+ sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
+
+ # From elsewhere to Junk folder
+ imapsieve_mailbox1_name = Junk
+ imapsieve_mailbox1_causes = COPY APPEND
+ imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
+ # From Junk folder to elsewhere
+ imapsieve_mailbox2_name = *
+ imapsieve_mailbox2_from = Junk
+ imapsieve_mailbox2_causes = COPY
+ imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
+ # From anywhere to NoJunk folder
+ imapsieve_mailbox3_name = NoJunk
+ imapsieve_mailbox3_causes = COPY APPEND
+ imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
+ sieve_pipe_bin_dir = ${sieve_bin}
+
+ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
+ }
+ ''
+ # Services to listen
+ ''
+ service imap-login {
+ inet_listener imap {
+ }
+ inet_listener imaps {
+ }
+ }
+ service pop3-login {
+ inet_listener pop3 {
+ }
+ inet_listener pop3s {
+ }
+ }
+ service imap {
+ }
+ service pop3 {
+ }
+ service auth {
+ unix_listener auth-userdb {
+ }
+ unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
+ mode = 0666
+ }
+ }
+ service auth-worker {
+ }
+ service dict {
+ unix_listener dict {
+ }
+ }
+ service stats {
+ unix_listener stats-reader {
+ user = vhost
+ group = vhost
+ mode = 0660
+ }
+ unix_listener stats-writer {
+ user = vhost
+ group = vhost
+ mode = 0660
+ }
+ }
+ ''
+
+ # Authentification
+ ''
+ first_valid_uid = ${toString config.ids.uids.vhost}
+ disable_plaintext_auth = yes
+ passdb {
+ driver = ldap
+ args = ${config.secrets.fullPaths."dovecot/ldap"}
+ }
+ userdb {
+ driver = ldap
+ args = ${config.secrets.fullPaths."dovecot/ldap"}
+ }
+ ''
+
+ # Zlib
+ ''
+ mail_plugins = $mail_plugins zlib
+ plugin {
+ zlib_save_level = 6
+ zlib_save = gz
+ }
+ ''
+
+ # Sieve
+ ''
+ plugin {
+ sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
+ }
+ service managesieve-login {
+ }
+ service managesieve {
+ }
+ ''
+
+ # Virtual mailboxes
+ ''
+ mail_plugins = $mail_plugins virtual
+ namespace Virtual {
+ prefix = Virtual/
+ location = virtual:~/Virtual
+ }
+ ''
+
+ # Protocol specific configuration
+ # Needs to come last if there are mail_plugins entries
+ ''
+ protocol imap {
+ mail_plugins = $mail_plugins imap_sieve imap_acl
+ }
+ protocol lda {
+ mail_plugins = $mail_plugins sieve
+ }
+ ''
+ ];
+ };
+ networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
+ system.activationScripts.dovecot = {
+ deps = [ "users" ];
+ text =''
+ install -m 0755 -o vhost -g vhost -d /var/lib/vhost
+ '';
+ };
+
+ services.cron.systemCronJobs = let
+ cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
+ ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+ ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+ ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+ '';
+ in
+ [
+ "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
+ ];
+ security.acme.certs."mail-rsa" = {
+ postRun = ''
+ systemctl restart dovecot2.service
+ '';
+ extraDomains = {
+ "imap.immae.eu" = null;
+ "pop3.immae.eu" = null;
+ };
+ };
+ security.acme.certs."mail" = {
+ postRun = ''
+ systemctl restart dovecot2.service
+ '';
+ extraDomains = {
+ "imap.immae.eu" = null;
+ "pop3.immae.eu" = null;
+ };