update options to support new syntax

modules/homelab/.default.nix.template.nix

@@ -9,7 +9,7 @@
   sec = config.sops.secrets;
   homelab = config.homelab;
 in {
-  options.modules.services.${service} = {
+  options.homelab.${service} = {
     enable = lib.mkEnableOption "enables ${service}";
 
     # set port options

modules/homelab/postfix/default.nix

@@ -9,7 +9,7 @@
   sec = config.sops.secrets;
   homelab = config.homelab;
 in {
-  options.modules.services.${service} = {
+  options.homelab.${service} = {
     enable = lib.mkEnableOption "enables ${service}";
 
     # set port options
@@ -63,7 +63,8 @@ in {
       relayHost = "smtp.gmail.com";
       relayPort = cfg.port;
       config = {
-        smtp_use_tls = "yes";
+        #smtp_use_tls = "yes";
+        smtp_tls_security_level = "may";
         smtp_sasl_auth_enable = "yes";
         smtp_sasl_security_options = "";
         smtp_sasl_password_maps = "texthash:${config.sops.secrets."postfix_passwd".path}";

modules/homelab/postfix/default.nix.bak

@@ -0,0 +1,101 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  service = "postfix";
+  cfg = config.homelab.${service};
+  sec = config.sops.secrets;
+  homelab = config.homelab;
+in {
+  options.homelab.${service} = {
+    enable = lib.mkEnableOption "enables ${service}";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 587;
+      description = "set port for ${service} (default: ${toString cfg.port}";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "${service}.${homelab.base_domain}";
+      description = "set domain for ${service}";
+    };
+    data_dir = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/${service}";
+      description = "set data directory for ${service}";
+    };
+    ids = lib.mkOption {
+      type = lib.types.int;
+      default = cfg.port;
+      description = "set uid and pid of ${service} user (matches port by default)";
+    };
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for ${service}";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # declare ${service} group
+    #    users.groups.${service} = {
+    #      gid = lib.mkForce cfg.ids;
+    #    };
+    #
+    #    # declare ${service} user
+    #    users.users.${service} = {
+    #      description = "${service} server user";
+    #      uid = lib.mkForce cfg.ids;
+    #      isSystemUser = true;
+    #      home = cfg.data_dir;
+    #      createHome = true;
+    #      group = service;
+    #      extraGroups = [];
+    #    };
+
+    # enable the ${service} service
+    services.postfix = {
+      enable = true;
+      relayHost = "smtp.gmail.com";
+      relayPort = cfg.port;
+      config = {
+        #smtp_use_tls = "yes";
+        smtp_tls_security_level = "may";
+        smtp_sasl_auth_enable = "yes";
+        smtp_sasl_security_options = "";
+        smtp_sasl_password_maps = "texthash:${config.sops.secrets."postfix_passwd".path}";
+        # optional: Forward mails to root (e.g. from cron jobs, smartd)
+        # to me privately and to my work email:
+        virtual_alias_maps = "inline:{ {root=me@blakedheld.xyz, throwedspam@gmail.com} }";
+      };
+    };
+
+    # override umask to make permissions work out
+    #    systemd.services.${service}.serviceConfig = {
+    #  UMask = lib.mkForce "0007";
+      #      User = service;
+      #      Group = service;
+    #};
+
+   # open firewall
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    sops.secrets = {
+      "${service}_passwd" = {
+        owner = config.services.postfix.user;
+        group = config.services.postfix.group;
+      };
+    };
+
+    # add to backups
+    homelab.backups.baks = {
+      ${service} = {
+        paths = [cfg.data_dir];
+      };
+    };
+  };
+}