Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 01:35:06 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 02:11:48 +0200
commit: 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree: 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/tools/mail
parent: fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download: Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
5 files changed, 0 insertions, 379 deletions
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
deleted file mode 100644
index 390f7ad..0000000
--- a/modules/private/websites/tools/mail/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-  roundcubemail = pkgs.callPackage ./roundcubemail.nix {
-    inherit (pkgs.webapps) roundcubemail;
-    env = config.myEnv.tools.roundcubemail;
-    inherit config;
-  };
-  rainloop = pkgs.callPackage ./rainloop.nix {
-    rainloop = pkgs.rainloop-community;
-  };
-  cfg = config.myServices.websites.tools.email;
-  pcfg = config.services.phpfpm.pools;
-in
-{
-  options.myServices.websites.tools.email = {
-    enable = lib.mkEnableOption "enable email website";
-  };
-  imports = [
-    ./mta-sts.nix
-  ];
-  config = lib.mkIf cfg.enable {
-    secrets.keys = roundcubemail.keys;
-    services.websites.env.tools.modules =
-      [ "proxy_fcgi" ]
-      ++ rainloop.apache.modules
-      ++ roundcubemail.apache.modules;
-    services.websites.env.tools.vhostConfs.mail = {
-      certName   = "mail";
-      addToCerts = true;
-      hosts      = ["mail.immae.eu"];
-      root       = ./www;
-      extraConfig = [
-        (rainloop.apache.vhostConf pcfg.rainloop.socket)
-        (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
-        ''
-          <Directory ${./www}>
-            Require all granted
-            Options -Indexes
-          </Directory>
-        ''
-      ];
-    };
-    systemd.services = {
-      phpfpm-rainloop = {
-        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
-        wants = rainloop.phpFpm.serviceDeps;
-      };
-      phpfpm-roundcubemail = {
-        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
-        wants = roundcubemail.phpFpm.serviceDeps;
-      };
-    };
-    services.phpfpm.pools.roundcubemail = {
-      user = "wwwrun";
-      group = "wwwrun";
-      settings = roundcubemail.phpFpm.pool;
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        date.timezone = 'CET'
-      '';
-      phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
-    };
-    services.phpfpm.pools.rainloop = {
-      user = "wwwrun";
-      group = "wwwrun";
-      settings = rainloop.phpFpm.pool;
-      phpPackage = pkgs.php72;
-    };
-    system.activationScripts = {
-      roundcubemail = roundcubemail.activationScript;
-      rainloop = rainloop.activationScript;
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
deleted file mode 100644
index 77ba2d4..0000000
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-  domains = (lib.remove null (lib.flatten (map
-    (zone: map
-      (e: if e.receive
-      then {
-        domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
-        mail = zone.name;
-      }
-      else null
-      )
-      (zone.withEmail or [])
-    )
-    config.myEnv.dns.masterZones
-  )));
-  mxes = lib.mapAttrsToList
-    (n: v: v.mx.subdomain)
-    (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
-  # FIXME: increase the id number in modules/private/dns.nix when this
-  # file change (date -u +'%Y%m%d%H%M%S'Z)
-  file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
-    builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
-    ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
-    ++ [ "max_age: 604800" ]
-    ));
-  root = pkgs.runCommand "mta-sts_root" {} ''
-    mkdir -p $out
-    ${builtins.concatStringsSep "\n" (map (d:
-      "cp ${file d} $out/${d.domain}.txt"
-    ) domains)}
-    '';
-  cfg = config.myServices.websites.tools.email;
-in
-{
-  config = lib.mkIf cfg.enable {
-    services.websites.env.tools.vhostConfs.mta_sts = {
-      certName   = "mail";
-      addToCerts = true;
-      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
-      root = root;
-      extraConfig = [
-        ''
-          RewriteEngine on
-          RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
