@ -53,30 +53,42 @@ let
etc_dir : /etc
ext_dir : $ etc_dir/mailman.d
pid_file : /run/mailman/master.pid
'' + o p t i o n a l S t r i n g ( c f g . h y p e r k i t t y A p i K e y ! = n u l l ) ''
'' + o p t i o n a l S t r i n g c f g . h y p e r k i t t y . e n a b l e ''
[ archiver . hyperkitty ]
class : mailman_hyperkitty . Archiver
enable : yes
configuration : $ { pkgs . writeText " m a i l m a n - h y p e r k i t t y . c f g " mailmanHyperkittyCfg }
configuration : /var/lib/mailman/mailman-hyperkitty.cfg
'' ;
mailmanHyperkittyCfg = ''
mailmanHyperkittyCfg = pkgs . writeText " m a i l m a n - h y p e r k i t t y . c f g " ''
[ general ]
# This is your HyperKitty installation, preferably on the localhost. This
# address will be used by Mailman to forward incoming emails to HyperKitty
# for archiving. It does not need to be publicly available, in fact it's
# better if it is not.
base_url : $ { cfg . hyperkittyB aseUrl }
base_url : $ { cfg . hyperkitty . b aseUrl}
# Shared API key, must be the identical to the value in HyperKitty's
# settings.
api_key : $ { cfg . hyperkittyApiKey }
api_key : @ API_KEY @
'' ;
in {
###### interface
imports = [
( mkRenamedOptionModule [ " s e r v i c e s " " m a i l m a n " " h y p e r k i t t y B a s e U r l " ]
[ " s e r v i c e s " " m a i l m a n " " h y p e r k i t t y " " b a s e U r l " ] )
( mkRemovedOptionModule [ " s e r v i c e s " " m a i l m a n " " h y p e r k i t t y A p i K e y " ] ''
The Hyperkitty API key is now generated on first run , and not
stored in the world-readable Nix store . To continue using
Hyperkitty , you must set services . mailman . hyperkitty . enable = true .
'' )
] ;
options = {
services . mailman = {
@ -128,24 +140,17 @@ in {
'' ;
} ;
hyperkittyBaseUrl = mkOption {
type = types . str ;
default = " h t t p : / / l o c a l h o s t / h y p e r k i t t y / " ;
description = ''
Where can Mailman connect to Hyperkitty's internal API , preferably on
localhost ?
'' ;
} ;
hyperkittyApiKey = mkOption {
type = types . nullOr types . str ;
default = null ;
description = ''
The shared secret used to authenticate Mailman's internal
communication with Hyperkitty . Must be set to enable support for the
Hyperkitty archiver . Note that this secret is going to be visible to
all local users in the Nix store .
'' ;
hyperkitty = {
enable = mkEnableOption " t h e H y p e r k i t t y a r c h i v e r f o r M a i l m a n " ;
baseUrl = mkOption {
type = types . str ;
default = " h t t p : / / l o c a l h o s t / h y p e r k i t t y / " ;
description = ''
Where can Mailman connect to Hyperkitty's internal API , preferably on
localhost ?
