Fix printer not supporting elliptic curve keys

[perso/Immae/Config/Nix.git] / modules / private / mail / dovecot.nix

diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
index 6c3b4b8e14660e5087718277d4810f08592128ed..0304b899cb724f7b02e483d3918b8ab9f8ad4087 100644 (file)
--- a/modules/private/mail/dovecot.nix
+++ b/modules/private/mail/dovecot.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config, ... }:
 let
   sieve_bin = pkgs.runCommand "sieve_bin" {
     buildInputs = [ pkgs.makeWrapper ];
@@ -24,26 +24,26 @@ in
         group = config.services.dovecot2.group;
         permissions = "0400";
         text = ''
-          hosts = ${myconfig.env.mail.dovecot.ldap.host}
+          hosts = ${config.myEnv.mail.dovecot.ldap.host}
           tls = yes
 
-          dn = ${myconfig.env.mail.dovecot.ldap.dn}
-          dnpass = ${myconfig.env.mail.dovecot.ldap.password}
+          dn = ${config.myEnv.mail.dovecot.ldap.dn}
+          dnpass = ${config.myEnv.mail.dovecot.ldap.password}
 
           auth_bind = yes
 
           ldap_version = 3
 
-          base = ${myconfig.env.mail.dovecot.ldap.base}
+          base = ${config.myEnv.mail.dovecot.ldap.base}
           scope = subtree
 
-          pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
-          pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
+          pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
+          pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
 
-          user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
-          user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
-          iterate_attrs = ${myconfig.env.mail.dovecot.ldap.iterate_attrs}
-          iterate_filter = ${myconfig.env.mail.dovecot.ldap.iterate_filter}
+          user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
+          user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
+          iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
+          iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
           '';
       }
     ];
@@ -80,6 +80,12 @@ in
       sslServerKey = "/var/lib/acme/mail/key.pem";
       sslCACert = "/var/lib/acme/mail/fullchain.pem";
       extraConfig = builtins.concatStringsSep "\n" [
+        # For printer which doesn’t support elliptic curve
+        ''
+          ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
+          ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
+        ''
+
         ''
           postmaster_address = postmaster@immae.eu
           mail_attribute_dict = file:%h/dovecot-attributes
@@ -92,6 +98,17 @@ in
           }
         ''
 
+        # ACL
+        ''
+          mail_plugins = $mail_plugins acl
+          plugin {
+            acl = vfile:${pkgs.writeText "dovecot-acl" ''
+              Backup/* owner lrp
+              ''}
+            acl_globals_only = yes
+          }
+        ''
+
         # Full text search
         ''
           # needs to be bigger than any mailbox size
@@ -117,6 +134,8 @@ in
             sieve_plugins = sieve_imapsieve sieve_extprograms
             imapsieve_url = sieve://127.0.0.1:4190
 
+            sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
+
             # From elsewhere to Junk folder
             imapsieve_mailbox1_name = Junk
             imapsieve_mailbox1_causes = COPY APPEND
@@ -128,6 +147,11 @@ in
             imapsieve_mailbox2_causes = COPY
             imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
 
+            # From anywhere to NoJunk folder
+            imapsieve_mailbox3_name = NoJunk
+            imapsieve_mailbox3_causes = COPY APPEND
+            imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
             sieve_pipe_bin_dir = ${sieve_bin}
 
             sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
@@ -225,7 +249,7 @@ in
         # Needs to come last if there are mail_plugins entries
         ''
         protocol imap {
-          mail_plugins = $mail_plugins imap_sieve
+          mail_plugins = $mail_plugins imap_sieve imap_acl
         }
         protocol lda {
           mail_plugins = $mail_plugins sieve
@@ -243,14 +267,23 @@ in
 
     services.cron.systemCronJobs = let
       cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
-        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT UID 1:256
-        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w
-        ${pkgs.dovecot}/bin/doveadm search -A MAILBOX Trash NOT FLAGGED BEFORE 4w
+        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
+        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
         '';
       in
       [
         "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
       ];
+    security.acme.certs."mail-rsa" = {
+      postRun = ''
+        systemctl restart dovecot2.service
+      '';
+      extraDomains = {
+        "imap.immae.eu" = null;
+        "pop3.immae.eu" = null;
+      };
+    };
     security.acme.certs."mail" = {
       postRun = ''
         systemctl restart dovecot2.service