services.exim -> krebs.exim

krebs/3modules/default.nix

@@ -13,6 +13,7 @@ let
       ./buildbot/slave.nix
       ./build.nix
       ./current.nix
+      ./exim.nix
       ./exim-retiolum.nix
       ./exim-smarthost.nix
       ./fetchWallpaper.nix

krebs/3modules/exim.nix

@@ -1,37 +1,22 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }: with config.krebs.lib; let
-
+  cfg = config.krebs.exim;
-let
+in {
-  inherit (lib) mkIf mkOption singleton types;
+  options.krebs.exim = {
-  inherit (pkgs) coreutils exim;
+    enable = mkEnableOption "krebs.exim";
-  cfg = config.services.exim;
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.exim = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable the Exim mail transfer agent.";
-      };
-
     config = mkOption {
-        type = types.string;
+      type = types.str;
       default = "";
       description = ''
         Verbatim Exim configuration.  This should not contain exim_user,
         exim_group, exim_path, or spool_directory.
       '';
     };
-
     user = mkOption {
-        type = types.string;
+      type = types.user;
-        default = "exim";
+      default = {
+        name = "exim";
+        home = "/var/spool/exim";
+      };
       description = ''
         User to use when no root privileges are required.
         In particular, this applies when receiving messages and when doing
@@ -40,72 +25,56 @@ in
         as root is not supported.
       '';
     };
-
     group = mkOption {
-        type = types.string;
+      type = types.group;
-        default = "exim";
+      default = {
+        name = "exim";
+      };
       description = ''
         Group to use when no root privileges are required.
       '';
     };
-
-      spoolDir = mkOption {
-        type = types.string;
-        default = "/var/spool/exim";
-        description = ''
-          Location of the spool directory of exim.
-        '';
   };
-
+  config = lib.mkIf cfg.enable {
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
     environment = {
       etc."exim.conf".text = ''
-        exim_user = ${cfg.user}
+        exim_user = ${cfg.user.name}
-        exim_group = ${cfg.group}
+        exim_group = ${cfg.group.name}
         exim_path = /var/setuid-wrappers/exim
-        spool_directory = ${cfg.spoolDir}
+        spool_directory = ${cfg.user.home}
         ${cfg.config}
       '';
-      systemPackages = [ exim ];
+      systemPackages = [ pkgs.exim ];
     };
-
+    krebs.setuid = {
-    users.extraUsers = singleton {
+      exim = {
-      name = cfg.user;
+        filename = "${pkgs.exim}/bin/exim";
-      description = "Exim mail transfer agent user";
+        mode = "4111";
-      uid = config.ids.uids.exim;
+      };
-      group = cfg.group;
+      sendmail = {
+        filename = "${pkgs.exim}/bin/exim";
+        mode = "4111";
       };
-
-    users.extraGroups = singleton {
-      name = cfg.group;
-      gid = config.ids.gids.exim;
     };
-
-    security.setuidPrograms = [ "exim" ];
-
     systemd.services.exim = {
-      description = "Exim Mail Daemon";
+      restartTriggers = [
-      wantedBy = [ "multi-user.target" ];
+        config.environment.etc."exim.conf".source
+      ];
       serviceConfig = {
-        ExecStart   = "${exim}/bin/exim -bdf -q30m";
+        ExecStart = "${pkgs.exim}/bin/exim -bdf -q30m";
-        ExecReload  = "${coreutils}/bin/kill -HUP $MAINPID";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+    users = {
+      groups.${cfg.group.name} = {
+        inherit (cfg.group) name gid;
+      };
+      users.${cfg.user.name} = {
+        inherit (cfg.user) home name uid;
+        createHome = true;
+        group = cfg.group.name;
       };
-      preStart = ''
-        if ! test -d ${cfg.spoolDir}; then
-          ${coreutils}/bin/mkdir -p ${cfg.spoolDir}
-          ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.spoolDir}
-        fi
-      '';
     };
-
   };
-
 }