'' ;
} ;
} ;
} ;
@ -187,13 +192,47 @@ in {
ExecStop = " ${ mailmanExe } / b i n / m a i l m a n s t o p " ;
User = " m a i l m a n " ;
Type = " f o r k i n g " ;
StateDirectory = " m a i l m a n " ;
StateDirectoryMode = " 0 7 0 0 " ;
RuntimeDirectory = " m a i l m a n " ;
PIDFile = " / r u n / m a i l m a n / m a s t e r . p i d " ;
} ;
} ;
systemd . services . mailman-secrets = {
description = " G e n e r a t e H y p e r k i t t y A P I k e y " ;
before = [ " m a i l m a n . s e r v i c e " " m a i l m a n - w e b . s e r v i c e " " h y p e r k i t t y . s e r v i c e " " h t t p d . s e r v i c e " " u w s g i . s e r v i c e " ] ;
requiredBy = [ " m a i l m a n . s e r v i c e " " m a i l m a n - w e b . s e r v i c e " " h y p e r k i t t y . s e r v i c e " " h t t p d . s e r v i c e " " u w s g i . s e r v i c e " ] ;
script = ''
mailmanDir = /var/lib/mailman
mailmanWebDir = /var/lib/mailman-web
mailmanCfg = $ mailmanDir/mailman-hyperkitty.cfg
hyperkittyCfg = $ mailmanWebDir/settings_local.py
[ - e $ mailmanCfg - o - e $ hyperkittyCfg ] && exit 0
install - m 0700 - o mailman - g nogroup - d $ mailmanDir
install - m 0700 - o $ { cfg . webUser } - g nogroup - d $ mailmanWebDir
hyperkittyApiKey = $ ( tr - dc A-Za-z0-9 < /dev/urandom | head - c 64 )
secretKey = $ ( tr - dc A-Za-z0-9 < /dev/urandom | head - c 64 )
hyperkittyCfgTmp = $ ( mktemp )
echo " M A I L M A N _ A R C H I V E R _ K E Y = ' $ h y p e r k i t t y A p i K e y ' " > > " $ h y p e r k i t t y C f g T m p "
echo " S E C R E T _ K E Y = ' $ s e c r e t K e y ' " > > " $ h y p e r k i t t y C f g T m p "
chown $ { cfg . webUser } " $ h y p e r k i t t y C f g T m p "
mailmanCfgTmp = $ ( mktemp )
sed " s / @ A P I _ K E Y @ / $ h y p e r k i t t y A p i K e y / g " $ { mailmanHyperkittyCfg } > " $ m a i l m a n C f g T m p "
chown mailman " $ m a i l m a n C f g T m p "
mv - n " $ h y p e r k i t t y C f g T m p " $ hyperkittyCfg
mv - n " $ m a i l m a n C f g T m p " $ mailmanCfg
'' ;
serviceConfig = {
Type = " o n e s h o t " ;
} ;
} ;
systemd . services . mailman-web = {
description = " I n i t P o s t o r i u s D B " ;
before = [ " h t t p d . s e r v i c e " ] ;
@ -207,8 +246,6 @@ in {
serviceConfig = {
User = cfg . webUser ;
Type = " o n e s h o t " ;
StateDirectory = " m a i l m a n - w e b " ;
StateDirectoryMode = " 0 7 0 0 " ;
WorkingDirectory = " / v a r / l i b / m a i l m a n - w e b " ;
} ;
} ;
@ -223,7 +260,7 @@ in {
} ;
systemd . services . hyperkitty = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " G N U H y p e r k i t t y Q C l u s t e r P r o c e s s " ;
after = [ " n e t w o r k . t a r g e t " ] ;
wantedBy = [ " m a i l m a n . s e r v i c e " " m u l t i - u s e r . t a r g e t " ] ;
@ -235,7 +272,7 @@ in {
} ;
systemd . services . hyperkitty-minutely = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " T r i g g e r m i n u t e l y H y p e r k i t t y e v e n t s " ;
startAt = " m i n u t e l y " ;
serviceConfig = {
@ -246,7 +283,7 @@ in {
} ;
systemd . services . hyperkitty-quarter-hourly = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " T r i g g e r q u a r t e r - h o u r l y H y p e r k i t t y e v e n t s " ;
startAt = " * : 0 0 / 1 5 " ;
serviceConfig = {
@ -257,7 +294,7 @@ in {
} ;
systemd . services . hyperkitty-hourly = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " T r i g g e r h o u r l y H y p e r k i t t y e v e n t s " ;
startAt = " h o u r l y " ;
serviceConfig = {
@ -268,7 +305,7 @@ in {
} ;
systemd . services . hyperkitty-daily = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " T r i g g e r d a i l y H y p e r k i t t y e v e n t s " ;
startAt = " d a i l y " ;
serviceConfig = {
@ -279,7 +316,7 @@ in {
} ;
systemd . services . hyperkitty-weekly = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " T r i g g e r w e e k l y H y p e r k i t t y e v e n t s " ;
startAt = " w e e k l y " ;
serviceConfig = {
@ -290,7 +327,7 @@ in {
} ;
systemd . services . hyperkitty-yearly = {
enable = cfg . hyperkittyApiKey != null ;
inherit ( cfg . hyperkitty ) enable ;
description = " T r i g g e r y e a r l y H y p e r k i t t y e v e n t s " ;
startAt = " y e a r l y " ;
serviceConfig = {