defaults to 1";
default = 1;
};
tls_type = mkOption {
type = types.enum [ "none" "STARTTLS" "TLS" ];
description =
lib.mdDoc "Type of TLS authentication with the SMTP server";
};
};
});
description = lib.mdDoc "List of outgoing SMTP servers";
};
# TODO: refine this type based on the smtp one.
"bounce.mailboxes" = mkOption {
type = listOf
(submodule { freeformType = with types; oneOf [ str int bool ]; });
default = [ ];
description = lib.mdDoc "List of bounce mailboxes";
};
messengers = mkOption {
type = listOf str;
default = [ ];
description = lib.mdDoc
"List of messengers, see: <https://github.com/knadh/listmonk/blob/master/models/settings.go#L64-L74> for options.";
};
};
};
in {
###### interface
options = {
services.listmonk = {
enable = mkEnableOption
(lib.mdDoc "Listmonk, this module assumes a reverse proxy to be set");
database = {
createLocally = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc
"Create the PostgreSQL database and database user locally.";
};
settings = mkOption {
default = null;
type = with types; nullOr (submodule databaseSettingsOpts);
description = lib.mdDoc
"Dynamic settings in the PostgreSQL database, set by a SQL script, see <https://github.com/knadh/listmonk/blob/master/schema.sql#L177-L230> for details.";
};
mutableSettings = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Database settings will be reset to the value set in this module if this is not enabled.
Enable this if you want to persist changes you have done in the application.
'';
};
};
package = mkPackageOption pkgs "listmonk" {};
settings = mkOption {
type = types.submodule { freeformType = tomlFormat.type; };
description = lib.mdDoc ''
Static settings set in the config.toml, see <https://github.com/knadh/listmonk/blob/master/config.toml.sample> for details.
You can set secrets using the secretFile option with environment variables following <https://listmonk.app/docs/configuration/#environment-variables>.
'';
};
secretFile = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc
"A file containing secrets as environment variables. See <https://listmonk.app/docs/configuration/#environment-variables> for details on supported values.";
};
};
};
###### implementation
config = mkIf cfg.enable {
# Default parameters from https://github.com/knadh/listmonk/blob/master/config.toml.sample
services.listmonk.settings."app".address = mkDefault "localhost:9000";
services.listmonk.settings."db" = mkMerge [
({
max_open = mkDefault 25;
max_idle = mkDefault 25;
max_lifetime = mkDefault "300s";
})
(mkIf cfg.database.createLocally {
host = mkDefault "/run/postgresql";
port = mkDefault 5432;
user = mkDefault "listmonk";
database = mkDefault "listmonk";
})
];
services.postgresql = mkIf cfg.database.createLocally {
enable = true;
ensureUsers = [{
name = "listmonk";
ensurePermissions = { "DATABASE listmonk" = "ALL PRIVILEGES"; };
}];
ensureDatabases = [ "listmonk" ];
};
systemd.services.listmonk = {
description = "Listmonk - newsletter and mailing list manager";
after = [ "network.target" ]
++ optional cfg.database.createLocally "postgresql.service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "exec";
EnvironmentFile = mkIf (cfg.secretFile != null) [ cfg.secretFile ];
ExecStartPre = [
# StateDirectory cannot be used when DynamicUser = true is set this way.
# Indeed, it will try to create all the folders and realize one of them already exist.
# Therefore, we have to create it ourselves.
''${pkgs.coreutils}/bin/mkdir -p "''${STATE_DIRECTORY}/listmonk/uploads"''
"${cfg.package}/bin/listmonk --config ${cfgFile} --idempotent --install --upgrade --yes"
"${updateDatabaseConfigScript}/bin/update-database-config.sh"
];
ExecStart = "${cfg.package}/bin/listmonk --config ${cfgFile}";
Restart = "on-failure";
StateDirectory = [ "listmonk" ];
User = "listmonk";
Group = "listmonk";
DynamicUser = true;
NoNewPrivileges = true;
CapabilityBoundingSet = "";
SystemCallArchitecture = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "@resources" ];
ProtectDevices = true;
ProtectControlGroups = true;
ProtectKernelTunables = true;
ProtectHome = true;
DeviceAllow = false;
RestrictNamespaces = true;
RestrictRealtime = true;
UMask = "0027";
MemoryDenyWriteExecute = true;
LockPersonality = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
ProtectKernelModules = true;
PrivateUsers = true;
};
};
};
}