Add new machine to nixops

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-10-18 19:43:39 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-10-18 19:43:39 +0200
commit: 8415083eb6acc343dfa404dbbc12fa0171a48a20 (patch)
tree: d83f54c99763ae49076bf3071449595b6ccae133 /modules/private/mail/dovecot.nix
parent: 8fa7ff2c63fb0722144bc90837512d9f8b8c929d (diff)
download: Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.gz
Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.zst
Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.zip
1 files changed, 215 insertions, 213 deletions
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
index 0d13a7b..dc75e0f 100644
--- a/modules/private/mail/dovecot.nix
+++ b/modules/private/mail/dovecot.nix
@@ -12,239 +12,241 @@ let
    '';
 in
 {
-  config.services.backup.profiles.mail.excludeFile = ''
+  config = lib.mkIf config.myServices.mail.enable {
-    + /var/lib/dhparams
+    services.backup.profiles.mail.excludeFile = ''
-    + /var/lib/dovecot
+      + /var/lib/dhparams
-    '';
+      + /var/lib/dovecot
-  config.secrets.keys = [
+      '';
-    {
+    secrets.keys = [
-      dest = "dovecot/ldap";
+      {
-      user = config.services.dovecot2.user;
+        dest = "dovecot/ldap";
-      group = config.services.dovecot2.group;
+        user = config.services.dovecot2.user;
-      permissions = "0400";
+        group = config.services.dovecot2.group;
-      text = ''
+        permissions = "0400";
-        hosts = ${myconfig.env.mail.dovecot.ldap.host}
+        text = ''
-        tls = yes
+          hosts = ${myconfig.env.mail.dovecot.ldap.host}
+          tls = yes
-        dn = ${myconfig.env.mail.dovecot.ldap.dn}
-        dnpass = ${myconfig.env.mail.dovecot.ldap.password}
-        auth_bind = yes
+          dn = ${myconfig.env.mail.dovecot.ldap.dn}
+          dnpass = ${myconfig.env.mail.dovecot.ldap.password}
-        ldap_version = 3
+          auth_bind = yes
-        base = ${myconfig.env.mail.dovecot.ldap.base}
+          ldap_version = 3
-        scope = subtree
-        user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
+          base = ${myconfig.env.mail.dovecot.ldap.base}
-        pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
+          scope = subtree
-        user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
+          user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
-        pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
+          pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
-        '';
-    }
-  ];
-  config.users.users.vhost = {
+          user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
-    group = "vhost";
+          pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
-    uid = config.ids.uids.vhost;
+          '';
-  };
+      }
-  config.users.groups.vhost.gid = config.ids.gids.vhost;
-  # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
-  config.services.dovecot2 = {
-    enable = true;
-    enablePAM = false;
-    enablePop3 = true;
-    enableImap = true;
-    enableLmtp = true;
-    protocols = [ "sieve" ];
-    modules = [
-      pkgs.dovecot_pigeonhole
-      pkgs.dovecot_fts-xapian
-    ];
-    mailUser = "vhost";
-    mailGroup = "vhost";
-    createMailUser = false;
-    mailboxes = [
-      { name = "Trash";  auto = "subscribe"; specialUse = "Trash"; }
-      { name = "Junk";   auto = "subscribe"; specialUse = "Junk"; }
-      { name = "Sent";   auto = "subscribe"; specialUse = "Sent"; }
-      { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
    ];
-    mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
