| blob | 2f9164f700fecd99d97bea76b238deece69bb78b |
1 { config, pkgs, lib, ... }:
2 let
3 cfg = config.services.zeyple;
4 ini = pkgs.formats.ini { };
6 gpgHome = pkgs.runCommand "zeyple-gpg-home" { } ''
7 mkdir -p $out
8 for file in ${lib.concatStringsSep " " cfg.keys}; do
9 ${config.programs.gnupg.package}/bin/gpg --homedir="$out" --import "$file"
10 done
12 # Remove socket files
13 rm -f $out/S.*
14 '';
15 in {
16 options.services.zeyple = {
17 enable = lib.mkEnableOption "Zeyple, an utility program to automatically encrypt outgoing emails with GPG";
19 user = lib.mkOption {
20 type = lib.types.str;
21 default = "zeyple";
22 description = ''
23 User to run Zeyple as.
25 ::: {.note}
26 If left as the default value this user will automatically be created
27 on system activation, otherwise the sysadmin is responsible for
28 ensuring the user exists.
29 :::
30 '';
31 };
33 group = lib.mkOption {
34 type = lib.types.str;
35 default = "zeyple";
36 description = ''
37 Group to use to run Zeyple.
39 ::: {.note}
40 If left as the default value this group will automatically be created
41 on system activation, otherwise the sysadmin is responsible for
42 ensuring the user exists.
43 :::
44 '';
45 };
47 settings = lib.mkOption {
48 type = ini.type;
49 default = { };
50 description = ''
51 Zeyple configuration. refer to
52 <https://github.com/infertux/zeyple/blob/master/zeyple/zeyple.conf.example>
53 for details on supported values.
54 '';
55 };
57 keys = lib.mkOption {
58 type = with lib.types; listOf path;
59 description = "List of public key files that will be imported by gpg.";
60 };
62 rotateLogs = lib.mkOption {
63 type = lib.types.bool;
64 default = true;
65 description = "Whether to enable rotation of log files.";
66 };
67 };
69 config = lib.mkIf cfg.enable {
70 users.groups = lib.optionalAttrs (cfg.group == "zeyple") { "${cfg.group}" = { }; };
71 users.users = lib.optionalAttrs (cfg.user == "zeyple") {
72 "${cfg.user}" = {
73 isSystemUser = true;
74 group = cfg.group;
75 };
76 };
78 services.zeyple.settings = {
79 zeyple = lib.mapAttrs (name: lib.mkDefault) {
80 log_file = "/var/log/zeyple/zeyple.log";
81 force_encrypt = true;
82 };
84 gpg = lib.mapAttrs (name: lib.mkDefault) { home = "${gpgHome}"; };
86 relay = lib.mapAttrs (name: lib.mkDefault) {
87 host = "localhost";
88 port = 10026;
89 };
90 };
92 environment.etc."zeyple.conf".source = ini.generate "zeyple.conf" cfg.settings;
94 systemd.tmpfiles.settings."10-zeyple".${cfg.settings.zeyple.log_file}.f = {
95 inherit (cfg) user group;
96 mode = "0600";
97 };
99 services.logrotate = lib.mkIf cfg.rotateLogs {
100 enable = true;
101 settings.zeyple = {
102 files = cfg.settings.zeyple.log_file;
103 frequency = "weekly";
104 rotate = 5;
105 compress = true;
106 copytruncate = true;
107 };
108 };
110 services.postfix.extraMasterConf = ''
111 zeyple unix - n n - - pipe
112 user=${cfg.user} argv=${pkgs.zeyple}/bin/zeyple ''${recipient}
114 localhost:${toString cfg.settings.relay.port} inet n - n - 10 smtpd
115 -o content_filter=
116 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
117 -o smtpd_helo_restrictions=
118 -o smtpd_client_restrictions=
119 -o smtpd_sender_restrictions=
120 -o smtpd_recipient_restrictions=permit_mynetworks,reject
121 -o mynetworks=127.0.0.0/8,[::1]/128
122 -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
123 '';
125 services.postfix.extraConfig = "content_filter = zeyple";
126 };
127 }