alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge pull request #89662 from aanderse/ssmtp

Browse source 
nixos/ssmtp: add settings option
This commit is contained in:
Maximilian Bosch 2020-06-12 16:09:13 +02:00 committed by GitHub
parent e9a0ec8142 ad2330f642
commit 267b93da34
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
nixos/modules/programs/ssmtp.nix
View file

@ -21,9 +21,11 @@ in
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPass" ] [ "services" "ssmtp" "authPass" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ]) (mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
(mkRemovedOptionModule [ "networking" "defaultMailServer" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
(mkRemovedOptionModule [ "services" "ssmtp" "authPass" ] "authPass has been removed since it leaks the clear-text password into the world-readable store. Use authPassFile instead and make sure it's not a store path")
]; ];
options = { options = {
@ -45,6 +47,21 @@ in
''; '';
}; };
settings = mkOption {
type = with types; attrsOf (oneOf [ bool str ]);
default = {};
description = ''
<citerefentry><refentrytitle>ssmtp</refentrytitle><manvolnum>5</manvolnum></citerefentry> configuration. Refer
to <link xlink:href="https://linux.die.net/man/5/ssmtp.conf"/> for details on supported values.
'';
example = literalExample ''
{
Debug = true;
FromLineOverride = false;
}
'';
};
hostName = mkOption { hostName = mkOption {
type = types.str; type = types.str;
example = "mail.example.org"; example = "mail.example.org";
@ -101,18 +118,6 @@ in
''; '';
}; };
authPass = mkOption {
type = types.str;
default = "";
example = "correctHorseBatteryStaple";
description = ''
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
It's recommended to use <option>authPassFile</option>
which takes precedence over <option>authPass</option>.
'';
};
authPassFile = mkOption { authPassFile = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@ -121,11 +126,6 @@ in
Path to a file that contains the password used for SMTP auth. The file Path to a file that contains the password used for SMTP auth. The file
should not contain a trailing newline, if the password does not contain one. should not contain a trailing newline, if the password does not contain one.
This file should be readable by the users that need to execute ssmtp. This file should be readable by the users that need to execute ssmtp.
<option>authPassFile</option> takes precedence over <option>authPass</option>.
Warning: when <option>authPass</option> is non-empty <option>authPassFile</option>
defaults to a file in the WORLD-READABLE Nix store containing that password.
''; '';
}; };
@ -142,25 +142,28 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.ssmtp.authPassFile = mkIf (cfg.authPass != "") services.ssmtp.settings = mkMerge [
(mkDefault (toString (pkgs.writeTextFile { ({
name = "ssmtp-authpass"; MailHub = cfg.hostName;
text = cfg.authPass; FromLineOverride = mkDefault true;
}))); UseTLS = cfg.useTLS;
UseSTARTTLS = cfg.useSTARTTLS;
})
(mkIf (cfg.root != "") { root = cfg.root; })
(mkIf (cfg.domain != "") { rewriteDomain = cfg.domain; })
(mkIf (cfg.authUser != "") { AuthUser = cfg.authUser; })
(mkIf (cfg.authPassFile != null) { AuthPassFile = cfg.authPassFile; })
];
environment.etc."ssmtp/ssmtp.conf".text = environment.etc."ssmtp/ssmtp.conf".source =
let yesNo = yes : if yes then "YES" else "NO"; in let
'' toStr = value:
MailHub=${cfg.hostName} if value == true then "YES"
FromLineOverride=YES else if value == false then "NO"
${optionalString (cfg.root != "") "root=${cfg.root}"} else builtins.toString value
${optionalString (cfg.domain != "") "rewriteDomain=${cfg.domain}"} ;
UseTLS=${yesNo cfg.useTLS} in
UseSTARTTLS=${yesNo cfg.useSTARTTLS} pkgs.writeText "ssmtp.conf" (concatStringsSep "\n" (mapAttrsToList (key: value: "${key}=${toStr value}") cfg.settings));
#Debug=YES
${optionalString (cfg.authUser != "") "AuthUser=${cfg.authUser}"}
${optionalString (cfg.authPassFile != null) "AuthPassFile=${cfg.authPassFile}"}
'';
environment.systemPackages = [pkgs.ssmtp]; environment.systemPackages = [pkgs.ssmtp];