in
{
config = lib.mkIf config.myServices.mail.enable {
+ myServices.dns.zones."immae.eu".subdomains =
+ with config.myServices.dns.helpers;
+ {
+ imap = ips servers.eldiron.ips.main;
+ pop3 = ips servers.eldiron.ips.main;
+ };
+
+ myServices.chatonsProperties.services.email = {
+ file.datetime = "2022-08-22T01:00:00";
+ service = {
+ name = "E-mail account";
+ description = "Compte e-mail avec configuration imap et smtp/pop3";
+ logo = "https://www.dovecot.org/wp-content/uploads/2021/09/favicon.ico";
+ website = "https://mail.immae.eu/";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = {
+ name = "Dovecot";
+ website = "https://www.dovecot.org/";
+ license.url = "https://github.com/dovecot/core/blob/main/COPYING";
+ license.name = "MIT and LGPLv2.1 Licenses";
+ version = pkgs.dovecot.version;
+ source.url = "https://github.com/dovecot/core";
+ modules = ["roundcube" "rainloop"] ++ map (a: a.pname) config.services.dovecot2.modules;
+ };
+ };
systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
secrets.keys."dovecot/ldap" = {
user = config.services.dovecot2.user;
uid = config.ids.uids.vhost;
};
users.groups.vhost.gid = config.ids.gids.vhost;
+ users.users."${config.services.dovecot2.user}".extraGroups = [ "acme" ];
+
+ nixpkgs.overlays = [
+ (self: super: {
+ dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; };
+ })
+ ];
# https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
services.dovecot2 = {
protocols = [ "sieve" ];
modules = [
pkgs.dovecot_pigeonhole
- pkgs.dovecot_fts-xapian
+ pkgs.dovecot_fts_xapian
];
mailUser = "vhost";
mailGroup = "vhost";
Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
};
mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
- sslServerCert = "/var/lib/acme/mail/fullchain.pem";
+ sslServerCert = "/etc/dovecot/fullchain.pem";
sslServerKey = "/var/lib/acme/mail/key.pem";
- sslCACert = "/var/lib/acme/mail/fullchain.pem";
+ sslCACert = "/etc/dovecot/fullchain.pem";
extraConfig = builtins.concatStringsSep "\n" [
# For printer which doesn’t support elliptic curve
''
- ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
+ ssl_alt_cert = </etc/dovecot/fullchain-rsa.pem
ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
''
postRun = ''
systemctl restart dovecot2.service
'';
- extraDomains = {
- "imap.immae.eu" = null;
- "pop3.immae.eu" = null;
- };
+ extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
};
security.acme.certs."mail" = {
postRun = ''
systemctl restart dovecot2.service
'';
- extraDomains = {
- "imap.immae.eu" = null;
- "pop3.immae.eu" = null;
- };
+ extraDomainNames = [ "imap.immae.eu" "pop3.immae.eu" ];
};
+ myServices.monitoring.fromMasterActivatedPlugins = [ "imap" "tcp" ];
+ myServices.monitoring.fromMasterObjects.service = [
+ {
+ service_description = "imap connection works";
+ host_name = config.hostEnv.fqdn;
+ use = "external-service";
+ check_command = "check_imap_connection";
+
+ servicegroups = "webstatus-remote-services,webstatus-email";
+ _webstatus_name = "IMAP";
+ _webstatus_url = "imap.immae.eu";
+ }
+
+ {
+ service_description = "imap SSL is up to date";
+ host_name = config.hostEnv.fqdn;
+ use = "external-service";
+ check_command = ["check_tcp_ssl" "993"];
+
+ servicegroups = "webstatus-ssl";
+ _webstatus_name = "IMAP";
+ _webstatus_url = "imap.immae.eu";
+ }
+
+ ];
};
}
projects / perso / Immae / Config / Nix.git / blobdiff