nixos/pfix-srsd: migrate postfix integration from postfix module

The postfix module is too big to host every individual integration option
and moving it here has no downside.

nixos/doc/manual/release-notes/rl-2511.section.md

@@ -122,6 +122,8 @@
 
 - `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option.
 
+- `services.pfix-srsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.pfix-srsd.configurePostfix](#opt-services.pfix-srsd.configurePostfix) option.
+
 - `services.monero` now includes the `environmentFile` option for adding secrets to the Monero daemon config.
 
 - `amdgpu` kernel driver overdrive mode can now be enabled by setting [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable) and customized through [hardware.amdgpu.overdrive.ppfeaturemask](#opt-hardware.amdgpu.overdrive.ppfeaturemask).

nixos/modules/services/mail/pfix-srsd.nix

@@ -4,6 +4,10 @@
   pkgs,
   ...
 }:
+
+let
+  cfg = config.services.pfix-srsd;
+in
 {
 
   ###### interface
@@ -32,12 +36,30 @@
         type = lib.types.path;
         default = "/var/lib/pfix-srsd/secrets";
       };
+
+      configurePostfix = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = ''
+          Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
+        '';
+      };
     };
   };
 
   ###### implementation
 
-  config = lib.mkIf config.services.pfix-srsd.enable {
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {
+      services.postfix.config = {
+        sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
+        sender_canonical_classes = [ "envelope_sender" ];
+        recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
+        recipient_canonical_classes = [ "envelope_recipient" ];
+      };
+    })
+
+    (lib.mkIf cfg.enable {
       environment = {
         systemPackages = [ pkgs.pfixtools ];
       };
@@ -54,5 +76,6 @@
           ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
         };
       };
-  };
+    })
+  ];
 }

nixos/modules/services/mail/postfix.nix

@@ -785,12 +785,6 @@ in
         description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
       };
 
-      useSrs = lib.mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = "Whether to enable sender rewriting scheme";
-      };
-
     };
 
   };
@@ -808,8 +802,6 @@ in
           systemPackages = [ pkgs.postfix ];
         };
 
-        services.pfix-srsd.enable = config.services.postfix.useSrs;
-
         services.mail.sendmailSetuidWrapper = lib.mkIf config.services.postfix.setSendmail {
           program = "sendmail";
           source = "${pkgs.postfix}/bin/sendmail";
@@ -1002,12 +994,6 @@ in
             ] ++ lib.optional haveAliases "$alias_maps";
           }
           // lib.optionalAttrs (cfg.dnsBlacklists != [ ]) { smtpd_client_restrictions = clientRestrictions; }
-          // lib.optionalAttrs cfg.useSrs {
-            sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];
-            sender_canonical_classes = [ "envelope_sender" ];
-            recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];
-            recipient_canonical_classes = [ "envelope_recipient" ];
-          }
           // lib.optionalAttrs cfg.enableHeaderChecks {
             header_checks = [ "regexp:/etc/postfix/header_checks" ];
           }
@@ -1190,5 +1176,6 @@ in
       [ "services" "postfix" "config" "smtp_tls_security_level" ]
       (config: lib.mkIf config.services.postfix.useDane "dane")
     )
+    (lib.mkRenamedOptionModule [ "services" "postfix" "useSrs" ] [ "services" "pfix-srsd" "enable" ])
   ];
 }