-          RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
-          <Directory ${root}>
-            Require all granted
-            Options -Indexes
-          </Directory>
-        ''
-      ];
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix
deleted file mode 100644
index 20e43a1..0000000
--- a/modules/private/websites/tools/mail/rainloop.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ lib, rainloop, writeText, stdenv, fetchurl }:
-rec {
-  varDir = "/var/lib/rainloop";
-  activationScript = {
-    deps = [ "wrappers" ];
-    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
-    '';
-  };
-  webRoot = rainloop.override { dataPath = "${varDir}/data"; };
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    root = webRoot;
-    vhostConf = socket: ''
-    Alias /rainloop "${root}"
-    <Directory "${root}">
-      DirectoryIndex index.php
-      AllowOverride All
-      Options -FollowSymlinks
-      Require all granted
-      <FilesMatch "\.php$">
-        SetHandler "proxy:unix:${socket}|fcgi://localhost"
-      </FilesMatch>
-    </Directory>
-    <DirectoryMatch "${root}/data">
-      Require all denied
-    </DirectoryMatch>
-    '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
-    pool = {
-      "listen.owner" = apache.user;
-      "listen.group" = apache.group;
-      "pm" = "ondemand";
-      "pm.max_children" = "60";
-      "pm.process_idle_timeout" = "60";
-      # Needed to avoid clashes in browser cookies (same domain)
-      "php_value[session.name]" = "RainloopPHPSESSID";
-      "php_admin_value[upload_max_filesize]" = "200M";
-      "php_admin_value[post_max_size]" = "200M";
-      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
-      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
deleted file mode 100644
index 2661b55..0000000
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ env, roundcubemail, apacheHttpd, config }:
-rec {
-  varDir = "/var/lib/roundcubemail";
-  activationScript = {
-    deps = [ "wrappers" ];
-    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
-        ${varDir}/cache ${varDir}/logs
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-    '';
-  };
-  keys."webapps/tools-roundcube" = {
-    user = apache.user;
-    group = apache.group;
-    permissions = "0400";
-    text =
-      let
-        psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}";
-      in ''
-      <?php
-        $config['db_dsnw'] = '${psql_url}';
-        $config['default_host'] = 'ssl://imap.immae.eu';
-        $config['username_domain'] = array(
-          "imap.immae.eu" => "mail.immae.eu"
-        );
-        $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
-        $config['smtp_server'] = 'tls://smtp.immae.eu';
-        $config['smtp_port'] = '587';
-        $config['managesieve_host'] = 'imap.immae.eu';
-        $config['managesieve_port'] = '4190';
-        $config['managesieve_usetls'] = true;
-        $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
-        $config['imap_cache'] = 'db';
-        $config['messages_cache'] = 'db';
-        $config['support_url'] = ''';
-        $config['des_key'] = '${env.secret}';
-        $config['skin'] = 'elastic';
-        $config['plugins'] = array(
-          'attachment_reminder',
-          'emoticons',
-          'filesystem_attachments',
-          'hide_blockquote',
-          'identicon',
-          'identity_select',
-          'jqueryui',
-          'markasjunk',
-          'managesieve',
-          'newmail_notifier',
-          'vcard_attachments',
-          'zipdownload',
-          'automatic_addressbook',
-          'message_highlight',
-          'carddav',
-          // Ne marche pas ?: 'ident_switch',
-          // Ne marche pas ?: 'thunderbird_labels',
-        );
-        $config['language'] = 'fr_FR';
-        $config['drafts_mbox'] = 'Drafts';
-        $config['junk_mbox'] = 'Junk';
-        $config['sent_mbox'] = 'Sent';
-        $config['trash_mbox'] = 'Trash';
-        $config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
-        $config['draft_autosave'] = 60;
-        $config['enable_installer'] = false;
-        $config['log_driver'] = 'file';
-        $config['temp_dir'] = '${varDir}/cache';
-        $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
-    '';
-  };
