1 { lib, pkgs, config, myconfig, ... }:
3 sieve_bin = pkgs.runCommand "sieve_bin" {
4 buildInputs = [ pkgs.makeWrapper ];
6 cp -a ${./sieve_bin} $out
10 wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils ]}
15 config.secrets.keys = [
17 dest = "dovecot/ldap";
18 user = config.services.dovecot2.user;
19 group = config.services.dovecot2.group;
22 hosts = ${myconfig.env.mail.dovecot.ldap.host}
25 dn = ${myconfig.env.mail.dovecot.ldap.dn}
26 dnpass = ${myconfig.env.mail.dovecot.ldap.password}
32 base = ${myconfig.env.mail.dovecot.ldap.base}
35 user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
36 pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
38 user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
39 pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
44 config.users.users.vhost = {
46 uid = config.ids.uids.vhost;
48 config.users.groups.vhost.gid = config.ids.gids.vhost;
50 # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
51 config.services.dovecot2 = {
57 protocols = [ "sieve" ];
59 pkgs.dovecot_pigeonhole
60 pkgs.dovecot_fts-xapian
64 createMailUser = false;
66 { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; }
67 { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; }
68 { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; }
69 { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
71 mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
72 sslServerCert = "/var/lib/acme/mail/fullchain.pem";
73 sslServerKey = "/var/lib/acme/mail/key.pem";
74 sslCACert = "/var/lib/acme/mail/fullchain.pem";
75 extraConfig = builtins.concatStringsSep "\n" [
77 postmaster_address = postmaster@immae.eu
78 mail_attribute_dict = file:%h/dovecot-attributes
79 imap_idle_notify_interval = 20 mins
90 # needs to be bigger than any mailbox size
91 default_vsz_limit = 2GB
92 mail_plugins = $mail_plugins fts fts_xapian
94 plugin = fts fts_xapian
96 fts_xapian = partial=2 full=20
98 fts_autoindex_exclude = \Junk
99 fts_autoindex_exclude2 = \Trash
100 fts_autoindex_exclude3 = Virtual/*
105 # https://docs.iredmail.org/dovecot.imapsieve.html
107 # imap_sieve plugin added below
110 sieve_plugins = sieve_imapsieve sieve_extprograms
111 imapsieve_url = sieve://127.0.0.1:4190
113 # From elsewhere to Junk folder
114 imapsieve_mailbox1_name = Junk
115 imapsieve_mailbox1_causes = COPY APPEND
116 imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
118 # From Junk folder to elsewhere
119 imapsieve_mailbox2_name = *
120 imapsieve_mailbox2_from = Junk
121 imapsieve_mailbox2_causes = COPY
122 imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
124 sieve_pipe_bin_dir = ${sieve_bin}
126 sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
134 inet_listener imaps {
140 inet_listener pop3s {
148 unix_listener auth-userdb {
150 unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
154 service auth-worker {
161 unix_listener stats-reader {
166 unix_listener stats-writer {
176 first_valid_uid = ${toString config.ids.uids.vhost}
177 disable_plaintext_auth = yes
180 args = ${config.secrets.fullPaths."dovecot/ldap"}
184 args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
190 mail_plugins = $mail_plugins zlib
200 sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
202 service managesieve-login {
204 service managesieve {
210 mail_plugins = $mail_plugins virtual
213 location = virtual:~/Virtual
217 # Protocol specific configuration
218 # Needs to come last if there are mail_plugins entries
221 mail_plugins = $mail_plugins imap_sieve
224 mail_plugins = $mail_plugins sieve
229 config.networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
230 config.system.activationScripts.dovecot = {
233 install -m 0755 -o vhost -g vhost -d /var/lib/vhost
237 config.security.acme.certs."mail" = {
239 systemctl restart dovecot2.service
242 "imap.immae.eu" = null;
243 "pop3.immae.eu" = null;