X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fdovecot.nix;fp=modules%2Fprivate%2Fmail%2Fdovecot.nix;h=0000000000000000000000000000000000000000;hp=b6fdc026efcd8a66d2e22f27c92de69d52ce78ed;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0

diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
deleted file mode 100644
index b6fdc02..0000000
--- a/modules/private/mail/dovecot.nix
+++ /dev/null
@@ -1,292 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
-  sieve_bin = pkgs.runCommand "sieve_bin" {
-    buildInputs = [ pkgs.makeWrapper ];
-  } ''
-    cp -a ${./sieve_bin} $out
-    chmod -R u+w $out
-    patchShebangs $out
-    for i in $out/*; do
-      wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils ]}
-    done
-    '';
-in
-{
-  config = lib.mkIf config.myServices.mail.enable {
-    systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
-    secrets.keys."dovecot/ldap" = {
-      user = config.services.dovecot2.user;
-      group = config.services.dovecot2.group;
-      permissions = "0400";
-      text = ''
-        hosts = ${config.myEnv.mail.dovecot.ldap.host}
-        tls = yes
-
-        dn = ${config.myEnv.mail.dovecot.ldap.dn}
-        dnpass = ${config.myEnv.mail.dovecot.ldap.password}
-
-        auth_bind = yes
-
-        ldap_version = 3
-
-        base = ${config.myEnv.mail.dovecot.ldap.base}
-        scope = subtree
-
-        pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
-        pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
-
-        user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
-        user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
-        iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
-        iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
-        '';
-    };
-
-    users.users.vhost = {
-      group = "vhost";
-      uid = config.ids.uids.vhost;
-    };
-    users.groups.vhost.gid = config.ids.gids.vhost;
-
-    # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
-    services.dovecot2 = {
-      enable = true;
-      enablePAM = false;
-      enablePop3 = true;
-      enableImap = true;
-      enableLmtp = true;
-      protocols = [ "sieve" ];
-      modules = [
-        pkgs.dovecot_pigeonhole
-        pkgs.dovecot_fts-xapian
-      ];
-      mailUser = "vhost";
-      mailGroup = "vhost";
-      createMailUser = false;
-      mailboxes = {
-        Trash  = { auto = "subscribe"; specialUse = "Trash"; };
-        Junk   = { auto = "subscribe"; specialUse = "Junk"; };
-        Sent   = { auto = "subscribe"; specialUse = "Sent"; };
-        Drafts = { auto = "subscribe"; specialUse = "Drafts"; };
-      };
-      mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
-      sslServerCert = "/var/lib/acme/mail/fullchain.pem";
-      sslServerKey = "/var/lib/acme/mail/key.pem";
-      sslCACert = "/var/lib/acme/mail/fullchain.pem";
-      extraConfig = builtins.concatStringsSep "\n" [
-        # For printer which doesnât support elliptic curve
-        ''
-          ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
-          ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
-        ''
-
-        ''
-          postmaster_address = postmaster@immae.eu
-          mail_attribute_dict = file:%h/dovecot-attributes
-          imap_idle_notify_interval = 20 mins
-          namespace inbox {
-            type = private
-            separator = /
-            inbox = yes
-            list = yes
-          }
-        ''
-
-        # ACL
-        ''
-          mail_plugins = $mail_plugins acl
-          plugin {
-            acl = vfile:${pkgs.writeText "dovecot-acl" ''
-              Backup/* owner lrp
-              ''}
-            acl_globals_only = yes
-          }
-        ''
-
-        # Full text search
-        ''
-          # needs to be bigger than any mailbox size
-          default_vsz_limit = 2GB
-          mail_plugins = $mail_plugins fts fts_xapian
-          plugin {
-            plugin = fts fts_xapian
-            fts = xapian
-            fts_xapian = partial=2 full=20
-            fts_autoindex = yes
-            fts_autoindex_exclude = \Junk
-            fts_autoindex_exclude2 = \Trash
-            fts_autoindex_exclude3 = Virtual/*
-          }
-        ''
-
-        # Antispam
-        # https://docs.iredmail.org/dovecot.imapsieve.html
-        ''
-        # imap_sieve plugin added below
-
-        plugin {
-            sieve_plugins = sieve_imapsieve sieve_extprograms
-            imapsieve_url = sieve://127.0.0.1:4190
-