-  webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]);
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    root = webRoot;
-    vhostConf = socket: ''
-    Alias /roundcube "${root}"
-    <Directory "${root}">
-        DirectoryIndex index.php
-        AllowOverride All
-        Options FollowSymlinks
-        Require all granted
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${socket}|fcgi://localhost"
-        </FilesMatch>
-      </Directory>
-      '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" ];
-    basedir = builtins.concatStringsSep ":" (
-      [ webRoot config.secrets.fullPaths."webapps/tools-roundcube" varDir ]
-      ++ webRoot.plugins
-      ++ webRoot.skins);
-    pool = {
-      "listen.owner" = apache.user;
-      "listen.group" = apache.group;
-      "pm" = "ondemand";
-      "pm.max_children" = "60";
-      "pm.process_idle_timeout" = "60";
-      # Needed to avoid clashes in browser cookies (same domain)
-      "php_value[session.name]" = "RoundcubemailPHPSESSID";
-      "php_admin_value[upload_max_filesize]" = "200M";
-      "php_admin_value[post_max_size]" = "200M";
-      "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
-      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/www/index.html b/modules/private/websites/tools/mail/www/index.html
deleted file mode 100644
index 88b0ebd..0000000
--- a/modules/private/websites/tools/mail/www/index.html
+++ /dev/null
@@ -1,74 +0,0 @@
-<!doctype html>
-<html lang="fr">
-  <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>E-mail configuration</title>
-    <style type="text/css">
-      body {
-        padding-top: 1em;
-        padding-left: 5px;
-        padding-right: 5px;
-        text-align: left;
-        margin: auto;
-        font: 20px Helvetica, sans-serif;
-        color: #333;
-        height: 100%;
-        min-height: 100%;
-      }
-      article {
-        text-align: justify;
-        display: block;
-        max-width: 850px;
-        margin: 0 auto;
-        padding-top: 30px;
-      }
-      span.code {
-        font-family: monospace;
-      }
-    </style>
-  </head>
-  <body>
-    <p>
-      Email configuration. For automatic configuration in your smart e-mail
-      client, use <span class="code">login@mail.immae.eu</span>. If it
-      doesn’t work, the details are there:
-      <ul>
-        <li>IMAP: <span class="code">imap.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 143</li>
-            <li>SSL: 993</li>
-          </ul>
-        </li>
-        <li>POP3: <span class="code">pop3.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 110</li>
-            <li>SSL: 995</li>
-          </ul>
-        </li>
-        <li>SMTP: <span class="code">smtp.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 587</li>
-            <li>SSL: 465</li>
-          </ul>
-        </li>
-        <li>Sieve: <span class="code">imap.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 4190</li>
-          </ul>
-        </li>
-      </ul>
-    </p>
-    <p>Webmails:
-      <ul>
-        <li><a href="/roundcube">Roundcube</a></li>
-        <li><a href="/rainloop">Rainloop</a> (experimental)</li>
-      </ul>
-    </p>
-  </body>
-</html>
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 01:35:06 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 02:11:48 +0200
commit	1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree	1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/tools/mail
parent	fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download	Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip

diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix deleted file mode 100644 index 390f7ad..0000000 --- a/modules/private/websites/tools/mail/default.nix +++ /dev/null
@@ -1,79 +0,0 @@
1	{ lib, pkgs, config, ... }:
2	let
3	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
4	inherit (pkgs.webapps) roundcubemail;
5	env = config.myEnv.tools.roundcubemail;
6	inherit config;
7	};
8	rainloop = pkgs.callPackage ./rainloop.nix {
9	rainloop = pkgs.rainloop-community;
10	};
11	cfg = config.myServices.websites.tools.email;
12	pcfg = config.services.phpfpm.pools;
13	in
14	{
15	options.myServices.websites.tools.email = {
16	enable = lib.mkEnableOption "enable email website";
17	};
18
19	imports = [
20	./mta-sts.nix
21	];
