1 { lib, pkgs, config, ... }:
3 sieve_bin = pkgs.runCommand "sieve_bin" {
4 buildInputs = [ pkgs.makeWrapper ];
6 cp -a ${./sieve_bin} $out
10 wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils ]}
15 config = lib.mkIf config.myServices.mail.enable {
16 systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
17 secrets.keys."dovecot/ldap" = {
18 user = config.services.dovecot2.user;
19 group = config.services.dovecot2.group;
22 hosts = ${config.myEnv.mail.dovecot.ldap.host}
25 dn = ${config.myEnv.mail.dovecot.ldap.dn}
26 dnpass = ${config.myEnv.mail.dovecot.ldap.password}
32 base = ${config.myEnv.mail.dovecot.ldap.base}
35 pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
36 pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
38 user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
39 user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
40 iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
41 iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
47 uid = config.ids.uids.vhost;
49 users.groups.vhost.gid = config.ids.gids.vhost;
50 users.users."${config.services.dovecot2.user}".extraGroups = [ "acme" ];
52 # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
59 protocols = [ "sieve" ];
61 pkgs.dovecot_pigeonhole
62 pkgs.dovecot_fts_xapian
66 createMailUser = false;
68 Trash = { auto = "subscribe"; specialUse = "Trash"; };
69 Junk = { auto = "subscribe"; specialUse = "Junk"; };
70 Sent = { auto = "subscribe"; specialUse = "Sent"; };
71 Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
73 mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
74 sslServerCert = "/etc/dovecot/fullchain.pem";
75 sslServerKey = "/var/lib/acme/mail/key.pem";
76 sslCACert = "/etc/dovecot/fullchain.pem";
77 extraConfig = builtins.concatStringsSep "\n" [
78 # For printer which doesn’t support elliptic curve
80 ssl_alt_cert = </etc/dovecot/fullchain-rsa.pem
81 ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
85 postmaster_address = postmaster@immae.eu
86 mail_attribute_dict = file:%h/dovecot-attributes
87 imap_idle_notify_interval = 20 mins
98 mail_plugins = $mail_plugins acl
100 acl = vfile:${pkgs.writeText "dovecot-acl" ''
103 acl_globals_only = yes
109 # needs to be bigger than any mailbox size
110 default_vsz_limit = 2GB
111 mail_plugins = $mail_plugins fts fts_xapian
113 plugin = fts fts_xapian
115 fts_xapian = partial=2 full=20
117 fts_autoindex_exclude = \Junk
118 fts_autoindex_exclude2 = \Trash
119 fts_autoindex_exclude3 = Virtual/*
124 # https://docs.iredmail.org/dovecot.imapsieve.html
126 # imap_sieve plugin added below
129 sieve_plugins = sieve_imapsieve sieve_extprograms
130 imapsieve_url = sieve://127.0.0.1:4190
132 sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
134 # From elsewhere to Junk folder
135 imapsieve_mailbox1_name = Junk
136 imapsieve_mailbox1_causes = COPY APPEND
137 imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
139 # From Junk folder to elsewhere
140 imapsieve_mailbox2_name = *
141 imapsieve_mailbox2_from = Junk
142 imapsieve_mailbox2_causes = COPY
143 imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
145 # From anywhere to NoJunk folder
146 imapsieve_mailbox3_name = NoJunk
147 imapsieve_mailbox3_causes = COPY APPEND
148 imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
150 sieve_pipe_bin_dir = ${sieve_bin}
152 sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
160 inet_listener imaps {
166 inet_listener pop3s {
174 unix_listener auth-userdb {
176 unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
180 service auth-worker {
187 unix_listener stats-reader {
192 unix_listener stats-writer {
202 first_valid_uid = ${toString config.ids.uids.vhost}
203 disable_plaintext_auth = yes
206 args = ${config.secrets.fullPaths."dovecot/ldap"}
210 args = ${config.secrets.fullPaths."dovecot/ldap"}
216 mail_plugins = $mail_plugins zlib
226 sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
228 service managesieve-login {
230 service managesieve {
236 mail_plugins = $mail_plugins virtual
239 location = virtual:~/Virtual
243 # Protocol specific configuration
244 # Needs to come last if there are mail_plugins entries
247 mail_plugins = $mail_plugins imap_sieve imap_acl
250 mail_plugins = $mail_plugins sieve
255 networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
256 system.activationScripts.dovecot = {
259 install -m 0755 -o vhost -g vhost -d /var/lib/vhost
263 services.cron.systemCronJobs = let
264 cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
265 ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
266 ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
267 ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
271 "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
273 security.acme.certs."mail-rsa" = {
275 systemctl restart dovecot2.service
277 extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
279 security.acme.certs."mail" = {
281 systemctl restart dovecot2.service
283 extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];