summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/exim.nix
blob: d4ea78c97ed6041e5c2566473e6b36fac4af146b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
{ config, lib, pkgs, ... }: with import ../../lib/lib.nix { inherit lib; }; let
  cfg = config.krebs.exim;
in {
  options.krebs.exim = {
    enable = mkEnableOption "krebs.exim";
    config = mkOption {
      type = types.str;
      default = "";
      description = ''
        Verbatim Exim configuration.  This should not contain exim_user,
        exim_group, exim_path, or spool_directory.
      '';
    };
    user = mkOption {
      type = types.user;
      default = {
        name = "exim";
        home = "/var/spool/exim";
      };
      description = ''
        User to use when no root privileges are required.
        In particular, this applies when receiving messages and when doing
        remote deliveries.  (Local deliveries run as various non-root users,
        typically as the owner of a local mailbox.) Specifying this value
        as root is not supported.
      '';
    };
    group = mkOption {
      type = types.group;
      default = {
        name = "exim";
      };
      description = ''
        Group to use when no root privileges are required.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
    environment = {
      etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" /* exim */ ''
        exim_user = ${cfg.user.name}
        exim_group = ${cfg.group.name}
        exim_path = /run/wrappers/bin/exim
        spool_directory = ${cfg.user.home}

        # https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
        chunking_advertise_hosts =

        ${cfg.config}
      '';
      systemPackages = [ pkgs.exim ];
    };
    krebs.setuid = {
      exim = {
        filename = "${pkgs.exim}/bin/exim";
        mode = "4111";
      };
      sendmail = {
        filename = "${pkgs.exim}/bin/exim";
        mode = "4111";
      };
    };
    systemd.services.exim = {
      restartTriggers = [
        config.environment.etc."exim.conf".source
      ];
      serviceConfig = {
        ExecStart = "+${pkgs.exim}/bin/exim -bdf -q30m";
        ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        User = cfg.user.name;
      };
      wantedBy = [ "multi-user.target" ];
    };
    users = {
      groups.${cfg.group.name} = {
        inherit (cfg.group) name gid;
      };
      users.${cfg.user.name} = {
        inherit (cfg.user) home name uid;
        createHome = true;
        group = cfg.group.name;
        isSystemUser = true;
      };
    };
  };
}