nixos/stalwart-mail: support adding secrets (#380588)

2025-06-12 20:55:31 +03:00 · 2025-02-23 16:00:01 +07:00 · 2025-02-23 16:00:01 +07:00 · ddef0335cb
commit ddef0335cb
parent 70e259a2d5 f6f3d482cb
1 changed files with 16 additions and 0 deletions
--- a/nixos/modules/services/mail/stalwart-mail.nix
+++ b/nixos/modules/services/mail/stalwart-mail.nix
@ -53,6 +53,21 @@ in
        Data directory for stalwart
      '';
    };
+
+    credentials = lib.mkOption {
+      description = ''
+        Credentials envs used to configure Stalwart-Mail secrets.
+        These secrets can be accessed in configuration values with
+        the macros such as
+        `%{file:/run/credentials/stalwart-mail.service/VAR_NAME}%`.
+      '';
+      type = lib.types.attrsOf lib.types.str;
+      default = { };
+      example = {
+        user_admin_password = "/run/keys/stalwart_admin_password";
+      };
+    };
+
  };

  config = lib.mkIf cfg.enable {
@ -149,6 +164,7 @@ in
            ""
            "${cfg.package}/bin/stalwart-mail --config=${configFile}"
          ];
+          LoadCredential = lib.mapAttrsToList (key: value: "${key}:${value}") cfg.credentials;

          StandardOutput = "journal";
          StandardError = "journal";