'';
in
{
- config.services.backup.profiles.mail.excludeFile = ''
- + /var/lib/dhparams
- + /var/lib/dovecot
- '';
- config.secrets.keys = [
- {
- dest = "dovecot/ldap";
- user = config.services.dovecot2.user;
- group = config.services.dovecot2.group;
- permissions = "0400";
- text = ''
- hosts = ${myconfig.env.mail.dovecot.ldap.host}
- tls = yes
-
- dn = ${myconfig.env.mail.dovecot.ldap.dn}
- dnpass = ${myconfig.env.mail.dovecot.ldap.password}
+ config = lib.mkIf config.myServices.mail.enable {
+ services.backup.profiles.mail.excludeFile = ''
+ + /var/lib/dhparams
+ + /var/lib/dovecot
+ '';
+ secrets.keys = [
+ {
+ dest = "dovecot/ldap";
+ user = config.services.dovecot2.user;
+ group = config.services.dovecot2.group;
+ permissions = "0400";
+ text = ''
+ hosts = ${myconfig.env.mail.dovecot.ldap.host}
+ tls = yes
- auth_bind = yes
+ dn = ${myconfig.env.mail.dovecot.ldap.dn}
+ dnpass = ${myconfig.env.mail.dovecot.ldap.password}
- ldap_version = 3
+ auth_bind = yes
- base = ${myconfig.env.mail.dovecot.ldap.base}
- scope = subtree
+ ldap_version = 3
- user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
- pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
+ base = ${myconfig.env.mail.dovecot.ldap.base}
+ scope = subtree
- user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
- pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
- '';
- }
- ];
+ user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
+ pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
- config.users.users.vhost = {
- group = "vhost";
- uid = config.ids.uids.vhost;
- };
- config.users.groups.vhost.gid = config.ids.gids.vhost;
-
- # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
- config.services.dovecot2 = {
- enable = true;
- enablePAM = false;
- enablePop3 = true;
- enableImap = true;
- enableLmtp = true;
- protocols = [ "sieve" ];
- modules = [
- pkgs.dovecot_pigeonhole
- pkgs.dovecot_fts-xapian
- ];
- mailUser = "vhost";
- mailGroup = "vhost";
- createMailUser = false;
- mailboxes = [
- { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; }
- { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; }
- { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; }
- { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
+ user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
+ pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
+ '';
+ }
];
- mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
- sslServerCert = "/var/lib/acme/mail/fullchain.pem";
- sslServerKey = "/var/lib/acme/mail/key.pem";
- sslCACert = "/var/lib/acme/mail/fullchain.pem";
- extraConfig = builtins.concatStringsSep "\n" [
- ''
- postmaster_address = postmaster@immae.eu
- mail_attribute_dict = file:%h/dovecot-attributes
- imap_idle_notify_interval = 20 mins
- namespace inbox {
- type = private
- separator = /
- inbox = yes
- list = yes
- }
- ''
-
- # Full text search
- ''
- # needs to be bigger than any mailbox size
- default_vsz_limit = 2GB
- mail_plugins = $mail_plugins fts fts_xapian
+
+ users.users.vhost = {
+ group = "vhost";
+ uid = config.ids.uids.vhost;
+ };
+ users.groups.vhost.gid = config.ids.gids.vhost;
+
+ # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
+ services.dovecot2 = {
+ enable = true;
+ enablePAM = false;
+ enablePop3 = true;
+ enableImap = true;
+ enableLmtp = true;
+ protocols = [ "sieve" ];
+ modules = [
+ pkgs.dovecot_pigeonhole
+ pkgs.dovecot_fts-xapian
+ ];
+ mailUser = "vhost";
+ mailGroup = "vhost";
+ createMailUser = false;
+ mailboxes = [
+ { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; }
+ { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; }
+ { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; }
+ { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
+ ];
+ mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
+ sslServerCert = "/var/lib/acme/mail/fullchain.pem";
+ sslServerKey = "/var/lib/acme/mail/key.pem";
+ sslCACert = "/var/lib/acme/mail/fullchain.pem";
+ extraConfig = builtins.concatStringsSep "\n" [
+ ''
+ postmaster_address = postmaster@immae.eu
+ mail_attribute_dict = file:%h/dovecot-attributes
+ imap_idle_notify_interval = 20 mins
+ namespace inbox {
+ type = private
+ separator = /
+ inbox = yes
+ list = yes
+ }
+ ''
+
+ # Full text search
+ ''
+ # needs to be bigger than any mailbox size
+ default_vsz_limit = 2GB
+ mail_plugins = $mail_plugins fts fts_xapian
+ plugin {
+ plugin = fts fts_xapian
+ fts = xapian
+ fts_xapian = partial=2 full=20
+ fts_autoindex = yes
+ fts_autoindex_exclude = \Junk
+ fts_autoindex_exclude2 = \Trash
+ fts_autoindex_exclude3 = Virtual/*
+ }
+ ''
+
+ # Antispam
+ # https://docs.iredmail.org/dovecot.imapsieve.html
+ ''
+ # imap_sieve plugin added below
+
plugin {
- plugin = fts fts_xapian
- fts = xapian
- fts_xapian = partial=2 full=20
- fts_autoindex = yes
- fts_autoindex_exclude = \Junk
- fts_autoindex_exclude2 = \Trash
- fts_autoindex_exclude3 = Virtual/*
- }
- ''
-
- # Antispam
- # https://docs.iredmail.org/dovecot.imapsieve.html
- ''
- # imap_sieve plugin added below
