-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
sieve_bin = pkgs.runCommand "sieve_bin" {
buildInputs = [ pkgs.makeWrapper ];
in
{
config = lib.mkIf config.myServices.mail.enable {
+ systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
services.duplyBackup.profiles.mail.excludeFile = ''
+ /var/lib/dhparams
+ /var/lib/dovecot
group = config.services.dovecot2.group;
permissions = "0400";
text = ''
- hosts = ${myconfig.env.mail.dovecot.ldap.host}
+ hosts = ${config.myEnv.mail.dovecot.ldap.host}
tls = yes
- dn = ${myconfig.env.mail.dovecot.ldap.dn}
- dnpass = ${myconfig.env.mail.dovecot.ldap.password}
+ dn = ${config.myEnv.mail.dovecot.ldap.dn}
+ dnpass = ${config.myEnv.mail.dovecot.ldap.password}
auth_bind = yes
ldap_version = 3
- base = ${myconfig.env.mail.dovecot.ldap.base}
+ base = ${config.myEnv.mail.dovecot.ldap.base}
scope = subtree
- user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
- pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
+ pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
+ pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
- user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
- pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
+ user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
+ user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
+ iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
+ iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
'';
}
];
mailUser = "vhost";
mailGroup = "vhost";
createMailUser = false;
- mailboxes = [
- { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; }
- { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; }
- { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; }
- { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
- ];
+ mailboxes = {
+ Trash = { auto = "subscribe"; specialUse = "Trash"; };
+ Junk = { auto = "subscribe"; specialUse = "Junk"; };
+ Sent = { auto = "subscribe"; specialUse = "Sent"; };
+ Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
+ };
mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
sslServerCert = "/var/lib/acme/mail/fullchain.pem";
sslServerKey = "/var/lib/acme/mail/key.pem";
sslCACert = "/var/lib/acme/mail/fullchain.pem";
extraConfig = builtins.concatStringsSep "\n" [
+ # For printer which doesn’t support elliptic curve
+ ''
+ ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
+ ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
+ ''
+
''
postmaster_address = postmaster@immae.eu
mail_attribute_dict = file:%h/dovecot-attributes
}
''
+ # ACL
+ ''
+ mail_plugins = $mail_plugins acl
+ plugin {
+ acl = vfile:${pkgs.writeText "dovecot-acl" ''
+ Backup/* owner lrp
+ ''}
+ acl_globals_only = yes
+ }
+ ''
+
# Full text search
''
# needs to be bigger than any mailbox size
sieve_plugins = sieve_imapsieve sieve_extprograms
imapsieve_url = sieve://127.0.0.1:4190
+ sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
+
# From elsewhere to Junk folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+ # From anywhere to NoJunk folder
+ imapsieve_mailbox3_name = NoJunk
+ imapsieve_mailbox3_causes = COPY APPEND
+ imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
sieve_pipe_bin_dir = ${sieve_bin}
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
args = ${config.secrets.fullPaths."dovecot/ldap"}
}
userdb {
- driver = static
- args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
+ driver = ldap
+ args = ${config.secrets.fullPaths."dovecot/ldap"}
}
''
# Needs to come last if there are mail_plugins entries
''
protocol imap {
- mail_plugins = $mail_plugins imap_sieve
+ mail_plugins = $mail_plugins imap_sieve imap_acl
}
protocol lda {
mail_plugins = $mail_plugins sieve
'';
};
+ services.cron.systemCronJobs = let
+ cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
+ ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+ ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+ ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+ '';
+ in
+ [
+ "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
+ ];
+ security.acme.certs."mail-rsa" = {
+ postRun = ''
+ systemctl restart dovecot2.service
+ '';
+ extraDomains = {
+ "imap.immae.eu" = null;
+ "pop3.immae.eu" = null;
+ };
+ };
security.acme.certs."mail" = {
postRun = ''
systemctl restart dovecot2.service