diff options
author | Robin Raymond <robin@robinraymond.de> | 2018-04-08 15:28:58 +0200 |
---|---|---|
committer | Robin Raymond <robin@robinraymond.de> | 2018-04-08 15:28:58 +0200 |
commit | e4c6682eb9b6fda4d88a44081b0b84181cbeed78 (patch) | |
tree | 03f153b189e4c8c7a13a0b9de63a2adfe8db8bb5 /default.nix | |
parent | 9a68daea0f792245fbe2ecf1370dc8b37243d8b1 (diff) | |
parent | c28d7756c175e496a67e21f1787e37282e835270 (diff) |
Merge branch 'master' of github.com:r-raymond/nixos-mailserver
Diffstat (limited to 'default.nix')
-rw-r--r-- | default.nix | 166 |
1 files changed, 160 insertions, 6 deletions
diff --git a/default.nix b/default.nix index 579624a..5ef87a3 100644 --- a/default.nix +++ b/default.nix @@ -66,6 +66,8 @@ in default = []; description = '' A list of aliases of this login account. + Note: Use list entries like "@example.com" to create a catchAll + that allows sending from all email addresses in these domain. ''; }; @@ -75,6 +77,7 @@ in default = []; description = '' For which domains should this account act as a catch all? + Note: Does not allow sending from all addresses of these domains. ''; }; @@ -135,19 +138,30 @@ in }; extraVirtualAliases = mkOption { - type = types.attrsOf (types.enum (builtins.attrNames cfg.loginAccounts)); + type = types.loaOf (mkOptionType { + name = "Login Account"; + check = (ele: + let accounts = builtins.attrNames cfg.loginAccounts; + in if (builtins.isList ele) + then (builtins.all (x: builtins.elem x accounts) ele) && (builtins.length ele > 0) + else (builtins.elem ele accounts)); + }); example = { "info@example.com" = "user1@example.com"; "postmaster@example.com" = "user1@example.com"; "abuse@example.com" = "user1@example.com"; + "multi@example.com" = [ "user1@example.com" "user2@example.com" ]; }; description = '' - Virtual Aliases. A virtual alias `"info@example2.com" = "user1@example.com"` means that - all mail to `info@example2.com` is forwarded to `user1@example.com`. Note + Virtual Aliases. A virtual alias `"info@example.com" = "user1@example.com"` means that + all mail to `info@example.com` is forwarded to `user1@example.com`. Note that it is expected that `postmaster@example.com` and `abuse@example.com` is forwarded to some valid email address. (Alternatively you can create login accounts for `postmaster` and (or) `abuse`). Furthermore, it also allows - the user `user1@example.com` to send emails as `info@example2.com`. + the user `user1@example.com` to send emails as `info@example.com`. + It's also possible to create an alias for multiple accounts. In this + example all mails for `multi@example.com` will be forwarded to both + `user1@example.com` and `user2@example.com`. ''; default = {}; }; @@ -395,12 +409,22 @@ in type = types.bool; default = false; description = '' - Whether to enable verbose logging for mailserver related services. This + Whether to enable verbose logging for mailserver related services. This intended be used for development purposes only, you probably don't want to enable this unless you're hacking on nixos-mailserver. ''; }; + maxConnectionsPerUser = mkOption { + type = types.int; + default = 100; + description = '' + Maximum number of IMAP/POP3 connections allowed for a user from each IP address. + E.g. a value of 50 allows for 50 IMAP and 50 POP3 connections at the same + time for a single user. + ''; + }; + localDnsResolver = mkOption { type = types.bool; default = true; @@ -464,9 +488,138 @@ in description = '' The configuration used for monitoring via monit. Use a mail address that you actively check and set it via 'set alert ...'. + ''; + }; + }; + + borgbackup = { + enable = mkEnableOption "backup via borgbackup"; + + repoLocation = mkOption { + type = types.string; + default = "/var/borgbackup"; + description = '' + The location where borg saves the backups. + This can be a local path or a remote location such as user@host:/path/to/repo. + It is exported and thus available as an environment variable to cmdPreexec and cmdPostexec. + ''; + }; + + startAt = mkOption { + type = types.string; + default = "hourly"; + description = "When or how often the backup should run. Must be in the format described in systemd.time 7."; + }; + + user = mkOption { + type = types.string; + default = "virtualMail"; + description = "The user borg and its launch script is run as."; + }; + + group = mkOption { + type = types.string; + default = "virtualMail"; + description = "The group borg and its launch script is run as."; + }; + + compression = { + method = mkOption { + type = types.nullOr (types.enum ["none" "lz4" "zstd" "zlib" "lzma"]); + default = null; + description = "Leaving this unset allows borg to choose. The default for borg 1.1.4 is lz4."; + }; + + level = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + Denotes the level of compression used by borg. + Most methods accept levels from 0 to 9 but zstd which accepts values from 1 to 22. + If null the decision is left up to borg. ''; - }; }; + + auto = mkOption { + type = types.bool; + default = false; + description = "Leaves it to borg to determine whether an individual file should be compressed."; + }; + }; + + encryption = { + method = mkOption { + type = types.enum [ + "none" + "authenticated" + "authenticated-blake2" + "repokey" + "keyfile" + "repokey-blake2" + "keyfile-blake2" + ]; + default = "none"; + description = '' + The backup can be encrypted by choosing any other value than 'none'. + When using encryption the password / passphrase must be provided in passphraseFile. + ''; + }; + + passphraseFile = mkOption { + type = types.nullOr types.path; + default = null; + }; + }; + + name = mkOption { + type = types.string; + default = "{hostname}-{user}-{now}"; + description = '' + The name of the individual backups as used by borg. + Certain placeholders will be replaced by borg. + ''; + }; + + locations = mkOption { + type = types.listOf types.path; + default = [cfg.mailDirectory]; + description = "The locations that are to be backed up by borg."; + }; + + extraArgumentsForInit = mkOption { + type = types.listOf types.string; + default = ["--critical"]; + description = "Additional arguments to add to the borg init command line."; + }; + + extraArgumentsForCreate = mkOption { + type = types.listOf types.string; + default = [ ]; + description = "Additional arguments to add to the borg create command line e.g. '--stats'."; + }; + + cmdPreexec = mkOption { + type = types.nullOr types.string; + default = null; + description = '' + The command to be executed before each backup operation. + This is called prior to borg init in the same script that runs borg init and create and cmdPostexec. + Example: + export BORG_RSH="ssh -i /path/to/private/key" + ''; + }; + + cmdPostexec = mkOption { + type = types.nullOr types.string; + default = null; + description = '' + The command to be executed after each backup operation. + This is called after borg create completed successfully and in the same script that runs + cmdPreexec, borg init and create. + ''; + }; + + }; backup = { enable = mkEnableOption "backup via rsnapshot"; @@ -529,6 +682,7 @@ in }; imports = [ + ./mail-server/borgbackup.nix ./mail-server/rsnapshot.nix ./mail-server/clamav.nix ./mail-server/monit.nix |