1 files changed, 126 insertions, 0 deletions

diff --git a/env/users/default.nix b/env/users/default.nix
new file mode 100644
index 0000000..3602630
--- /dev/null
+++ b/env/users/default.nix
@@ -0,0 +1,126 @@
+{ config, lib, ... }:
+with lib; let
+  cfg = config.local;
+  inherit (config.networking) domain;
+in
+{
+  imports = [
+    ./mailbox.nix
+  ];
+
+  options.local = with types; {
+    sysadmin = mkOption {
+      type = str;
+    };
+
+    users = mkOption {
+      default = { };
+
+      type = attrsOf (submodule ({ config, ... }: {
+        options = {
+          uid = mkOption {
+            type = int;
+          };
+
+          gid = mkOption {
+            type = int;
+          };
+
+          gecos = mkOption {
+            type = str;
+            default = "";
+          };
+
+          sysadmin = mkOption {
+            type = bool;
+            default = false;
+          };
+
+          groups = mkOption {
+            type = listOf str;
+            default = [ ];
+          };
+
+          allowLogin = mkOption {
+            type = bool;
+            default = true;
+          };
+
+          hardAliases = mkOption {
+            type = listOf str;
+            default = [ ];
+          };
+        };
+
+        config.groups = mkBefore (optional config.sysadmin "wheel");
+      }));
+    };
+
+    virtual = mkOption {
+      default = { };
+
+      type = attrsOf (submodule ({ name, ... }: {
+        options = {
+          aliases = mkOption {
+            type = attrsOf (listOf str);
+            default = { };
+          };
+
+          rules = mkOption {
+            default = [ ];
+
+            type = listOf (submodule {
+              options = {
+                pattern = mkOption {
+                  type = str;
+                };
+
+                targets = mkOption {
+                  type = listOf str;
+                };
+              };
+            });
+          };
+
+          users = mkOption {
+            type = attrsOf (submodule { });
+            default = { };
+          };
+        };
+
+        config.aliases =
+          let
+            sysadmin = mkDefault [ "sysadmin@${name}" ];
+          in
+          {
+            abuse = sysadmin;
+            security = sysadmin;
+            webmaster = sysadmin;
+            hostmaster = sysadmin;
+            postmaster = sysadmin;
+
+            sysadmin = mkDefault [ "sysadmin@${domain}" ];
+          };
+      }));
+    };
+  };
+
+  config.local = mkMerge [
+    {
+      users = import ./users.nix;
+      virtual = import ./virtual.nix;
+
+      sysadmin =
+        (findSingle
+          (user: user.value.sysadmin)
+          (throw "no user is declared as sysadmin")
+          (throw "more than one user is declared as sysadmin")
+          (mapAttrsToList nameValuePair cfg.users)
+        ).name;
+    }
+
+    {
+      virtual.${domain}.aliases.sysadmin = [ cfg.sysadmin ];
+    }
+  ];
+}