};
};
systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
+ secrets.keys."dovecot/sql" = {
+ user = config.services.dovecot2.user;
+ group = config.services.dovecot2.group;
+ permissions = "0400";
+ text = ''
+ driver = mysql
+ connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password}
+ password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \
+ FROM forwardings WHERE \
+ ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \
+ AND active = 1
+ '';
+ };
secrets.keys."dovecot/ldap" = {
user = config.services.dovecot2.user;
group = config.services.dovecot2.group;
nixpkgs.overlays = [
(self: super: {
- dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; };
+ dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; };
})
];
''
first_valid_uid = ${toString config.ids.uids.vhost}
disable_plaintext_auth = yes
+ passdb {
+ driver = sql
+ args = ${config.secrets.fullPaths."dovecot/sql"}
+ }
passdb {
driver = ldap
args = ${config.secrets.fullPaths."dovecot/ldap"}