X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fmail%2Fdovecot.nix;h=9c9cd7cc67f87ebb810177b5e1c61fdfdb6ef306;hb=1cf1f9162bd4556858a0190eee5bfd7ba0f7bb4c;hp=a1282e3def28da74253b494669a595dd86ab6e46;hpb=d006558dead086db86daa9e8fa51e95ad8dc59cf;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/systems/eldiron/mail/dovecot.nix b/systems/eldiron/mail/dovecot.nix index a1282e3..9c9cd7c 100644 --- a/systems/eldiron/mail/dovecot.nix +++ b/systems/eldiron/mail/dovecot.nix @@ -44,6 +44,19 @@ in }; }; systemd.services.dovecot2.serviceConfig.Slice = "mail.slice"; + secrets.keys."dovecot/sql" = { + user = config.services.dovecot2.user; + group = config.services.dovecot2.group; + permissions = "0400"; + text = '' + driver = mysql + connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password} + password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \ + FROM forwardings WHERE \ + ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \ + AND active = 1 + ''; + }; secrets.keys."dovecot/ldap" = { user = config.services.dovecot2.user; group = config.services.dovecot2.group; @@ -81,7 +94,7 @@ in nixpkgs.overlays = [ (self: super: { - dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; }; + dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; }; }) ]; @@ -237,6 +250,10 @@ in '' first_valid_uid = ${toString config.ids.uids.vhost} disable_plaintext_auth = yes + passdb { + driver = sql + args = ${config.secrets.fullPaths."dovecot/sql"} + } passdb { driver = ldap args = ${config.secrets.fullPaths."dovecot/ldap"}