-            sieve_before = file:${./sieve_scripts}/backup.sieve;bindir=/var/lib/vhost/.sieve_bin
-
-            # From elsewhere to Junk folder
-            imapsieve_mailbox1_name = Junk
-            imapsieve_mailbox1_causes = COPY APPEND
-            imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-
-            # From Junk folder to elsewhere
-            imapsieve_mailbox2_name = *
-            imapsieve_mailbox2_from = Junk
-            imapsieve_mailbox2_causes = COPY
-            imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-
-            # From anywhere to NoJunk folder
-            imapsieve_mailbox3_name = NoJunk
-            imapsieve_mailbox3_causes = COPY APPEND
-            imapsieve_mailbox3_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-
-            sieve_pipe_bin_dir = ${sieve_bin}
-
-            sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
-        }
-        ''
-        # Services to listen
-        ''
-        service imap-login {
-          inet_listener imap {
-          }
-          inet_listener imaps {
-          }
-        }
-        service pop3-login {
-          inet_listener pop3 {
-          }
-          inet_listener pop3s {
-          }
-        }
-        service imap {
-        }
-        service pop3 {
-        }
-        service auth {
-          unix_listener auth-userdb {
-          }
-          unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
-            mode = 0666
-          }
-        }
-        service auth-worker {
-        }
-        service dict {
-          unix_listener dict {
-          }
-        }
-        service stats {
-          unix_listener stats-reader {
-            user = vhost
-            group = vhost
-            mode = 0660
-          }
-          unix_listener stats-writer {
-            user = vhost
-            group = vhost
-            mode = 0660
-          }
-        }
-        ''
-
-        # Authentification
-        ''
-        first_valid_uid = ${toString config.ids.uids.vhost}
-        disable_plaintext_auth = yes
-        passdb {
-          driver = ldap
-          args = ${config.secrets.fullPaths."dovecot/ldap"}
-        }
-        userdb {
-          driver = ldap
-          args = ${config.secrets.fullPaths."dovecot/ldap"}
-        }
-        ''
-
-        # Zlib
-        ''
-        mail_plugins = $mail_plugins zlib
-        plugin {
-          zlib_save_level = 6
-          zlib_save = gz
-        }
-        ''
-
-        # Sieve
-        ''
-        plugin {
-          sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
-        }
-        service managesieve-login {
-        }
-        service managesieve {
-        }
-        ''
-
-        # Virtual mailboxes
-        ''
-        mail_plugins = $mail_plugins virtual
-        namespace Virtual {
-          prefix = Virtual/
-          location = virtual:~/Virtual
-        }
-        ''
-
-        # Protocol specific configuration
-        # Needs to come last if there are mail_plugins entries
-        ''
-        protocol imap {
-          mail_plugins = $mail_plugins imap_sieve imap_acl
-        }
-        protocol lda {
-          mail_plugins = $mail_plugins sieve
-        }
-        ''
-      ];
-    };
-    networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
-    system.activationScripts.dovecot = {
-      deps = [ "users" ];
-      text  =''
-        install -m 0755 -o vhost -g vhost -d /var/lib/vhost
-        '';
-    };
-
-    services.cron.systemCronJobs = let
-      cron_script = pkgs.writeScriptBin "cleanup-imap-folders" ''
-        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX "Backup/*" NOT FLAGGED BEFORE 8w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
-        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Junk SEEN NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
-        ${pkgs.dovecot}/bin/doveadm expunge -A MAILBOX Trash NOT FLAGGED BEFORE 4w 2>&1 > /dev/null | grep -v "Mailbox doesn't exist:" | grep -v "Info: Opening DB"
-        '';
-      in
-      [
-        "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
-      ];
-    security.acme.certs."mail-rsa" = {
-      postRun = ''
-        systemctl restart dovecot2.service
-      '';
-      extraDomains = {
-        "imap.immae.eu" = null;
-        "pop3.immae.eu" = null;
-      };
-    };
-    security.acme.certs."mail" = {
-      postRun = ''
-        systemctl restart dovecot2.service
-      '';
-      extraDomains = {
-        "imap.immae.eu" = null;
-        "pop3.immae.eu" = null;
-      };
-    };
-  };
-}
-