[perso/Immae/Config/Nix.git] / modules / private / websites / tools / mail / default.nix

{ lib, pkgs, config,  ... }:
let
  roundcubemail = pkgs.callPackage ./roundcubemail.nix {
    inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
    env = config.myEnv.tools.roundcubemail;
  };
  rainloop = pkgs.callPackage ./rainloop.nix {
    rainloop = pkgs.rainloop-community;
  };
  cfg = config.myServices.websites.tools.email;
  pcfg = config.services.phpfpm.pools;
in
{
  options.myServices.websites.tools.email = {
    enable = lib.mkEnableOption "enable email website";
  };

  imports = [
    ./mta-sts.nix
  ];

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.mail.excludeFile = ''
      + ${rainloop.varDir}
      + ${roundcubemail.varDir}
      '';
    secrets.keys = roundcubemail.keys;

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ rainloop.apache.modules
      ++ roundcubemail.apache.modules;

    services.websites.env.tools.vhostConfs.mail = {
      certName   = "mail";
      addToCerts = true;
      hosts      = ["mail.immae.eu"];
      root       = "/run/current-system/webapps/_mail";
      extraConfig = [
        (rainloop.apache.vhostConf pcfg.rainloop.socket)
        (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
        ''
          <Directory /run/current-system/webapps/_mail>
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };
    systemd.services = {
      phpfpm-rainloop = {
        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
        wants = rainloop.phpFpm.serviceDeps;
      };
      phpfpm-roundcubemail = {
        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
        wants = roundcubemail.phpFpm.serviceDeps;
      };
    };

    services.phpfpm.pools.roundcubemail = {
      user = "wwwrun";
      group = "wwwrun";
      settings = roundcubemail.phpFpm.pool;
      phpOptions = config.services.phpfpm.phpOptions + ''
        date.timezone = 'CET'
      '';
      phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.imagick ]);
    };
    services.phpfpm.pools.rainloop = {
      user = "wwwrun";
      group = "wwwrun";
      settings = rainloop.phpFpm.pool;
      phpPackage = pkgs.php72;
    };
    system.activationScripts = {
      roundcubemail = roundcubemail.activationScript;
      rainloop = rainloop.activationScript;
    };

    services.websites.webappDirs = {
      _mail = ./www;
      "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
      "${rainloop.apache.webappName}" = rainloop.webRoot;
    };

  };

}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
afcc5de0 IB	2	let
	3	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	4	inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
ab8f306d	5	env = config.myEnv.tools.roundcubemail;
afcc5de0	6	};
dcac3ec7 IB	7	rainloop = pkgs.callPackage ./rainloop.nix {
	8	rainloop = pkgs.rainloop-community;
	9	};
afcc5de0	10	cfg = config.myServices.websites.tools.email;
5400b9b6	11	pcfg = config.services.phpfpm.pools;
afcc5de0 IB	12	in
	13	{
	14	options.myServices.websites.tools.email = {
	15	enable = lib.mkEnableOption "enable email website";
	16	};
	17
	18	imports = [
	19	./mta-sts.nix
	20	];
	21
	22	config = lib.mkIf cfg.enable {
d2e703c5	23	services.duplyBackup.profiles.mail.excludeFile = ''
6a8252b1 IB	24	+ ${rainloop.varDir}
	25	+ ${roundcubemail.varDir}
	26	'';
afcc5de0 IB	27	secrets.keys = roundcubemail.keys;
	28
	29	services.websites.env.tools.modules =
	30	[ "proxy_fcgi" ]
	31	++ rainloop.apache.modules
	32	++ roundcubemail.apache.modules;
	33
	34	services.websites.env.tools.vhostConfs.mail = {
	35	certName = "mail";
	36	addToCerts = true;
	37	hosts = ["mail.immae.eu"];
	38	root = "/run/current-system/webapps/_mail";
	39	extraConfig = [
5400b9b6 IB	40	(rainloop.apache.vhostConf pcfg.rainloop.socket)
5400b9b6 IB	41	(roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
afcc5de0 IB	42	''
	43	<Directory /run/current-system/webapps/_mail>
	44	Require all granted
	45	Options -Indexes
	46	</Directory>
	47	''
	48	];
	49	};
	50	systemd.services = {
	51	phpfpm-rainloop = {
	52	after = lib.mkAfter rainloop.phpFpm.serviceDeps;
	53	wants = rainloop.phpFpm.serviceDeps;
	54	};
	55	phpfpm-roundcubemail = {
	56	after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
	57	wants = roundcubemail.phpFpm.serviceDeps;
	58	};
	59	};
	60
	61	services.phpfpm.pools.roundcubemail = {
5400b9b6 IB	62	user = "wwwrun";
	63	group = "wwwrun";
	64	settings = roundcubemail.phpFpm.pool;
dcac3ec7 IB	65	phpOptions = config.services.phpfpm.phpOptions + ''
dcac3ec7 IB	66	date.timezone = 'CET'
dcac3ec7	67	'';
f5761aac	68	phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.imagick ]);
afcc5de0	69	};
441da8aa	70	services.phpfpm.pools.rainloop = {
5400b9b6 IB	71	user = "wwwrun";
	72	group = "wwwrun";
	73	settings = rainloop.phpFpm.pool;
dcac3ec7	74	phpPackage = pkgs.php72;
afcc5de0 IB	75	};
	76	system.activationScripts = {
	77	roundcubemail = roundcubemail.activationScript;
	78	rainloop = rainloop.activationScript;
	79	};
	80
d3452fc5	81	services.websites.webappDirs = {
afcc5de0 IB	82	_mail = ./www;
	83	"${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
	84	"${rainloop.apache.webappName}" = rainloop.webRoot;
	85	};
	86
	87	};
	88
	89	}