nebula: use shared config from julm-nix

[sourcephile-nix.git] / nixos / modules / services / mail / postfix.nix

diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index 916dffa24d572a563c72f82bd5aa8aad0031dea1..bab92739fd1166015cd73af23c0ae6a1904e445d 100644 (file)
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -4,44 +4,52 @@ let
   inherit (config.services) postfix;
 in
 {
-options = {
-  services.postfix = {
-    tls_server_sni_maps = lib.mkOption {
-      type = types.attrsOf (types.listOf types.path);
-      default = {};
-      apply = m: pkgs.writeText "sni" (lib.concatStringsSep "\n" (lib.mapAttrsToList (domain: x509: ''
-        ${domain} ${lib.concatStringsSep " " x509}
-      '') m));
+  options = {
+    services.postfix = {
+      tls_server_sni_maps = lib.mkOption {
+        type = types.attrsOf (types.listOf types.path);
+        default = { };
+        apply = m: pkgs.writeText "sni" (lib.concatStringsSep "\n" (lib.mapAttrsToList
+          (domain: x509: ''
+            ${domain} ${lib.concatStringsSep " " x509}
+          '')
+          m));
+      };
     };
   };
-};
-config = {
-  systemd.services.postfix = {
-    preStart = ''
-      install -m 400 -o root -g root ${postfix.tls_server_sni_maps} /run/keys/postfix-sni
-      ${pkgs.postfix}/bin/postmap -F hash:/run/keys/postfix-sni
-    '';
-  };
-  services.postfix = {
-    masterConfig = {
-      submissions-header-cleanup = {
-        type = "unix";
-        private = false;
-        maxproc = 0;
-        command = "cleanup";
-        args = ["-o" ("header_checks=pcre:" + pkgs.writeText "submission_header_cleanup_rules" ''
-          # Removes sensitive headers from mails handed in via the submission or smtps port.
-          # See https://thomas-leister.de/mailserver-debian-stretch/
-          # Uses "pcre" style regex.
+  config = {
+    systemd.services.postfix = {
+      preStart = ''
+        install -m 400 -o root -g root ${postfix.tls_server_sni_maps} /run/postfix/postfix-sni
+        ${pkgs.postfix}/bin/postmap -F hash:/run/postfix/postfix-sni
+      '';
+      serviceConfig = {
+        RuntimeDirectory = [ "postfix" ];
+      };
+    };
+    services.postfix = {
+      masterConfig = {
+        submissions-header-cleanup = {
+          type = "unix";
+          private = false;
+          maxproc = 0;
+          command = "cleanup";
+          args = [
+            "-o"
+            ("header_checks=pcre:" + pkgs.writeText "submission_header_cleanup_rules" ''
+              # Removes sensitive headers from mails handed in via the submission or smtps port.
+              # See https://thomas-leister.de/mailserver-debian-stretch/
+              # Uses "pcre" style regex.
 
-          /^Received:/         IGNORE
-          /^User-Agent:/       IGNORE
-          /^X-Enigmail:/       IGNORE
-          /^X-Mailer:/         IGNORE
-          /^X-Originating-IP:/ IGNORE
-        '')];
+              /^Received:/         IGNORE
+              /^User-Agent:/       IGNORE
+              /^X-Enigmail:/       IGNORE
+              /^X-Mailer:/         IGNORE
+              /^X-Originating-IP:/ IGNORE
+            '')
+          ];
+        };
       };
     };
   };
-};
 }