systems/eldiron/websites/mail/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   roundcubemail = pkgs.callPackage ./roundcubemail.nix {
   4     roundcubemail = pkgs.webapps-roundcubemail;
   5     env = config.myEnv.tools.roundcubemail;
   6     inherit config;
   7   };
   8   rainloop = pkgs.callPackage ./rainloop.nix {
   9     rainloop = pkgs.rainloop-community;
  10   };
  11   cfg = config.myServices.websites.tools.email;
  12   pcfg = config.services.phpfpm.pools;
  13 in
  14 {
  15   options.myServices.websites.tools.email = {
  16     enable = lib.mkEnableOption "enable email website";
  17   };
  18
  19   imports = [
  20     ./mta-sts.nix
  21   ];
  22
  23   config = lib.mkIf cfg.enable {
  24     #myServices.chatonsProperties.services.mail-rainloop = {
  25     #  file.datetime = "2022-08-22T00:30:00";
  26     #  service = {
  27     #    name = "Rainloop";
  28     #    description = "Simple, modern & fast web-based email client";
  29     #    website = "https://mail.immae.eu/rainloop";
  30     #    logo = "https://www.rainloop.net/static/img/logo-16x16.png";
  31     #    status.level = "ERROR";
  32     #    status.description = "Stopped due to CVE-2022-29360";
  33     #    registration."" = ["MEMBER" "CLIENT"];
  34     #    registration.load = "OPEN";
  35     #    install.type = "PACKAGE";
  36     #  };
  37     #  software = {
  38     #    name = "Rainloop";
  39     #    website = "https://www.rainloop.net/";
  40     #    license.url = "https://www.rainloop.net/licensing/";
  41     #    license.name = "GNU Affero General Public License v3.0";
  42     #    version = rainloop.webRoot.version;
  43     #    source.url = "https://github.com/RainLoop/rainloop-webmail";
  44     #  };
  45     #};
  46     #myServices.chatonsProperties.services.mail-roundcube = {
  47     #  file.datetime = "2022-08-22T00:30:00";
  48     #  service = {
  49     #    name = "Roundcube";
  50     #    description = "The Roundcube Webmail suite";
  51     #    website = "https://mail.immae.eu/roundcube";
  52     #    logo = "https://mail.immae.eu/roundcube/skins/elastic/images/favicon.ico";
  53     #    status.level = "OK";
  54     #    status.description = "OK";
  55     #    registration."" = ["MEMBER" "CLIENT"];
  56     #    registration.load = "OPEN";
  57     #    install.type = "PACKAGE";
  58     #  };
  59     #  software = {
  60     #    name = "Roundcube";
  61     #    website = "https://roundcube.net/";
  62     #    license.url = "https://github.com/roundcube/roundcubemail/blob/master/LICENSE";
  63     #    license.name = "GNU General Public License v3.0";
  64     #    version = roundcubemail.webRoot.version;
  65     #    source.url = "https://github.com/roundcube/roundcubemail";
  66     #    modules = map (a: a.pluginName) roundcubemail.webRoot.plugins ++ map (a: a.skinName) roundcubemail.webRoot.skins;
  67     #  };
  68     #};
  69
  70     myServices.dns.zones."immae.eu".subdomains.mail =
  71       with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
  72
  73     secrets.keys = roundcubemail.keys;
  74
  75     services.websites.env.tools.modules =
  76       [ "proxy_fcgi" ]
  77       ++ rainloop.apache.modules
  78       ++ roundcubemail.apache.modules;
  79
  80     security.acme.certs.mail.extraDomainNames = [ "mail.immae.eu" ];
  81     services.websites.env.tools.vhostConfs.mail = {
  82       certName   = "mail";
  83       hosts      = ["mail.immae.eu"];
  84       root       = ./www;
  85       extraConfig = [
  86         (rainloop.apache.vhostConf pcfg.rainloop.socket)
  87         (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
  88         ''
  89           <Directory ${./www}>
  90             Require all granted
  91             Options -Indexes
  92           </Directory>
  93         ''
  94       ];
  95     };
  96     systemd.services = {
  97       phpfpm-rainloop = {
  98         after = lib.mkAfter rainloop.phpFpm.serviceDeps;
  99         wants = rainloop.phpFpm.serviceDeps;
 100       };
 101       phpfpm-roundcubemail = {
 102         after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
 103         wants = roundcubemail.phpFpm.serviceDeps;
 104       };
 105     };
 106
 107     services.phpfpm.pools.roundcubemail = {
 108       user = "wwwrun";
 109       group = "wwwrun";
 110       settings = roundcubemail.phpFpm.pool;
 111       phpOptions = config.services.phpfpm.phpOptions + ''
 112         date.timezone = 'CET'
 113       '';
 114       phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]);
 115     };
 116     services.phpfpm.pools.rainloop = {
 117       user = "wwwrun";
 118       group = "wwwrun";
 119       settings = rainloop.phpFpm.pool;
 120       phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
 121     };
 122     system.activationScripts = {
 123       roundcubemail = roundcubemail.activationScript;
 124       rainloop = rainloop.activationScript;
 125     };
 126     myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
 127     myServices.monitoring.fromMasterObjects.service = [
 128       {
 129         service_description = "roundcube website is running on mail.immae.eu";
 130         host_name = config.hostEnv.fqdn;
 131         use = "external-web-service";
 132         check_command = ["check_https" "mail.immae.eu" "/roundcube/" "<title>Roundcube"];
 133
 134         servicegroups = "webstatus-webapps,webstatus-email";
 135         _webstatus_name = "Roundcube";
 136         _webstatus_url = "https://mail.immae.eu/roundcube/";
 137       }
 138     ];
 139   };
 140
 141 }