nullmailer: add remotesFile option

The current `remotes` option is a string option containing nullmailer remote definitions. However, those definitions may contain secret credentials and should therefore not be put world-readable in the nix store. I added a `remotesFile` option, which allows to specify a path to the remotes definition file instead. This way, the definitions can be kept outside of the nix store with more secure file permissions.
2017-09-28 08:38:59 +02:00 · 2017-09-28 08:38:59 +02:00 · e741cc4881
parent 02e89de71c
commit e741cc4881
1 changed files with 28 additions and 2 deletions
--- a/nixos/modules/services/mail/nullmailer.nix
+++ b/nixos/modules/services/mail/nullmailer.nix
@ -35,6 +35,18 @@ with lib;
        description = "Whether to set the system sendmail to nullmailer's.";
      };

+      remotesFile = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          Path to the <code>remotes</code> control file. This file contains a
+          list of remote servers to which to send each message.
+
+          See <code>man 8 nullmailer-send</code> for syntax and available
+          options.
+        '';
+      };
+
      config = {
        adminaddr = mkOption {
          type = types.nullOr types.str;
@ -173,13 +185,27 @@ with lib;
    cfg = config.services.nullmailer;
  in mkIf cfg.enable {

+    assertions = [
+      { assertion = cfg.config.remotes == null || cfg.remotesFile == null;
+        message = "Only one of `remotesFile` or `config.remotes` may be used at a time.";
+      }
+    ];
+
    environment = {
      systemPackages = [ pkgs.nullmailer ];
      etc = let
        getval  = attr: builtins.getAttr attr cfg.config;
        attrs   = builtins.attrNames cfg.config;
-        attrs'  = builtins.filter (attr: ! isNull (getval attr)) attrs;
-      in foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs';
+        remotesFilter = if cfg.remotesFile != null
+                        then (attr: attr != "remotes")
+                        else (_: true);
+        optionalRemotesFileLink = if cfg.remotesFile != null
+                                  then { "nullmailer/remotes".source = cfg.remotesFile; }
+                                  else {};
+        attrs'  = builtins.filter (attr: (! isNull (getval attr)) && (remotesFilter attr)) attrs;
+      in
+        (foldl' (as: attr: as // { "nullmailer/${attr}".text = getval attr; }) {} attrs')
+        // optionalRemotesFileLink;
    };

    users = {