-    sslServerCert = "/var/lib/acme/mail/fullchain.pem";
+    users.users.vhost = {
-    sslServerKey = "/var/lib/acme/mail/key.pem";
+      group = "vhost";
-    sslCACert = "/var/lib/acme/mail/fullchain.pem";
+      uid = config.ids.uids.vhost;
-    extraConfig = builtins.concatStringsSep "\n" [
+    };
-      ''
+    users.groups.vhost.gid = config.ids.gids.vhost;
-        postmaster_address = postmaster@immae.eu
-        mail_attribute_dict = file:%h/dovecot-attributes
+    # https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
-        imap_idle_notify_interval = 20 mins
+    services.dovecot2 = {
-        namespace inbox {
+      enable = true;
-          type = private
+      enablePAM = false;
-          separator = /
+      enablePop3 = true;
-          inbox = yes
+      enableImap = true;
-          list = yes
+      enableLmtp = true;
-        }
+      protocols = [ "sieve" ];
-      ''
+      modules = [
+        pkgs.dovecot_pigeonhole
-      # Full text search
+        pkgs.dovecot_fts-xapian
-      ''
+      ];
-        # needs to be bigger than any mailbox size
+      mailUser = "vhost";
-        default_vsz_limit = 2GB
+      mailGroup = "vhost";
-        mail_plugins = $mail_plugins fts fts_xapian
+      createMailUser = false;
+      mailboxes = [
+        { name = "Trash";  auto = "subscribe"; specialUse = "Trash"; }
+        { name = "Junk";   auto = "subscribe"; specialUse = "Junk"; }
+        { name = "Sent";   auto = "subscribe"; specialUse = "Sent"; }
+        { name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
+      ];
+      mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
+      sslServerCert = "/var/lib/acme/mail/fullchain.pem";
+      sslServerKey = "/var/lib/acme/mail/key.pem";
+      sslCACert = "/var/lib/acme/mail/fullchain.pem";
+      extraConfig = builtins.concatStringsSep "\n" [
+        ''
+          postmaster_address = postmaster@immae.eu
+          mail_attribute_dict = file:%h/dovecot-attributes
+          imap_idle_notify_interval = 20 mins
+          namespace inbox {
+            type = private
+            separator = /
+            inbox = yes
+            list = yes
+          }
+        ''
+        # Full text search
+        ''
+          # needs to be bigger than any mailbox size
+          default_vsz_limit = 2GB
+          mail_plugins = $mail_plugins fts fts_xapian
+          plugin {
+            plugin = fts fts_xapian
+            fts = xapian
+            fts_xapian = partial=2 full=20
+            fts_autoindex = yes
+            fts_autoindex_exclude = \Junk
+            fts_autoindex_exclude2 = \Trash
+            fts_autoindex_exclude3 = Virtual/*
+          }
+        ''
+        # Antispam
+        # https://docs.iredmail.org/dovecot.imapsieve.html
+        ''
+        # imap_sieve plugin added below
        plugin {
-          plugin = fts fts_xapian
+            sieve_plugins = sieve_imapsieve sieve_extprograms
-          fts = xapian
+            imapsieve_url = sieve://127.0.0.1:4190
-          fts_xapian = partial=2 full=20
-          fts_autoindex = yes
+            # From elsewhere to Junk folder
-          fts_autoindex_exclude = \Junk
+            imapsieve_mailbox1_name = Junk
-          fts_autoindex_exclude2 = \Trash
+            imapsieve_mailbox1_causes = COPY APPEND
-          fts_autoindex_exclude3 = Virtual/*
+            imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-        }
-      ''
+            # From Junk folder to elsewhere
+            imapsieve_mailbox2_name = *
-      # Antispam
+            imapsieve_mailbox2_from = Junk
-      # https://docs.iredmail.org/dovecot.imapsieve.html
