modules/stalwart-mail-free: Remove all `security` dependent checks if it's null

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-03-04 21:21:17 +0100
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-03-09 13:44:37 +0100
commit: 92f59766c67e4425b4e7fb0e7f157ece68083241 (patch)
tree: bcd150d46f39ed1829b6bdb98b322b96c21f02b4 /modules
parent: pkgs/stalwart-mail-free: Avoid running `stalwart-mail`'s tests (diff)
download: nixos-server-92f59766c67e4425b4e7fb0e7f157ece68083241.zip
2 files changed, 19 insertions, 13 deletions
diff --git a/modules/by-name/st/stalwart-mail/module.nix b/modules/by-name/st/stalwart-mail/module.nix
index 031c35b..0889549 100644
--- a/modules/by-name/st/stalwart-mail/module.nix
+++ b/modules/by-name/st/stalwart-mail/module.nix
@@ -268,11 +268,12 @@ in {
     systemd = {
       services.stalwart-mail = {
         wantedBy = ["multi-user.target"];
-        requires = [
-          "redis-stalwart-mail.service"
-          "network-online.target"
-          "acme-${cfg.fqdn}.service"
-        ];
+        requires =
+          [
+            "redis-stalwart-mail.service"
+            "network-online.target"
+          ]
+          ++ (lib.optional (cfg.security != null) "acme-${cfg.fqdn}.service");
         after = [
           "local-fs.target"
           "network.target"
diff --git a/modules/by-name/st/stalwart-mail/settings.nix b/modules/by-name/st/stalwart-mail/settings.nix
index 1d63489..7032ae0 100644
--- a/modules/by-name/st/stalwart-mail/settings.nix
+++ b/modules/by-name/st/stalwart-mail/settings.nix
@@ -13,6 +13,11 @@
       })
       (lib.attrsToList cfg.security.dkimKeys))
     ++ [{"else" = false;}];
+
+  maybeVerificationMode =
+    if cfg.security != null
+    then cfg.security.verificationMode
+    else "disable";
 in {
   config.services.stalwart-mail.settings = lib.mkIf cfg.enable {
     # https://www.rfc-editor.org/rfc/rfc6376.html#section-3.3
@@ -51,24 +56,24 @@ in {
       ];
     in {
       iprev = {
-        verify = ifNotSmpt cfg.security.verificationMode "disable";
+        verify = ifNotSmpt maybeVerificationMode "disable";
       };
       spf = {
         verify = {
-          ehlo = ifNotSmpt cfg.security.verificationMode "disable";
+          ehlo = ifNotSmpt maybeVerificationMode "disable";
 
-          mail-from = ifNotSmpt cfg.security.verificationMode "disable";
+          mail-from = ifNotSmpt maybeVerificationMode "disable";
         };
       };
       dmarc = {
-        verify = ifNotSmpt cfg.security.verificationMode "disable";
+        verify = ifNotSmpt maybeVerificationMode "disable";
       };
       arc = {
         seal = lib.mkIf (cfg.security != null) signaturesByDomain;
-        verify = ifNotSmpt cfg.security.verificationMode "disable";
+        verify = ifNotSmpt maybeVerificationMode "disable";
       };
       dkim = {
-        verify = ifNotSmpt cfg.security.verificationMode "disable";
+        verify = ifNotSmpt maybeVerificationMode "disable";
 
         # Ignore insecure dkim signed messages (i.e., messages containing both
         # signed and appended not-signed content.)
@@ -140,13 +145,13 @@ in {
       outbound = {
         tls = {
           starttls =
-            if cfg.security.verificationMode == "strict"
+            if maybeVerificationMode == "strict"
             then "require"
             else "optional";
           allow-invalid-certs = false;
           ip-strategy = "ipv6_then_ipv4";
           mta-sts =
-            if cfg.security.verificationMode == "strict"
+            if maybeVerificationMode == "strict"
             then "require"
             else "optional";
         };
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-03-04 21:21:17 +0100
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-03-09 13:44:37 +0100
commit	92f59766c67e4425b4e7fb0e7f157ece68083241 (patch)
tree	bcd150d46f39ed1829b6bdb98b322b96c21f02b4 /modules
parent	pkgs/stalwart-mail-free: Avoid running `stalwart-mail`'s tests (diff)
download	nixos-server-92f59766c67e4425b4e7fb0e7f157ece68083241.zip