22
23	config = lib.mkIf cfg.enable {
24	secrets.keys = roundcubemail.keys;
25
26	services.websites.env.tools.modules =
27	[ "proxy_fcgi" ]
28	++ rainloop.apache.modules
29	++ roundcubemail.apache.modules;
30
31	services.websites.env.tools.vhostConfs.mail = {
32	certName = "mail";
33	addToCerts = true;
34	hosts = ["mail.immae.eu"];
35	root = ./www;
36	extraConfig = [
37	(rainloop.apache.vhostConf pcfg.rainloop.socket)
38	(roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
39	''
40	<Directory ${./www}>
41	Require all granted
42	Options -Indexes
43	</Directory>
44	''
45	];
46	};
47	systemd.services = {
48	phpfpm-rainloop = {
49	after = lib.mkAfter rainloop.phpFpm.serviceDeps;
50	wants = rainloop.phpFpm.serviceDeps;
51	};
52	phpfpm-roundcubemail = {
53	after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
54	wants = roundcubemail.phpFpm.serviceDeps;
55	};
56	};
57
58	services.phpfpm.pools.roundcubemail = {
59	user = "wwwrun";
60	group = "wwwrun";
61	settings = roundcubemail.phpFpm.pool;
62	phpOptions = config.services.phpfpm.phpOptions + ''
63	date.timezone = 'CET'
64	'';
65	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
66	};
67	services.phpfpm.pools.rainloop = {
68	user = "wwwrun";
69	group = "wwwrun";
70	settings = rainloop.phpFpm.pool;
71	phpPackage = pkgs.php72;
72	};
73	system.activationScripts = {
74	roundcubemail = roundcubemail.activationScript;
75	rainloop = rainloop.activationScript;
76	};
77	};
78
79	}


diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix deleted file mode 100644 index 77ba2d4..0000000 --- a/modules/private/websites/tools/mail/mta-sts.nix +++ /dev/null
@@ -1,54 +0,0 @@
1	{ lib, pkgs, config, ... }:
2	let
3	domains = (lib.remove null (lib.flatten (map
4	(zone: map
5	(e: if e.receive
6	then {
7	domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
8	mail = zone.name;
9	}
10	else null
11	)
12	(zone.withEmail or [])
13	)
14	config.myEnv.dns.masterZones
15	)));
16	mxes = lib.mapAttrsToList
17	(n: v: v.mx.subdomain)
18	(lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
19	# FIXME: increase the id number in modules/private/dns.nix when this
20	# file change (date -u +'%Y%m%d%H%M%S'Z)
21	file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
22	builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
23	++ (map (v: "mx: ${v}.${domain.mail}") mxes)
24	++ [ "max_age: 604800" ]
25	));
26	root = pkgs.runCommand "mta-sts_root" {} ''
27	mkdir -p $out
28	${builtins.concatStringsSep "\n" (map (d:
29	"cp ${file d} $out/${d.domain}.txt"
30	) domains)}
31	'';
32	cfg = config.myServices.websites.tools.email;
33	in
34	{
35	config = lib.mkIf cfg.enable {
36	services.websites.env.tools.vhostConfs.mta_sts = {
37	certName = "mail";
38	addToCerts = true;
39	hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
40	root = root;
41	extraConfig = [
42	''
43	RewriteEngine on
44	RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
45	RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
46	<Directory ${root}>
47	Require all granted
48	Options -Indexes
49	</Directory>
50	''
51	];
52	};
53	};
54	}


diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix deleted file mode 100644 index 20e43a1..0000000 --- a/modules/private/websites/tools/mail/rainloop.nix +++ /dev/null
@@ -1,54 +0,0 @@
1	{ lib, rainloop, writeText, stdenv, fetchurl }:
2	rec {
3	varDir = "/var/lib/rainloop";
4	activationScript = {
5	deps = [ "wrappers" ];
6	text = ''
7	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
8	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
9	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
10	'';
11	};
12	webRoot = rainloop.override { dataPath = "${varDir}/data"; };
13	apache = rec {
14	user = "wwwrun";
15	group = "wwwrun";
16	modules = [ "proxy_fcgi" ];
17	root = webRoot;
18	vhostConf = socket: ''
19	Alias /rainloop "${root}"
20	<Directory "${root}">
21	DirectoryIndex index.php
22	AllowOverride All
23	Options -FollowSymlinks
24	Require all granted
25
26	<FilesMatch "\.php$">
27	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
28	</FilesMatch>
29	</Directory>
30
31	<DirectoryMatch "${root}/data">
32	Require all denied
33	</DirectoryMatch>
34	'';
35	};
36	phpFpm = rec {
37	serviceDeps = [ "postgresql.service" ];
38	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
39	pool = {