+            imapsieve_mailbox2_causes = COPY
-      ''
+            imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-      # imap_sieve plugin added below
+            sieve_pipe_bin_dir = ${sieve_bin}
-      plugin {
-          sieve_plugins = sieve_imapsieve sieve_extprograms
+            sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
-          imapsieve_url = sieve://127.0.0.1:4190
-          # From elsewhere to Junk folder
-          imapsieve_mailbox1_name = Junk
-          imapsieve_mailbox1_causes = COPY APPEND
-          imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-          # From Junk folder to elsewhere
-          imapsieve_mailbox2_name = *
-          imapsieve_mailbox2_from = Junk
-          imapsieve_mailbox2_causes = COPY
-          imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
-          sieve_pipe_bin_dir = ${sieve_bin}
-          sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
-      }
-      ''
-      # Services to listen
-      ''
-      service imap-login {
-        inet_listener imap {
        }
-        inet_listener imaps {
+        ''
+        # Services to listen
+        ''
+        service imap-login {
+          inet_listener imap {
+          }
+          inet_listener imaps {
+          }
        }
-      }
+        service pop3-login {
-      service pop3-login {
+          inet_listener pop3 {
-        inet_listener pop3 {
+          }
+          inet_listener pop3s {
+          }
        }
-        inet_listener pop3s {
+        service imap {
        }
-      }
+        service pop3 {
-      service imap {
-      }
-      service pop3 {
-      }
-      service auth {
-        unix_listener auth-userdb {
        }
-        unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
+        service auth {
-          mode = 0666
+          unix_listener auth-userdb {
+          }
+          unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
+            mode = 0666
+          }
        }
-      }
+        service auth-worker {
-      service auth-worker {
-      }
-      service dict {
-        unix_listener dict {
        }
-      }
+        service dict {
-      service stats {
+          unix_listener dict {
-        unix_listener stats-reader {
+          }
-          user = vhost
-          group = vhost
-          mode = 0660
        }
-        unix_listener stats-writer {
+        service stats {
-          user = vhost
+          unix_listener stats-reader {
-          group = vhost
+            user = vhost
-          mode = 0660
+            group = vhost
+            mode = 0660
+          }
+          unix_listener stats-writer {
+            user = vhost
+            group = vhost
+            mode = 0660
+          }
        }
-      }
+        ''
-      ''
+        # Authentification
-      # Authentification
+        ''
-      ''
+        first_valid_uid = ${toString config.ids.uids.vhost}
-      first_valid_uid = ${toString config.ids.uids.vhost}
+        disable_plaintext_auth = yes
-      disable_plaintext_auth = yes
+        passdb {
-      passdb {
+          driver = ldap
-        driver = ldap
+          args = ${config.secrets.fullPaths."dovecot/ldap"}
-        args = ${config.secrets.fullPaths."dovecot/ldap"}
+        }
-      }
+        userdb {
-      userdb {
+          driver = static
-        driver = static
+          args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
-        args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
+        }
-      }
+        ''
-      ''
-      # Zlib
-      ''
-      mail_plugins = $mail_plugins zlib
-      plugin {
-        zlib_save_level = 6
