X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fdovecot.nix;h=dc75e0f9e5e0f1b98cd402228e47d9d739caa844;hp=0d13a7be769eb7f97b57895d47e34a53553660ef;hb=8415083eb6acc343dfa404dbbc12fa0171a48a20;hpb=8fa7ff2c63fb0722144bc90837512d9f8b8c929d diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 0d13a7b..dc75e0f 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix @@ -12,239 +12,241 @@ let ''; in { - config.services.backup.profiles.mail.excludeFile = '' - + /var/lib/dhparams - + /var/lib/dovecot - ''; - config.secrets.keys = [ - { - dest = "dovecot/ldap"; - user = config.services.dovecot2.user; - group = config.services.dovecot2.group; - permissions = "0400"; - text = '' - hosts = ${myconfig.env.mail.dovecot.ldap.host} - tls = yes - - dn = ${myconfig.env.mail.dovecot.ldap.dn} - dnpass = ${myconfig.env.mail.dovecot.ldap.password} + config = lib.mkIf config.myServices.mail.enable { + services.backup.profiles.mail.excludeFile = '' + + /var/lib/dhparams + + /var/lib/dovecot + ''; + secrets.keys = [ + { + dest = "dovecot/ldap"; + user = config.services.dovecot2.user; + group = config.services.dovecot2.group; + permissions = "0400"; + text = '' + hosts = ${myconfig.env.mail.dovecot.ldap.host} + tls = yes - auth_bind = yes + dn = ${myconfig.env.mail.dovecot.ldap.dn} + dnpass = ${myconfig.env.mail.dovecot.ldap.password} - ldap_version = 3 + auth_bind = yes - base = ${myconfig.env.mail.dovecot.ldap.base} - scope = subtree + ldap_version = 3 - user_filter = ${myconfig.env.mail.dovecot.ldap.filter} - pass_filter = ${myconfig.env.mail.dovecot.ldap.filter} + base = ${myconfig.env.mail.dovecot.ldap.base} + scope = subtree - user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs} - pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs} - ''; - } - ]; + user_filter = ${myconfig.env.mail.dovecot.ldap.filter} + pass_filter = ${myconfig.env.mail.dovecot.ldap.filter} - config.users.users.vhost = { - group = "vhost"; - uid = config.ids.uids.vhost; - }; - config.users.groups.vhost.gid = config.ids.gids.vhost; - - # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous....... - config.services.dovecot2 = { - enable = true; - enablePAM = false; - enablePop3 = true; - enableImap = true; - enableLmtp = true; - protocols = [ "sieve" ]; - modules = [ - pkgs.dovecot_pigeonhole - pkgs.dovecot_fts-xapian - ]; - mailUser = "vhost"; - mailGroup = "vhost"; - createMailUser = false; - mailboxes = [ - { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; } - { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; } - { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; } - { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; } + user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs} + pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs} + ''; + } ]; - mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap"; - sslServerCert = "/var/lib/acme/mail/fullchain.pem"; - sslServerKey = "/var/lib/acme/mail/key.pem"; - sslCACert = "/var/lib/acme/mail/fullchain.pem"; - extraConfig = builtins.concatStringsSep "\n" [ - '' - postmaster_address = postmaster@immae.eu - mail_attribute_dict = file:%h/dovecot-attributes - imap_idle_notify_interval = 20 mins - namespace inbox { - type = private - separator = / - inbox = yes - list = yes - } - '' - - # Full text search - '' - # needs to be bigger than any mailbox size - default_vsz_limit = 2GB - mail_plugins = $mail_plugins fts fts_xapian + + users.users.vhost = { + group = "vhost"; + uid = config.ids.uids.vhost; + }; + users.groups.vhost.gid = config.ids.gids.vhost; + + # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous....... + services.dovecot2 = { + enable = true; + enablePAM = false; + enablePop3 = true; + enableImap = true; + enableLmtp = true; + protocols = [ "sieve" ]; + modules = [ + pkgs.dovecot_pigeonhole + pkgs.dovecot_fts-xapian + ]; + mailUser = "vhost"; + mailGroup = "vhost"; + createMailUser = false; + mailboxes = [ + { name = "Trash"; auto = "subscribe"; specialUse = "Trash"; } + { name = "Junk"; auto = "subscribe"; specialUse = "Junk"; } + { name = "Sent"; auto = "subscribe"; specialUse = "Sent"; } + { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; } + ]; + mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap"; + sslServerCert = "/var/lib/acme/mail/fullchain.pem"; + sslServerKey = "/var/lib/acme/mail/key.pem"; + sslCACert = "/var/lib/acme/mail/fullchain.pem"; + extraConfig = builtins.concatStringsSep "\n" [ + '' + postmaster_address = postmaster@immae.eu + mail_attribute_dict = file:%h/dovecot-attributes + imap_idle_notify_interval = 20 mins + namespace inbox { + type = private + separator = / + inbox = yes + list = yes + } + '' + + # Full text search + '' + # needs to be bigger than any mailbox size + default_vsz_limit = 2GB + mail_plugins = $mail_plugins fts fts_xapian + plugin { + plugin = fts fts_xapian + fts = xapian + fts_xapian = partial=2 full=20 + fts_autoindex = yes + fts_autoindex_exclude = \Junk + fts_autoindex_exclude2 = \Trash + fts_autoindex_exclude3 = Virtual/* + } + '' + + # Antispam + # https://docs.iredmail.org/dovecot.imapsieve.html + '' + # imap_sieve plugin added below + plugin { - plugin = fts fts_xapian - fts = xapian - fts_xapian = partial=2 full=20 - fts_autoindex = yes - fts_autoindex_exclude = \Junk - fts_autoindex_exclude2 = \Trash - fts_autoindex_exclude3 = Virtual/* - } - '' - - # Antispam - # https://docs.iredmail.org/dovecot.imapsieve.html - '' - # imap_sieve plugin added below - - plugin { - sieve_plugins = sieve_imapsieve sieve_extprograms - imapsieve_url = sieve://127.0.0.1:4190 - - # From elsewhere to Junk folder - imapsieve_mailbox1_name = Junk - imapsieve_mailbox1_causes = COPY APPEND - imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin - - # From Junk folder to elsewhere - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Junk - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin - - sieve_pipe_bin_dir = ${sieve_bin} - - sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment - } - '' - # Services to listen - '' - service imap-login { - inet_listener imap { + sieve_plugins = sieve_imapsieve sieve_extprograms + imapsieve_url = sieve://127.0.0.1:4190 + + # From elsewhere to Junk folder + imapsieve_mailbox1_name = Junk + imapsieve_mailbox1_causes = COPY APPEND + imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin + + # From Junk folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Junk + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin + + sieve_pipe_bin_dir = ${sieve_bin} + + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment } - inet_listener imaps { + '' + # Services to listen + '' + service imap-login { + inet_listener imap { + } + inet_listener imaps { + } } - } - service pop3-login { - inet_listener pop3 { + service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } } - inet_listener pop3s { + service imap { } - } - service imap { - } - service pop3 { - } - service auth { - unix_listener auth-userdb { + service pop3 { } - unix_listener ${config.services.postfix.config.queue_directory}/private/auth { - mode = 0666 + service auth { + unix_listener auth-userdb { + } + unix_listener ${config.services.postfix.config.queue_directory}/private/auth { + mode = 0666 + } } - } - service auth-worker { - } - service dict { - unix_listener dict { + service auth-worker { } - } - service stats { - unix_listener stats-reader { - user = vhost - group = vhost - mode = 0660 + service dict { + unix_listener dict { + } } - unix_listener stats-writer { - user = vhost - group = vhost - mode = 0660 + service stats { + unix_listener stats-reader { + user = vhost + group = vhost + mode = 0660 + } + unix_listener stats-writer { + user = vhost + group = vhost + mode = 0660 + } } - } - '' - - # Authentification - '' - first_valid_uid = ${toString config.ids.uids.vhost} - disable_plaintext_auth = yes - passdb { - driver = ldap - args = ${config.secrets.fullPaths."dovecot/ldap"} - } - userdb { - driver = static - args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap - } - '' - - # Zlib - '' - mail_plugins = $mail_plugins zlib - plugin { - zlib_save_level = 6 - zlib_save = gz - } - '' + '' + + # Authentification + '' + first_valid_uid = ${toString config.ids.uids.vhost} + disable_plaintext_auth = yes + passdb { + driver = ldap + args = ${config.secrets.fullPaths."dovecot/ldap"} + } + userdb { + driver = static + args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap + } + '' - # Sieve - '' - plugin { - sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve - } - service managesieve-login { - } - service managesieve { - } - '' - - # Virtual mailboxes - '' - mail_plugins = $mail_plugins virtual - namespace Virtual { - prefix = Virtual/ - location = virtual:~/Virtual - } - '' + # Zlib + '' + mail_plugins = $mail_plugins zlib + plugin { + zlib_save_level = 6 + zlib_save = gz + } + '' - # Protocol specific configuration - # Needs to come last if there are mail_plugins entries - '' - protocol imap { - mail_plugins = $mail_plugins imap_sieve - } - protocol lda { - mail_plugins = $mail_plugins sieve - } - '' - ]; - }; - config.networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ]; - config.system.activationScripts.dovecot = { - deps = [ "users" ]; - text ='' - install -m 0755 -o vhost -g vhost -d /var/lib/vhost - ''; - }; + # Sieve + '' + plugin { + sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve + } + service managesieve-login { + } + service managesieve { + } + '' + + # Virtual mailboxes + '' + mail_plugins = $mail_plugins virtual + namespace Virtual { + prefix = Virtual/ + location = virtual:~/Virtual + } + '' - config.security.acme.certs."mail" = { - postRun = '' - systemctl restart dovecot2.service - ''; - extraDomains = { - "imap.immae.eu" = null; - "pop3.immae.eu" = null; + # Protocol specific configuration + # Needs to come last if there are mail_plugins entries + '' + protocol imap { + mail_plugins = $mail_plugins imap_sieve + } + protocol lda { + mail_plugins = $mail_plugins sieve + } + '' + ]; + }; + networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ]; + system.activationScripts.dovecot = { + deps = [ "users" ]; + text ='' + install -m 0755 -o vhost -g vhost -d /var/lib/vhost + ''; + }; + + security.acme.certs."mail" = { + postRun = '' + systemctl restart dovecot2.service + ''; + extraDomains = { + "imap.immae.eu" = null; + "pop3.immae.eu" = null; + }; }; }; }