2023-04-12 12:48:02 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.services.zeyple;
|
|
|
|
ini = pkgs.formats.ini { };
|
|
|
|
|
|
|
|
gpgHome = pkgs.runCommand "zeyple-gpg-home" { } ''
|
|
|
|
mkdir -p $out
|
|
|
|
for file in ${lib.concatStringsSep " " cfg.keys}; do
|
|
|
|
${config.programs.gnupg.package}/bin/gpg --homedir="$out" --import "$file"
|
|
|
|
done
|
|
|
|
|
|
|
|
# Remove socket files
|
|
|
|
rm -f $out/S.*
|
|
|
|
'';
|
|
|
|
in {
|
|
|
|
options.services.zeyple = {
|
2024-09-19 14:19:46 +00:00
|
|
|
enable = lib.mkEnableOption "Zeyple, an utility program to automatically encrypt outgoing emails with GPG";
|
2023-04-12 12:48:02 +00:00
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
user = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
2023-04-12 12:48:02 +00:00
|
|
|
default = "zeyple";
|
2024-04-21 15:54:59 +00:00
|
|
|
description = ''
|
2023-04-12 12:48:02 +00:00
|
|
|
User to run Zeyple as.
|
|
|
|
|
|
|
|
::: {.note}
|
|
|
|
If left as the default value this user will automatically be created
|
|
|
|
on system activation, otherwise the sysadmin is responsible for
|
|
|
|
ensuring the user exists.
|
|
|
|
:::
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
group = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
2023-04-12 12:48:02 +00:00
|
|
|
default = "zeyple";
|
2024-04-21 15:54:59 +00:00
|
|
|
description = ''
|
2023-04-12 12:48:02 +00:00
|
|
|
Group to use to run Zeyple.
|
|
|
|
|
|
|
|
::: {.note}
|
|
|
|
If left as the default value this group will automatically be created
|
|
|
|
on system activation, otherwise the sysadmin is responsible for
|
|
|
|
ensuring the user exists.
|
|
|
|
:::
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
settings = lib.mkOption {
|
2023-04-12 12:48:02 +00:00
|
|
|
type = ini.type;
|
|
|
|
default = { };
|
2024-04-21 15:54:59 +00:00
|
|
|
description = ''
|
2023-04-12 12:48:02 +00:00
|
|
|
Zeyple configuration. refer to
|
|
|
|
<https://github.com/infertux/zeyple/blob/master/zeyple/zeyple.conf.example>
|
|
|
|
for details on supported values.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
keys = lib.mkOption {
|
|
|
|
type = with lib.types; listOf path;
|
2024-04-21 15:54:59 +00:00
|
|
|
description = "List of public key files that will be imported by gpg.";
|
2023-04-12 12:48:02 +00:00
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
rotateLogs = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
2023-04-12 12:48:02 +00:00
|
|
|
default = true;
|
2024-04-21 15:54:59 +00:00
|
|
|
description = "Whether to enable rotation of log files.";
|
2023-04-12 12:48:02 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
users.groups = lib.optionalAttrs (cfg.group == "zeyple") { "${cfg.group}" = { }; };
|
|
|
|
users.users = lib.optionalAttrs (cfg.user == "zeyple") {
|
2023-04-12 12:48:02 +00:00
|
|
|
"${cfg.user}" = {
|
|
|
|
isSystemUser = true;
|
|
|
|
group = cfg.group;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.zeyple.settings = {
|
2024-09-19 14:19:46 +00:00
|
|
|
zeyple = lib.mapAttrs (name: lib.mkDefault) {
|
2023-04-12 12:48:02 +00:00
|
|
|
log_file = "/var/log/zeyple/zeyple.log";
|
|
|
|
force_encrypt = true;
|
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
gpg = lib.mapAttrs (name: lib.mkDefault) { home = "${gpgHome}"; };
|
2023-04-12 12:48:02 +00:00
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
relay = lib.mapAttrs (name: lib.mkDefault) {
|
2023-04-12 12:48:02 +00:00
|
|
|
host = "localhost";
|
|
|
|
port = 10026;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.etc."zeyple.conf".source = ini.generate "zeyple.conf" cfg.settings;
|
|
|
|
|
2024-02-07 01:22:34 +00:00
|
|
|
systemd.tmpfiles.settings."10-zeyple".${cfg.settings.zeyple.log_file}.f = {
|
|
|
|
inherit (cfg) user group;
|
|
|
|
mode = "0600";
|
|
|
|
};
|
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
services.logrotate = lib.mkIf cfg.rotateLogs {
|
2023-04-12 12:48:02 +00:00
|
|
|
enable = true;
|
|
|
|
settings.zeyple = {
|
|
|
|
files = cfg.settings.zeyple.log_file;
|
|
|
|
frequency = "weekly";
|
|
|
|
rotate = 5;
|
|
|
|
compress = true;
|
|
|
|
copytruncate = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.postfix.extraMasterConf = ''
|
|
|
|
zeyple unix - n n - - pipe
|
|
|
|
user=${cfg.user} argv=${pkgs.zeyple}/bin/zeyple ''${recipient}
|
|
|
|
|
|
|
|
localhost:${toString cfg.settings.relay.port} inet n - n - 10 smtpd
|
|
|
|
-o content_filter=
|
|
|
|
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
|
|
|
|
-o smtpd_helo_restrictions=
|
|
|
|
-o smtpd_client_restrictions=
|
|
|
|
-o smtpd_sender_restrictions=
|
|
|
|
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
|
|
|
-o mynetworks=127.0.0.0/8,[::1]/128
|
|
|
|
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
|
|
|
|
'';
|
|
|
|
|
|
|
|
services.postfix.extraConfig = "content_filter = zeyple";
|
|
|
|
};
|
|
|
|
}
|