-        zlib_save = gz
-      }
-      ''
-      # Sieve
+        # Zlib
-      ''
+        ''
-      plugin {
+        mail_plugins = $mail_plugins zlib
-        sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
+        plugin {
-      }
+          zlib_save_level = 6
-      service managesieve-login {
+          zlib_save = gz
-      }
+        }
-      service managesieve {
+        ''
-      }
-      ''
-      # Virtual mailboxes
-      ''
-      mail_plugins = $mail_plugins virtual
-      namespace Virtual {
-        prefix = Virtual/
-        location = virtual:~/Virtual
-      }
-      ''
-      # Protocol specific configuration
+        # Sieve
-      # Needs to come last if there are mail_plugins entries
+        ''
-      ''
+        plugin {
-      protocol imap {
+          sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
-        mail_plugins = $mail_plugins imap_sieve
+        }
-      }
+        service managesieve-login {
-      protocol lda {
+        }
-        mail_plugins = $mail_plugins sieve
+        service managesieve {
-      }
+        }
-      ''
+        ''
-    ];
-  };
+        # Virtual mailboxes
-  config.networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
+        ''
-  config.system.activationScripts.dovecot = {
+        mail_plugins = $mail_plugins virtual
-    deps = [ "users" ];
+        namespace Virtual {
-    text  =''
+          prefix = Virtual/
-      install -m 0755 -o vhost -g vhost -d /var/lib/vhost
+          location = virtual:~/Virtual
-      '';
+        }
-  };
+        ''
-  config.security.acme.certs."mail" = {
+        # Protocol specific configuration
-    postRun = ''
+        # Needs to come last if there are mail_plugins entries
-      systemctl restart dovecot2.service
+        ''
-    '';
+        protocol imap {
-    extraDomains = {
+          mail_plugins = $mail_plugins imap_sieve
-      "imap.immae.eu" = null;
+        }
-      "pop3.immae.eu" = null;
+        protocol lda {
+          mail_plugins = $mail_plugins sieve
+        }
+        ''
+      ];
+    };
+    networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
+    system.activationScripts.dovecot = {
+      deps = [ "users" ];
+      text  =''
+        install -m 0755 -o vhost -g vhost -d /var/lib/vhost
+        '';
+    };
+    security.acme.certs."mail" = {
+      postRun = ''
+        systemctl restart dovecot2.service
+      '';
+      extraDomains = {
+        "imap.immae.eu" = null;
+        "pop3.immae.eu" = null;
+      };
    };
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-10-18 19:43:39 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-10-18 19:43:39 +0200
commit	8415083eb6acc343dfa404dbbc12fa0171a48a20 (patch)
tree	d83f54c99763ae49076bf3071449595b6ccae133 /modules/private/mail/dovecot.nix
parent	8fa7ff2c63fb0722144bc90837512d9f8b8c929d (diff)
download	Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.gz Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.zst Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.zip

diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 0d13a7b..dc75e0f 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix
@@ -12,239 +12,241 @@ let
12	'';	12	'';
13	in	13	in
14	{	14	{
15	config.services.backup.profiles.mail.excludeFile = ''	15	config = lib.mkIf config.myServices.mail.enable {
16	+ /var/lib/dhparams	16	services.backup.profiles.mail.excludeFile = ''
17	+ /var/lib/dovecot	17	+ /var/lib/dhparams
18	'';	18	+ /var/lib/dovecot
19	config.secrets.keys = [	19	'';
20	{	20	secrets.keys = [
21	dest = "dovecot/ldap";	21	{
22	user = config.services.dovecot2.user;	22	dest = "dovecot/ldap";
