]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { | |
4 | roundcubemail = pkgs.webapps-roundcubemail; | |
5 | env = config.myEnv.tools.roundcubemail; | |
6 | inherit config; | |
7 | }; | |
8 | rainloop = pkgs.callPackage ./rainloop.nix { | |
9 | rainloop = pkgs.rainloop-community; | |
10 | }; | |
11 | cfg = config.myServices.websites.tools.email; | |
12 | pcfg = config.services.phpfpm.pools; | |
13 | in | |
14 | { | |
15 | options.myServices.websites.tools.email = { | |
16 | enable = lib.mkEnableOption "enable email website"; | |
17 | }; | |
18 | ||
19 | imports = [ | |
20 | ./mta-sts.nix | |
21 | ]; | |
22 | ||
23 | config = lib.mkIf cfg.enable { | |
24 | #myServices.chatonsProperties.services.mail-rainloop = { | |
25 | # file.datetime = "2022-08-22T00:30:00"; | |
26 | # service = { | |
27 | # name = "Rainloop"; | |
28 | # description = "Simple, modern & fast web-based email client"; | |
29 | # website = "https://mail.immae.eu/rainloop"; | |
30 | # logo = "https://www.rainloop.net/static/img/logo-16x16.png"; | |
31 | # status.level = "ERROR"; | |
32 | # status.description = "Stopped due to CVE-2022-29360"; | |
33 | # registration."" = ["MEMBER" "CLIENT"]; | |
34 | # registration.load = "OPEN"; | |
35 | # install.type = "PACKAGE"; | |
36 | # }; | |
37 | # software = { | |
38 | # name = "Rainloop"; | |
39 | # website = "https://www.rainloop.net/"; | |
40 | # license.url = "https://www.rainloop.net/licensing/"; | |
41 | # license.name = "GNU Affero General Public License v3.0"; | |
42 | # version = rainloop.webRoot.version; | |
43 | # source.url = "https://github.com/RainLoop/rainloop-webmail"; | |
44 | # }; | |
45 | #}; | |
46 | #myServices.chatonsProperties.services.mail-roundcube = { | |
47 | # file.datetime = "2022-08-22T00:30:00"; | |
48 | # service = { | |
49 | # name = "Roundcube"; | |
50 | # description = "The Roundcube Webmail suite"; | |
51 | # website = "https://mail.immae.eu/roundcube"; | |
52 | # logo = "https://mail.immae.eu/roundcube/skins/elastic/images/favicon.ico"; | |
53 | # status.level = "OK"; | |
54 | # status.description = "OK"; | |
55 | # registration."" = ["MEMBER" "CLIENT"]; | |
56 | # registration.load = "OPEN"; | |
57 | # install.type = "PACKAGE"; | |
58 | # }; | |
59 | # software = { | |
60 | # name = "Roundcube"; | |
61 | # website = "https://roundcube.net/"; | |
62 | # license.url = "https://github.com/roundcube/roundcubemail/blob/master/LICENSE"; | |
63 | # license.name = "GNU General Public License v3.0"; | |
64 | # version = roundcubemail.webRoot.version; | |
65 | # source.url = "https://github.com/roundcube/roundcubemail"; | |
66 | # modules = map (a: a.pluginName) roundcubemail.webRoot.plugins ++ map (a: a.skinName) roundcubemail.webRoot.skins; | |
67 | # }; | |
68 | #}; | |
69 | ||
70 | myServices.dns.zones."immae.eu".subdomains.mail = | |
71 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | |
72 | ||
73 | secrets.keys = roundcubemail.keys; | |
74 | ||
75 | services.websites.env.tools.modules = | |
76 | [ "proxy_fcgi" ] | |
77 | ++ rainloop.apache.modules | |
78 | ++ roundcubemail.apache.modules; | |
79 | ||
80 | security.acme.certs.mail.extraDomainNames = [ "mail.immae.eu" ]; | |
81 | services.websites.env.tools.vhostConfs.mail = { | |
82 | certName = "mail"; | |
83 | hosts = ["mail.immae.eu"]; | |
84 | root = ./www; | |
85 | extraConfig = [ | |
86 | (rainloop.apache.vhostConf pcfg.rainloop.socket) | |
87 | (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket) | |
88 | '' | |
89 | <Directory ${./www}> | |
90 | Require all granted | |
91 | Options -Indexes | |
92 | </Directory> | |
93 | '' | |
94 | ]; | |
95 | }; | |
96 | systemd.services = { | |
97 | phpfpm-rainloop = { | |
98 | after = lib.mkAfter rainloop.phpFpm.serviceDeps; | |
99 | wants = rainloop.phpFpm.serviceDeps; | |
100 | }; | |
101 | phpfpm-roundcubemail = { | |
102 | after = lib.mkAfter roundcubemail.phpFpm.serviceDeps; | |
103 | wants = roundcubemail.phpFpm.serviceDeps; | |
104 | }; | |
105 | }; | |
106 | ||
107 | services.phpfpm.pools.roundcubemail = { | |
108 | user = "wwwrun"; | |
109 | group = "wwwrun"; | |
110 | settings = roundcubemail.phpFpm.pool; | |
111 | phpOptions = config.services.phpfpm.phpOptions + '' | |
112 | date.timezone = 'CET' | |
113 | ''; | |
114 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]); | |
115 | }; | |
116 | services.phpfpm.pools.rainloop = { | |
117 | user = "wwwrun"; | |
118 | group = "wwwrun"; | |
119 | settings = rainloop.phpFpm.pool; | |
120 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); | |
121 | }; | |
122 | system.activationScripts = { | |
123 | roundcubemail = roundcubemail.activationScript; | |
124 | rainloop = rainloop.activationScript; | |
125 | }; | |
126 | myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; | |
127 | myServices.monitoring.fromMasterObjects.service = [ | |
128 | { | |
129 | service_description = "roundcube website is running on mail.immae.eu"; | |
130 | host_name = config.hostEnv.fqdn; | |
131 | use = "external-web-service"; | |
132 | check_command = ["check_https" "mail.immae.eu" "/roundcube/" "<title>Roundcube"]; | |
133 | ||
134 | servicegroups = "webstatus-webapps,webstatus-email"; | |
135 | _webstatus_name = "Roundcube"; | |
136 | _webstatus_url = "https://mail.immae.eu/roundcube/"; | |
137 | } | |
138 | ]; | |
139 | }; | |
140 | ||
141 | } |