From bce63e4dff4f770879359d7e61791ba03c6bd89f Mon Sep 17 00:00:00 2001 From: paumr Date: Wed, 7 Aug 2019 00:32:54 +0200 Subject: [PATCH] msmtp: add account option `tls.fingerprint` --- modules/programs/msmtp-accounts.nix | 11 +++++++++++ modules/programs/msmtp.nix | 3 +++ 2 files changed, 14 insertions(+) diff --git a/modules/programs/msmtp-accounts.nix b/modules/programs/msmtp-accounts.nix index fedddb69..277710f4 100644 --- a/modules/programs/msmtp-accounts.nix +++ b/modules/programs/msmtp-accounts.nix @@ -22,6 +22,17 @@ with lib; ''; }; + tls.fingerprint = mkOption { + type = types.nullOr (types.strMatching "([[:alnum:]]{2}\:)+[[:alnum:]]{2}"); + default = null; + example = "my:SH:a2:56:ha:sh"; + description = '' + Fingerprint of a trusted TLS certificate. + The fingerprint can be obtained by executing + msmtp --serverinfo --tls --tls-certcheck=off. + ''; + }; + extraConfig = mkOption { type = types.attrsOf types.str; default = { }; diff --git a/modules/programs/msmtp.nix b/modules/programs/msmtp.nix index eff2019c..1ff3139e 100644 --- a/modules/programs/msmtp.nix +++ b/modules/programs/msmtp.nix @@ -24,6 +24,9 @@ let tls_starttls = onOff smtp.tls.useStartTls; tls_trust_file = smtp.tls.certificatesFile; } + // optionalAttrs (msmtp.tls.fingerprint != null) { + tls_fingerprint = msmtp.tls.fingerprint; + } // optionalAttrs (smtp.port != null) { port = toString smtp.port; }