23	group = config.services.dovecot2.group;	23	user = config.services.dovecot2.user;
24	permissions = "0400";	24	group = config.services.dovecot2.group;
25	text = ''	25	permissions = "0400";
26	hosts = ${myconfig.env.mail.dovecot.ldap.host}	26	text = ''
27	tls = yes	27	hosts = ${myconfig.env.mail.dovecot.ldap.host}
28		28	tls = yes
29	dn = ${myconfig.env.mail.dovecot.ldap.dn}
30	dnpass = ${myconfig.env.mail.dovecot.ldap.password}
31		29
32	auth_bind = yes	30	dn = ${myconfig.env.mail.dovecot.ldap.dn}
		31	dnpass = ${myconfig.env.mail.dovecot.ldap.password}
33		32
34	ldap_version = 3	33	auth_bind = yes
35		34
36	base = ${myconfig.env.mail.dovecot.ldap.base}	35	ldap_version = 3
37	scope = subtree
38		36
39	user_filter = ${myconfig.env.mail.dovecot.ldap.filter}	37	base = ${myconfig.env.mail.dovecot.ldap.base}
40	pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}	38	scope = subtree
41		39
42	user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}	40	user_filter = ${myconfig.env.mail.dovecot.ldap.filter}
43	pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}	41	pass_filter = ${myconfig.env.mail.dovecot.ldap.filter}
44	'';
45	}
46	];
47		42
48	config.users.users.vhost = {	43	user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs}
49	group = "vhost";	44	pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs}
50	uid = config.ids.uids.vhost;	45	'';
51	};	46	}
52	config.users.groups.vhost.gid = config.ids.gids.vhost;
53
54	# https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
55	config.services.dovecot2 = {
56	enable = true;
57	enablePAM = false;
58	enablePop3 = true;
59	enableImap = true;
60	enableLmtp = true;
61	protocols = [ "sieve" ];
62	modules = [
63	pkgs.dovecot_pigeonhole
64	pkgs.dovecot_fts-xapian
65	];
66	mailUser = "vhost";
67	mailGroup = "vhost";
68	createMailUser = false;
69	mailboxes = [
70	{ name = "Trash"; auto = "subscribe"; specialUse = "Trash"; }
71	{ name = "Junk"; auto = "subscribe"; specialUse = "Junk"; }
72	{ name = "Sent"; auto = "subscribe"; specialUse = "Sent"; }
73	{ name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
74	];	47	];
75	mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";	48
76	sslServerCert = "/var/lib/acme/mail/fullchain.pem";	49	users.users.vhost = {
77	sslServerKey = "/var/lib/acme/mail/key.pem";	50	group = "vhost";
78	sslCACert = "/var/lib/acme/mail/fullchain.pem";	51	uid = config.ids.uids.vhost;
79	extraConfig = builtins.concatStringsSep "\n" [	52	};
80	''	53	users.groups.vhost.gid = config.ids.gids.vhost;
81	postmaster_address = postmaster@immae.eu	54
82	mail_attribute_dict = file:%h/dovecot-attributes	55	# https://blog.zeninc.net/index.php?post/2018/04/01/Un-annuaire-pour-les-gouverner-tous.......
83	imap_idle_notify_interval = 20 mins	56	services.dovecot2 = {
84	namespace inbox {	57	enable = true;
85	type = private	58	enablePAM = false;
86	separator = /	59	enablePop3 = true;
87	inbox = yes	60	enableImap = true;
88	list = yes	61	enableLmtp = true;
89	}	62	protocols = [ "sieve" ];
90	''	63	modules = [
91		64	pkgs.dovecot_pigeonhole
92	# Full text search	65	pkgs.dovecot_fts-xapian
93	''	66	];
94	# needs to be bigger than any mailbox size	67	mailUser = "vhost";
95	default_vsz_limit = 2GB	68	mailGroup = "vhost";
96	mail_plugins = $mail_plugins fts fts_xapian	69	createMailUser = false;
		70	mailboxes = [
		71	{ name = "Trash"; auto = "subscribe"; specialUse = "Trash"; }
		72	{ name = "Junk"; auto = "subscribe"; specialUse = "Junk"; }
		73	{ name = "Sent"; auto = "subscribe"; specialUse = "Sent"; }
		74	{ name = "Drafts"; auto = "subscribe"; specialUse = "Drafts"; }
		75	];
		76	mailLocation = "mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap";
