aboutsummaryrefslogtreecommitdiffstats
path: root/modules/by-name/st/stalwart-mail/module.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/by-name/st/stalwart-mail/module.nix66
1 files changed, 37 insertions, 29 deletions
diff --git a/modules/by-name/st/stalwart-mail/module.nix b/modules/by-name/st/stalwart-mail/module.nix
index 7bd985f..396116d 100644
--- a/modules/by-name/st/stalwart-mail/module.nix
+++ b/modules/by-name/st/stalwart-mail/module.nix
@@ -10,6 +10,33 @@
configFormat = pkgs.formats.toml {};
configFile = configFormat.generate "stalwart-mail.toml" topCfg.settings;
+
+ hashedPassword = let
+ prefix = pre: lib.types.strMatching "^${lib.strings.escapeRegex pre}.*";
+ in
+ lib.types.oneOf [
+ (prefix "$argon2")
+ (prefix "$pbkdf2")
+ (prefix "$scrypt")
+ (prefix "$2") # bcrypt
+ (prefix "$6$") # sha-512
+ (prefix "$5$") # sha-256
+ (prefix "$sha1")
+ (prefix "$1") # md5
+ (prefix "_") # BSDi crypt
+ (prefix "{SHA}") # base64 sha
+ (prefix "{SSHA}") # base64 salted sha
+
+ # unix crypt
+ (prefix "{CRYPT}")
+ (prefix "{crypt}")
+
+ # Plain text
+ (prefix "{PLAIN}")
+ (prefix "{plain}")
+ (prefix "{CLEAR}")
+ (prefix "{clear}")
+ ];
in {
imports = [
./settings.nix
@@ -24,14 +51,20 @@ in {
description = ''
Email address to advertise as administrator. This is the address, where dkim, spv
etc. refusal reports are sent to.
-
- The format should be: `mailto:<name>@<domain>`
'';
type = lib.types.str;
- example = "mailto:dmarc+rua@example.com";
+ example = "dmarc+rua@example.com";
default = "";
};
+ initialAdminPassword = lib.mkOption {
+ type = hashedPassword;
+ description = ''
+ The hash of the password for the admin account, used to bootstrap account
+ creation.
+ '';
+ };
+
fqdn = lib.mkOption {
type = lib.types.str;
example = "mail.foss-syndicate.org";
@@ -61,32 +94,7 @@ in {
};
secret = lib.mkOption {
- type = let
- prefix = pre: lib.types.strMatching "^${lib.strings.escapeRegex pre}.*";
- in
- lib.types.oneOf [
- (prefix "$argon2")
- (prefix "$pbkdf2")
- (prefix "$scrypt")
- (prefix "$2") # bcrypt
- (prefix "$6$") # sha-512
- (prefix "$5$") # sha-256
- (prefix "$sha1")
- (prefix "$1") # md5
- (prefix "_") # BSDi crypt
- (prefix "{SHA}") # base64 sha
- (prefix "{SSHA}") # base64 salted sha
-
- # unix crypt
- (prefix "{CRYPT}")
- (prefix "{crypt}")
-
- # Plain text
- (prefix "{PLAIN}")
- (prefix "{plain}")
- (prefix "{CLEAR}")
- (prefix "{clear}")
- ];
+ type = hashedPassword;
description = ''
Sets the password for the user account.
Passwords can be stored hashed or in plain text (not recommended).