about summary refs log tree commit diff stats
path: root/modules/by-name/st/stalwart-mail/module.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/by-name/st/stalwart-mail/module.nix66
1 files changed, 37 insertions, 29 deletions
diff --git a/modules/by-name/st/stalwart-mail/module.nix b/modules/by-name/st/stalwart-mail/module.nix
index 7bd985f..396116d 100644
--- a/modules/by-name/st/stalwart-mail/module.nix
+++ b/modules/by-name/st/stalwart-mail/module.nix
@@ -10,6 +10,33 @@
 
   configFormat = pkgs.formats.toml {};
   configFile = configFormat.generate "stalwart-mail.toml" topCfg.settings;
+
+  hashedPassword = let
+    prefix = pre: lib.types.strMatching "^${lib.strings.escapeRegex pre}.*";
+  in
+    lib.types.oneOf [
+      (prefix "$argon2")
+      (prefix "$pbkdf2")
+      (prefix "$scrypt")
+      (prefix "$2") # bcrypt
+      (prefix "$6$") # sha-512
+      (prefix "$5$") # sha-256
+      (prefix "$sha1")
+      (prefix "$1") # md5
+      (prefix "_") # BSDi crypt
+      (prefix "{SHA}") # base64 sha
+      (prefix "{SSHA}") # base64 salted sha
+
+      # unix crypt
+      (prefix "{CRYPT}")
+      (prefix "{crypt}")
+
+      # Plain text
+      (prefix "{PLAIN}")
+      (prefix "{plain}")
+      (prefix "{CLEAR}")
+      (prefix "{clear}")
+    ];
 in {
   imports = [
     ./settings.nix
@@ -24,14 +51,20 @@ in {
       description = ''
         Email address to advertise as administrator. This is the address, where dkim, spv
         etc. refusal reports are sent to.
-
-        The format should be: `mailto:<name>@<domain>`
       '';
       type = lib.types.str;
-      example = "mailto:dmarc+rua@example.com";
+      example = "dmarc+rua@example.com";
       default = "";
     };
 
+    initialAdminPassword = lib.mkOption {
+      type = hashedPassword;
+      description = ''
+        The hash of the password for the admin account, used to bootstrap account
+        creation.
+      '';
+    };
+
     fqdn = lib.mkOption {
       type = lib.types.str;
       example = "mail.foss-syndicate.org";
@@ -61,32 +94,7 @@ in {
           };
 
           secret = lib.mkOption {
-            type = let
-              prefix = pre: lib.types.strMatching "^${lib.strings.escapeRegex pre}.*";
-            in
-              lib.types.oneOf [
-                (prefix "$argon2")
-                (prefix "$pbkdf2")
-                (prefix "$scrypt")
-                (prefix "$2") # bcrypt
-                (prefix "$6$") # sha-512
-                (prefix "$5$") # sha-256
-                (prefix "$sha1")
-                (prefix "$1") # md5
-                (prefix "_") # BSDi crypt
-                (prefix "{SHA}") # base64 sha
-                (prefix "{SSHA}") # base64 salted sha
-
-                # unix crypt
-                (prefix "{CRYPT}")
-                (prefix "{crypt}")
-
-                # Plain text
-                (prefix "{PLAIN}")
-                (prefix "{plain}")
-                (prefix "{CLEAR}")
-                (prefix "{clear}")
-              ];
+            type = hashedPassword;
             description = ''
               Sets the password for the user account.
               Passwords can be stored hashed or in plain text (not recommended).
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-24 20:57:21 +0000