		77	sslServerCert = "/var/lib/acme/mail/fullchain.pem";
		78	sslServerKey = "/var/lib/acme/mail/key.pem";
		79	sslCACert = "/var/lib/acme/mail/fullchain.pem";
		80	extraConfig = builtins.concatStringsSep "\n" [
		81	''
		82	postmaster_address = postmaster@immae.eu
		83	mail_attribute_dict = file:%h/dovecot-attributes
		84	imap_idle_notify_interval = 20 mins
		85	namespace inbox {
		86	type = private
		87	separator = /
		88	inbox = yes
		89	list = yes
		90	}
		91	''
		92
		93	# Full text search
		94	''
		95	# needs to be bigger than any mailbox size
		96	default_vsz_limit = 2GB
		97	mail_plugins = $mail_plugins fts fts_xapian
		98	plugin {
		99	plugin = fts fts_xapian
		100	fts = xapian
		101	fts_xapian = partial=2 full=20
		102	fts_autoindex = yes
		103	fts_autoindex_exclude = \Junk
		104	fts_autoindex_exclude2 = \Trash
		105	fts_autoindex_exclude3 = Virtual/*
		106	}
		107	''
		108
		109	# Antispam
		110	# https://docs.iredmail.org/dovecot.imapsieve.html
		111	''
		112	# imap_sieve plugin added below
		113
97	plugin {	114	plugin {
98	plugin = fts fts_xapian	115	sieve_plugins = sieve_imapsieve sieve_extprograms
99	fts = xapian	116	imapsieve_url = sieve://127.0.0.1:4190
100	fts_xapian = partial=2 full=20	117
101	fts_autoindex = yes	118	# From elsewhere to Junk folder
102	fts_autoindex_exclude = \Junk	119	imapsieve_mailbox1_name = Junk
103	fts_autoindex_exclude2 = \Trash	120	imapsieve_mailbox1_causes = COPY APPEND
104	fts_autoindex_exclude3 = Virtual/*	121	imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
105	}	122
106	''	123	# From Junk folder to elsewhere
107		124	imapsieve_mailbox2_name = *
108	# Antispam	125	imapsieve_mailbox2_from = Junk
109	# https://docs.iredmail.org/dovecot.imapsieve.html	126	imapsieve_mailbox2_causes = COPY
110	''	127	imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
111	# imap_sieve plugin added below	128
112		129	sieve_pipe_bin_dir = ${sieve_bin}
113	plugin {	130
114	sieve_plugins = sieve_imapsieve sieve_extprograms	131	sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
115	imapsieve_url = sieve://127.0.0.1:4190
116
117	# From elsewhere to Junk folder
118	imapsieve_mailbox1_name = Junk
119	imapsieve_mailbox1_causes = COPY APPEND
120	imapsieve_mailbox1_before = file:${./sieve_scripts}/report_spam.sieve;bindir=/var/lib/vhost/.imapsieve_bin
121
122	# From Junk folder to elsewhere
123	imapsieve_mailbox2_name = *
124	imapsieve_mailbox2_from = Junk
125	imapsieve_mailbox2_causes = COPY
126	imapsieve_mailbox2_before = file:${./sieve_scripts}/report_ham.sieve;bindir=/var/lib/vhost/.imapsieve_bin
127
128	sieve_pipe_bin_dir = ${sieve_bin}
129
130	sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
131	}
132	''
133	# Services to listen
134	''
135	service imap-login {
136	inet_listener imap {
137	}	132	}
138	inet_listener imaps {	133	''
		134	# Services to listen
		135	''
		136	service imap-login {
		137	inet_listener imap {
		138	}
		139	inet_listener imaps {
		140	}
139	}	141	}
140	}	142	service pop3-login {
141	service pop3-login {	143	inet_listener pop3 {
142	inet_listener pop3 {	144	}
		145	inet_listener pop3s {
		146	}
143	}	147	}
144	inet_listener pop3s {	148	service imap {
145	}	149	}
146	}	150	service pop3 {
147	service imap {
148	}
149	service pop3 {
150	}
151	service auth {
152	unix_listener auth-userdb {
153	}	151	}
154	unix_listener ${config.services.postfix.config.queue_directory}/private/auth {	152	service auth {
155	mode = 0666	153	unix_listener auth-userdb {
		154	}
		155	unix_listener ${config.services.postfix.config.queue_directory}/private/auth {
		156	mode = 0666
		157	}
156	}	158	}
157	}	159	service auth-worker {
158	service auth-worker {
