env/users/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

{ config, lib, ... }:
with lib; let
  cfg = config.local;
  inherit (config.networking) domain;
in
{
  imports = [
    ./mailbox.nix
  ];

  options.local = with types; {
    sysadmin = mkOption {
      type = str;
    };

    users = mkOption {
      default = { };

      type = attrsOf (submodule ({ config, ... }: {
        options = {
          uid = mkOption {
            type = int;
          };

          gid = mkOption {
            type = int;
          };

          gecos = mkOption {
            type = str;
            default = "";
          };

          sysadmin = mkOption {
            type = bool;
            default = false;
          };

          groups = mkOption {
            type = listOf str;
            default = [ ];
          };

          allowLogin = mkOption {
            type = bool;
            default = true;
          };

          hardAliases = mkOption {
            type = listOf str;
            default = [ ];
          };
        };

        config.groups = mkBefore (optional config.sysadmin "wheel");
      }));
    };

    virtual = mkOption {
      default = { };

      type = attrsOf (submodule ({ name, ... }: {
        options = {
          aliases = mkOption {
            type = attrsOf (listOf str);
            default = { };
          };

          rules = mkOption {
            default = [ ];

            type = listOf (submodule {
              options = {
                pattern = mkOption {
                  type = str;
                };

                targets = mkOption {
                  type = listOf str;
                };
              };
            });
          };

          users = mkOption {
            type = attrsOf (submodule { });
            default = { };
          };
        };

        config.aliases =
          let
            sysadmin = mkDefault [ "sysadmin@${name}" ];
          in
          {
            abuse = sysadmin;
            security = sysadmin;
            webmaster = sysadmin;
            hostmaster = sysadmin;
            postmaster = sysadmin;

            sysadmin = mkDefault [ "sysadmin@${domain}" ];
          };
      }));
    };
  };

  config.local = mkMerge [
    {
      users = import ./users.nix;
      virtual = import ./virtual.nix;

      sysadmin =
        (findSingle
          (user: user.value.sysadmin)
          (throw "no user is declared as sysadmin")
          (throw "more than one user is declared as sysadmin")
          (mapAttrsToList nameValuePair cfg.users)
        ).name;
    }

    {
      virtual.${domain}.aliases.sysadmin = [ cfg.sysadmin ];
    }
  ];
}