| blob | 101a5fdffeefcdb040d9f9c679bc802c353b3628 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 with lib;
10 let
11 cfg = config.services.peroxide;
12 settingsFormat = pkgs.formats.yaml { };
13 stateDir = "peroxide";
14 in
15 {
16 options.services.peroxide = {
17 enable = mkEnableOption "peroxide";
19 package = mkPackageOption pkgs "peroxide" {
20 default = [ "peroxide" ];
21 };
23 logLevel = mkOption {
24 # https://github.com/sirupsen/logrus#level-logging
25 type = types.enum [
26 "Panic"
27 "Fatal"
28 "Error"
29 "Warning"
30 "Info"
31 "Debug"
32 "Trace"
33 ];
34 default = "Warning";
35 example = "Info";
36 description = "Only log messages of this priority or higher.";
37 };
39 settings = mkOption {
40 type = types.submodule {
41 freeformType = settingsFormat.type;
43 options = {
44 UserPortImap = mkOption {
45 type = types.port;
46 default = 1143;
47 description = "The port on which to listen for IMAP connections.";
48 };
50 UserPortSmtp = mkOption {
51 type = types.port;
52 default = 1025;
53 description = "The port on which to listen for SMTP connections.";
54 };
56 ServerAddress = mkOption {
57 type = types.str;
58 default = "[::0]";
59 example = "localhost";
60 description = "The address on which to listen for connections.";
61 };
62 };
63 };
64 default = { };
65 description = ''
66 Configuration for peroxide. See
67 [config.example.yaml](https://github.com/ljanyst/peroxide/blob/master/config.example.yaml)
68 for an example configuration.
69 '';
70 };
71 };
73 config = mkIf cfg.enable {
74 services.peroxide.settings = {
75 # peroxide deletes the cache directory on startup, which requires write
76 # permission on the parent directory, so we can't use
77 # /var/cache/peroxide
78 CacheDir = "/var/cache/peroxide/cache";
79 X509Key = mkDefault "/var/lib/${stateDir}/key.pem";
80 X509Cert = mkDefault "/var/lib/${stateDir}/cert.pem";
81 CookieJar = "/var/lib/${stateDir}/cookies.json";
82 CredentialsStore = "/var/lib/${stateDir}/credentials.json";
83 };
85 users.users.peroxide = {
86 isSystemUser = true;
87 group = "peroxide";
88 };
89 users.groups.peroxide = { };
91 systemd.services.peroxide = {
92 description = "Peroxide ProtonMail bridge";
93 requires = [ "network.target" ];
94 after = [ "network.target" ];
95 wantedBy = [ "multi-user.target" ];
97 restartTriggers = [ config.environment.etc."peroxide.conf".source ];
99 serviceConfig = {
100 Type = "simple";
101 User = "peroxide";
102 LogsDirectory = "peroxide";
103 LogsDirectoryMode = "0750";
104 # Specify just "peroxide" so that the user has write permission, because
105 # peroxide deletes and recreates the cache directory on startup.
106 CacheDirectory = [
107 "peroxide"
108 "peroxide/cache"
109 ];
110 CacheDirectoryMode = "0700";
111 StateDirectory = stateDir;
112 StateDirectoryMode = "0700";
113 ExecStart = "${cfg.package}/bin/peroxide -log-file=/var/log/peroxide/peroxide.log -log-level ${cfg.logLevel}";
114 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
115 };
117 preStart = ''
118 # Create a self-signed certificate if no certificate exists.
119 if [[ ! -e "${cfg.settings.X509Key}" && ! -e "${cfg.settings.X509Cert}" ]]; then
120 ${cfg.package}/bin/peroxide-cfg -action gen-x509 \
121 -x509-org 'N/A' \
122 -x509-cn 'nixos' \
123 -x509-cert "${cfg.settings.X509Cert}" \
124 -x509-key "${cfg.settings.X509Key}"
125 fi
126 '';
127 };
129 # https://github.com/ljanyst/peroxide/blob/master/peroxide.logrotate
130 services.logrotate.settings.peroxide = {
131 files = "/var/log/peroxide/peroxide.log";
132 rotate = 31;
133 frequency = "daily";
134 compress = true;
135 delaycompress = true;
136 missingok = true;
137 notifempty = true;
138 su = "peroxide peroxide";
139 postrotate = "systemctl reload peroxide";
140 };
142 environment.etc."peroxide.conf".source = settingsFormat.generate "peroxide.conf" cfg.settings;
143 environment.systemPackages = [ cfg.package ];
144 };
146 meta.maintainers = with maintainers; [
147 aanderse
148 aidalgol
149 ];
150 }