159	}
160	service dict {
161	unix_listener dict {
162	}	160	}
163	}	161	service dict {
164	service stats {	162	unix_listener dict {
165	unix_listener stats-reader {	163	}
166	user = vhost
167	group = vhost
168	mode = 0660
169	}	164	}
170	unix_listener stats-writer {	165	service stats {
171	user = vhost	166	unix_listener stats-reader {
172	group = vhost	167	user = vhost
173	mode = 0660	168	group = vhost
		169	mode = 0660
		170	}
		171	unix_listener stats-writer {
		172	user = vhost
		173	group = vhost
		174	mode = 0660
		175	}
174	}	176	}
175	}	177	''
176	''	178
177		179	# Authentification
178	# Authentification	180	''
179	''	181	first_valid_uid = ${toString config.ids.uids.vhost}
180	first_valid_uid = ${toString config.ids.uids.vhost}	182	disable_plaintext_auth = yes
181	disable_plaintext_auth = yes	183	passdb {
182	passdb {	184	driver = ldap
183	driver = ldap	185	args = ${config.secrets.fullPaths."dovecot/ldap"}
184	args = ${config.secrets.fullPaths."dovecot/ldap"}	186	}
185	}	187	userdb {
186	userdb {	188	driver = static
187	driver = static	189	args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap
188	args = user=%u uid=vhost gid=vhost home=/var/lib/vhost/%d/%n/ mail=mbox:~/Mail:INBOX=~/Mail/Inbox:INDEX=~/.imap	190	}
189	}	191	''
190	''
191
192	# Zlib
193	''
194	mail_plugins = $mail_plugins zlib
195	plugin {
196	zlib_save_level = 6
197	zlib_save = gz
198	}
199	''
200		192
201	# Sieve	193	# Zlib
202	''	194	''
203	plugin {	195	mail_plugins = $mail_plugins zlib
204	sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve	196	plugin {
205	}	197	zlib_save_level = 6
206	service managesieve-login {	198	zlib_save = gz
207	}	199	}
208	service managesieve {	200	''
209	}
210	''
211
212	# Virtual mailboxes
213	''
214	mail_plugins = $mail_plugins virtual
215	namespace Virtual {
216	prefix = Virtual/
217	location = virtual:~/Virtual
218	}
219	''
220		201
221	# Protocol specific configuration	202	# Sieve
222	# Needs to come last if there are mail_plugins entries	203	''
223	''	204	plugin {
224	protocol imap {	205	sieve = file:~/sieve;bindir=~/.sieve-bin;active=~/.dovecot.sieve
225	mail_plugins = $mail_plugins imap_sieve	206	}
226	}	207	service managesieve-login {
227	protocol lda {	208	}
228	mail_plugins = $mail_plugins sieve	209	service managesieve {
229	}	210	}
230	''	211	''
231	];	212
232	};	213	# Virtual mailboxes
233	config.networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];	214	''
234	config.system.activationScripts.dovecot = {	215	mail_plugins = $mail_plugins virtual
235	deps = [ "users" ];	216	namespace Virtual {
236	text =''	217	prefix = Virtual/
237	install -m 0755 -o vhost -g vhost -d /var/lib/vhost	218	location = virtual:~/Virtual
238	'';	219	}
239	};	220	''
240		221
241	config.security.acme.certs."mail" = {	222	# Protocol specific configuration
242	postRun = ''	223	# Needs to come last if there are mail_plugins entries
243	systemctl restart dovecot2.service	224	''
244	'';	225	protocol imap {
245	extraDomains = {	226	mail_plugins = $mail_plugins imap_sieve
246	"imap.immae.eu" = null;	227	}
247	"pop3.immae.eu" = null;	228	protocol lda {
		229	mail_plugins = $mail_plugins sieve
		230	}
		231	''
		232	];
		233	};
		234	networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
		235	system.activationScripts.dovecot = {
		236	deps = [ "users" ];
		237	text =''
		238	install -m 0755 -o vhost -g vhost -d /var/lib/vhost
		239	'';
		240	};
		241
		242	security.acme.certs."mail" = {
		243	postRun = ''
		244	systemctl restart dovecot2.service
		245	'';
		246	extraDomains = {
		247	"imap.immae.eu" = null;
		248	"pop3.immae.eu" = null;
		249	};
248	};	250	};
249	};	251	};
250	}	252	}