-
- plugin {
- sieve_plugins = sieve_imapsieve sieve_extprograms
- imapsieve_url = sieve://127.0.0.1:4190
-
- # From elsewhere to Junk folder
- imapsieve_mailbox1_name = Junk
- imapsieve_mailbox1_causes = COPY APPEND
- imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-
- # From Junk folder to elsewhere
- imapsieve_mailbox2_name = *
- imapsieve_mailbox2_from = Junk
- imapsieve_mailbox2_causes = COPY
- imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-
- sieve_pipe_bin_dir = ${sieve_bin}
-
- sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
- }
- ''
- # Services to listen
- ''
- service imap-login {
- inet_listener imap {
+ sieve_plugins = sieve_imapsieve sieve_extprograms
+ imapsieve_url = sieve://127.0.0.1:4190
+
+ # From elsewhere to Junk folder
+ imapsieve_mailbox1_name = Junk
+ imapsieve_mailbox1_causes = COPY APPEND
+ imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
+ # From Junk folder to elsewhere
+ imapsieve_mailbox2_name = *
+ imapsieve_mailbox2_from = Junk
+ imapsieve_mailbox2_causes = COPY
+ imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
+
+ sieve_pipe_bin_dir = ${sieve_bin}
+
+ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
- inet_listener imaps {
+ ''
+ # Services to listen
+ ''
+ service imap-login {
+ inet_listener imap {
+ }
+ inet_listener imaps {
+ }
}
- }
- service pop3-login {
- inet_listener pop3 {
+ service pop3-login {
+ inet_listener pop3 {
+ }
+ inet_listener pop3s {
+ }
}
- inet_listener pop3s {
+ service imap {
}
- }
- service imap {
- }
- service pop3 {
- }
- service auth {
- unix_listener auth-userdb {
+ service pop3 {
}
- unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
- mode = 0666
+ service auth {
+ unix_listener auth-userdb {
+ }
+ unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
+ mode = 0666
+ }
}
- }
- service auth-worker {
- }
- service dict {
- unix_listener dict {
+ service auth-worker {
}
- }
- service stats {
- unix_listener stats-reader {
- user = vhost
- group = vhost
- mode = 0660
+ service dict {
+ unix_listener dict {
+ }
}
- unix_listener stats-writer {
- user = vhost
- group = vhost
- mode = 0660
+ service stats {
+ unix_listener stats-reader {
+ user = vhost
+ group = vhost
+ mode = 0660
+ }
+ unix_listener stats-writer {
+ user = vhost
+ group = vhost
+ mode = 0660
+ }
}
- }
- ''
-
- # Authentification
- ''
- first_valid_uid = ${toString config.ids.uids.vhost}
- disable_plaintext_auth = yes
- passdb {
- driver = ldap
- args = ${config.secrets.fullPaths."dovecot/ldap"}
- }
- userdb {
- driver = static
- args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
- }
- ''
-
- # Zlib
- ''
- mail_plugins = $mail_plugins zlib
- plugin {
- zlib_save_level = 6
- zlib_save = gz
- }
- ''
+ ''
+
+ # Authentification
+ ''
+ first_valid_uid = ${toString config.ids.uids.vhost}
+ disable_plaintext_auth = yes
+ passdb {
+ driver = ldap
+ args = ${config.secrets.fullPaths."dovecot/ldap"}
+ }
+ userdb {
+ driver = static
+ args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
+ }
+ ''
- # Sieve
- ''
- plugin {
- sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
- }
- service managesieve-login {
- }
- service managesieve {
- }
- ''
-
- # Virtual mailboxes
- ''
- mail_plugins = $mail_plugins virtual
- namespace Virtual {
- prefix = Virtual/
- location = virtual:~/Virtual
- }
- ''
+ # Zlib
+ ''
+ mail_plugins = $mail_plugins zlib
+ plugin {
+ zlib_save_level = 6
+ zlib_save = gz
+ }
+ ''
- # Protocol specific configuration
- # Needs to come last if there are mail_plugins entries
- ''
- protocol imap {
- mail_plugins = $mail_plugins imap_sieve
- }
- protocol lda {
- mail_plugins = $mail_plugins sieve
- }
- ''
- ];
- };
- config.networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
- config.system.activationScripts.dovecot = {
- deps = [ "users" ];
- text =''
- install -m 0755 -o vhost -g vhost -d /var/lib/vhost
- '';
- };
+ # Sieve
+ ''
+ plugin {
+ sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
+ }
+ service managesieve-login {
+ }
+ service managesieve {
+ }
+ ''
+
+ # Virtual mailboxes
+ ''
+ mail_plugins = $mail_plugins virtual
+ namespace Virtual {
+ prefix = Virtual/
+ location = virtual:~/Virtual
+ }
+ ''
- config.security.acme.certs."mail" = {
- postRun = ''
- systemctl restart dovecot2.service
- '';
- extraDomains = {
- "imap.immae.eu" = null;
- "pop3.immae.eu" = null;
+ # Protocol specific configuration
+ # Needs to come last if there are mail_plugins entries
+ ''
+ protocol imap {
+ mail_plugins = $mail_plugins imap_sieve
+ }
+ protocol lda {
+ mail_plugins = $mail_plugins sieve
+ }
+ ''
+ ];
+ };
+ networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
+ system.activationScripts.dovecot = {
+ deps = [ "users" ];
+ text =''
+ install -m 0755 -o vhost -g vhost -d /var/lib/vhost
+ '';
+ };
+
+ security.acme.certs."mail" = {
+ postRun = ''
+ systemctl restart dovecot2.service
+ '';
+ extraDomains = {
+ "imap.immae.eu" = null;
+ "pop3.immae.eu" = null;
+ };
};
};
}
projects / perso / Immae / Config / Nix.git / blobdiff