1 { lib, pkgs, config, ... }:
3 sieve_bin = pkgs.runCommand "sieve_bin" {
4 buildInputs = [ pkgs.makeWrapper ];
6 cp -a ${./sieve_bin} $out
10 wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils ]}
15 config = lib.mkIf config.myServices.mail.enable {
16 myServices.dns.zones."immae.eu".subdomains =
17 with config.myServices.dns.helpers;
19 imap = ips servers.eldiron.ips.main;
20 pop3 = ips servers.eldiron.ips.main;
23 myServices.chatonsProperties.services.email = {
24 file.datetime = "2022-08-22T01:00:00";
26 name = "E-mail account";
27 description = "Compte e-mail avec configuration imap et smtp/pop3";
28 logo = "https://www.dovecot.org/wp-content/uploads/2021/09/favicon.ico";
29 website = "https://mail.immae.eu/";
31 status.description = "OK";
32 registration."" = ["MEMBER" "CLIENT"];
33 registration.load = "OPEN";
34 install.type = "PACKAGE";
38 website = "https://www.dovecot.org/";
39 license.url = "https://github.com/dovecot/core/blob/main/COPYING";
40 license.name = "MIT and LGPLv2.1 Licenses";
41 version = pkgs.dovecot.version;
42 source.url = "https://github.com/dovecot/core";
43 modules = ["roundcube" "rainloop"] ++ map (a: a.pname) config.services.dovecot2.modules;
46 systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
47 secrets.keys."dovecot/sql" = {
48 user = config.services.dovecot2.user;
49 group = config.services.dovecot2.group;
53 connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password}
54 password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \
55 FROM forwardings WHERE \
56 ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \
60 secrets.keys."dovecot/ldap" = {
61 user = config.services.dovecot2.user;
62 group = config.services.dovecot2.group;
65 hosts = ${config.myEnv.mail.dovecot.ldap.host}
68 dn = ${config.myEnv.mail.dovecot.ldap.dn}
69 dnpass = ${config.myEnv.mail.dovecot.ldap.password}
75 base = ${config.myEnv.mail.dovecot.ldap.base}
78 pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
79 pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
81 user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
82 user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
83 iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
84 iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
90 uid = config.ids.uids.vhost;
92 users.groups.vhost.gid = config.ids.gids.vhost;
93 users.users."${config.services.dovecot2.user}".extraGroups = [ "acme" ];
97 dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; };
101 # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
102 services.dovecot2 = {
108 protocols = [ "sieve" ];
110 pkgs.dovecot_pigeonhole
111 pkgs.dovecot_fts_xapian
115 createMailUser = false;
117 Trash = { auto = "subscribe"; specialUse = "Trash"; };
118 Junk = { auto = "subscribe"; specialUse = "Junk"; };
119 Sent = { auto = "subscribe"; specialUse = "Sent"; };
120 Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
122 mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
123 sslServerCert = "/etc/dovecot/fullchain.pem";
124 sslServerKey = "/var/lib/acme/mail/key.pem";
125 sslCACert = "/etc/dovecot/fullchain.pem";
126 extraConfig = builtins.concatStringsSep "\n" [
127 # For printer which doesn’t support elliptic curve
129 ssl_alt_cert = </etc/dovecot/fullchain-rsa.pem
130 ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
134 postmaster_address = postmaster@immae.eu
135 mail_attribute_dict = file:%h/dovecot-attributes
136 imap_idle_notify_interval = 20 mins
147 mail_plugins = $mail_plugins acl
149 acl = vfile:${pkgs.writeText "dovecot-acl" ''
152 acl_globals_only = yes
158 # needs to be bigger than any mailbox size
159 default_vsz_limit = 2GB
160 mail_plugins = $mail_plugins fts fts_xapian
162 plugin = fts fts_xapian
164 fts_xapian = partial=2 full=20
166 fts_autoindex_exclude = \Junk
167 fts_autoindex_exclude2 = \Trash
168 fts_autoindex_exclude3 = Virtual/*
173 # https://docs.iredmail.org/dovecot.imapsieve.html
175 # imap_sieve plugin added below
178 sieve_plugins = sieve_imapsieve sieve_extprograms
179 imapsieve_url = sieve://127.0.0.1:4190
181 sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
183 # From elsewhere to Junk folder
184 imapsieve_mailbox1_name = Junk
185 imapsieve_mailbox1_causes = COPY APPEND
186 imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
188 # From Junk folder to elsewhere
189 imapsieve_mailbox2_name = *
190 imapsieve_mailbox2_from = Junk
191 imapsieve_mailbox2_causes = COPY
192 imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
194 # From anywhere to NoJunk folder
195 imapsieve_mailbox3_name = NoJunk
196 imapsieve_mailbox3_causes = COPY APPEND
197 imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
199 sieve_pipe_bin_dir = ${sieve_bin}
201 sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
209 inet_listener imaps {
215 inet_listener pop3s {
223 unix_listener auth-userdb {
225 unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
229 service auth-worker {
236 unix_listener stats-reader {
241 unix_listener stats-writer {
251 first_valid_uid = ${toString config.ids.uids.vhost}
252 disable_plaintext_auth = yes
255 args = ${config.secrets.fullPaths."dovecot/sql"}
259 args = ${config.secrets.fullPaths."dovecot/ldap"}
263 args = ${config.secrets.fullPaths."dovecot/ldap"}
269 mail_plugins = $mail_plugins zlib
279 sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
281 service managesieve-login {
283 service managesieve {
289 mail_plugins = $mail_plugins virtual
292 location = virtual:~/Virtual
296 # Protocol specific configuration
297 # Needs to come last if there are mail_plugins entries
300 mail_plugins = $mail_plugins imap_sieve imap_acl
303 mail_plugins = $mail_plugins sieve
308 networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
309 system.activationScripts.dovecot = {
312 install -m 0755 -o vhost -g vhost -d /var/lib/vhost
316 services.cron.systemCronJobs = let
317 cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
318 ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
319 ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
320 ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
324 "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
326 security.acme.certs."mail-rsa" = {
328 systemctl restart dovecot2.service
330 extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
332 security.acme.certs."mail" = {
334 systemctl restart dovecot2.service
336 extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
338 myServices.monitoring.fromMasterActivatedPlugins = [ "imap" "tcp" ];
339 myServices.monitoring.fromMasterObjects.service = [
341 service_description = "imap connection works";
342 host_name = config.hostEnv.fqdn;
343 use = "external-service";
344 check_command = "check_imap_connection";
346 servicegroups = "webstatus-remote-services,webstatus-email";
347 _webstatus_name = "IMAP";
348 _webstatus_url = "imap.immae.eu";
352 service_description = "imap SSL is up to date";
353 host_name = config.hostEnv.fqdn;
354 use = "external-service";
355 check_command = ["check_tcp_ssl" "993"];
357 servicegroups = "webstatus-ssl";
358 _webstatus_name = "IMAP";
359 _webstatus_url = "imap.immae.eu";
projects / perso / Immae / Config / Nix.git / blob