depot/nixos/modules/services/mail/automx2.nix
Luke Granger-Brown 57725ef3ec Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce
git-subtree-dir: third_party/nixpkgs
git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
2024-11-10 23:59:47 +00:00

108 lines
2.9 KiB
Nix

{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.automx2;
format = pkgs.formats.json { };
in
{
options = {
services.automx2 = {
enable = lib.mkEnableOption "automx2";
package = lib.mkPackageOption pkgs [
"python3Packages"
"automx2"
] { };
domain = lib.mkOption {
type = lib.types.str;
example = "example.com";
description = ''
E-Mail-Domain for which mail client autoconfig/autoconfigure should be set up.
The `autoconfig` and `autodiscover` subdomains are automatically prepended and set up with ACME.
The names of those domains are hardcoded in the mail clients and are not configurable.
'';
};
port = lib.mkOption {
type = lib.types.port;
default = 4243;
description = "Port used by automx2.";
};
settings = lib.mkOption {
inherit (format) type;
description = ''
Bootstrap json to populate database.
See [docs](https://rseichter.github.io/automx2/#_sqlite) for details.
'';
};
};
};
config = lib.mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts = {
"autoconfig.${cfg.domain}" = {
enableACME = true;
forceSSL = true;
serverAliases = [ "autodiscover.${cfg.domain}" ];
locations = {
"/".proxyPass = "http://127.0.0.1:${toString cfg.port}/";
"/initdb".extraConfig = ''
# Limit access to clients connecting from localhost
allow 127.0.0.1;
deny all;
'';
};
};
};
};
systemd.services.automx2 = {
after = [ "network.target" ];
postStart = ''
sleep 3
${lib.getExe pkgs.curl} -X POST --json @${format.generate "automx2.json" cfg.settings} http://127.0.0.1:${toString cfg.port}/initdb/
'';
serviceConfig = {
Environment = [
"AUTOMX2_CONF=${pkgs.writeText "automx2-conf" ''
[automx2]
loglevel = WARNING
db_uri = sqlite:///:memory:
proxy_count = 1
''}"
"FLASK_APP=automx2.server:app"
"FLASK_CONFIG=production"
];
ExecStart = "${
pkgs.python3.buildEnv.override { extraLibs = [ cfg.package ]; }
}/bin/flask run --host=127.0.0.1 --port=${toString cfg.port}";
Restart = "always";
StateDirectory = "automx2";
User = "automx2";
WorkingDirectory = "/var/lib/automx2";
};
unitConfig = {
Description = "MUA configuration service";
Documentation = "https://rseichter.github.io/automx2/";
};
wantedBy = [ "multi-user.target" ];
};
users = {
groups.automx2 = { };
users.automx2 = {
group = "automx2";
isSystemUser = true;
};
};
};
}