40	"listen.owner" = apache.user;
41	"listen.group" = apache.group;
42	"pm" = "ondemand";
43	"pm.max_children" = "60";
44	"pm.process_idle_timeout" = "60";
45
46	# Needed to avoid clashes in browser cookies (same domain)
47	"php_value[session.name]" = "RainloopPHPSESSID";
48	"php_admin_value[upload_max_filesize]" = "200M";
49	"php_admin_value[post_max_size]" = "200M";
50	"php_admin_value[open_basedir]" = "${basedir}:/tmp";
51	"php_admin_value[session.save_path]" = "${varDir}/phpSessions";
52	};
53	};
54	}


diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix deleted file mode 100644 index 2661b55..0000000 --- a/modules/private/websites/tools/mail/roundcubemail.nix +++ /dev/null
@@ -1,118 +0,0 @@
1	{ env, roundcubemail, apacheHttpd, config }:
2	rec {
3	varDir = "/var/lib/roundcubemail";
4	activationScript = {
5	deps = [ "wrappers" ];
6	text = ''
7	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
8	${varDir}/cache ${varDir}/logs
9	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
10	'';
11	};
12	keys."webapps/tools-roundcube" = {
13	user = apache.user;
14	group = apache.group;
15	permissions = "0400";
16	text =
17	let
18	psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}";
19	in ''
20	<?php
21	$config['db_dsnw'] = '${psql_url}';
22	$config['default_host'] = 'ssl://imap.immae.eu';
23	$config['username_domain'] = array(
24	"imap.immae.eu" => "mail.immae.eu"
25	);
26	$config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
27	$config['smtp_server'] = 'tls://smtp.immae.eu';
28	$config['smtp_port'] = '587';
29	$config['managesieve_host'] = 'imap.immae.eu';
30	$config['managesieve_port'] = '4190';
31	$config['managesieve_usetls'] = true;
32	$config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
33
34	$config['imap_cache'] = 'db';
35	$config['messages_cache'] = 'db';
36
37	$config['support_url'] = ''';
38
39	$config['des_key'] = '${env.secret}';
40
41	$config['skin'] = 'elastic';
42	$config['plugins'] = array(
43	'attachment_reminder',
44	'emoticons',
45	'filesystem_attachments',
46	'hide_blockquote',
47	'identicon',
48	'identity_select',
49	'jqueryui',
50	'markasjunk',
51	'managesieve',
52	'newmail_notifier',
53	'vcard_attachments',
54	'zipdownload',
55
56	'automatic_addressbook',
57	'message_highlight',
58	'carddav',
59	// Ne marche pas ?: 'ident_switch',
60	// Ne marche pas ?: 'thunderbird_labels',
61	);
62
63	$config['language'] = 'fr_FR';
64
65	$config['drafts_mbox'] = 'Drafts';
66	$config['junk_mbox'] = 'Junk';
67	$config['sent_mbox'] = 'Sent';
68	$config['trash_mbox'] = 'Trash';
69	$config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
70	$config['draft_autosave'] = 60;
71	$config['enable_installer'] = false;
72	$config['log_driver'] = 'file';
73	$config['temp_dir'] = '${varDir}/cache';
74	$config['mime_types'] = '${apacheHttpd}/conf/mime.types';
75	'';
76	};
77	webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]);
78	apache = rec {
79	user = "wwwrun";
80	group = "wwwrun";
81	modules = [ "proxy_fcgi" ];
82	root = webRoot;
83	vhostConf = socket: ''
84	Alias /roundcube "${root}"
85	<Directory "${root}">
86	DirectoryIndex index.php
87	AllowOverride All
88	Options FollowSymlinks
89	Require all granted
90
91	<FilesMatch "\.php$">
92	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
93	</FilesMatch>
94	</Directory>
95	'';
96	};
97	phpFpm = rec {
98	serviceDeps = [ "postgresql.service" ];
99	basedir = builtins.concatStringsSep ":" (
100	[ webRoot config.secrets.fullPaths."webapps/tools-roundcube" varDir ]
101	++ webRoot.plugins
102	++ webRoot.skins);
103	pool = {
104	"listen.owner" = apache.user;
105	"listen.group" = apache.group;
106	"pm" = "ondemand";
107	"pm.max_children" = "60";
108	"pm.process_idle_timeout" = "60";
109
110	# Needed to avoid clashes in browser cookies (same domain)
111	"php_value[session.name]" = "RoundcubemailPHPSESSID";
112	"php_admin_value[upload_max_filesize]" = "200M";
113	"php_admin_value[post_max_size]" = "200M";
114	"php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
115	"php_admin_value[session.save_path]" = "${varDir}/phpSessions";
116	};
117	};
118	}


diff --git a/modules/private/websites/tools/mail/www/index.html b/modules/private/websites/tools/mail/www/index.html deleted file mode 100644 index 88b0ebd..0000000 --- a/modules/private/websites/tools/mail/www/index.html +++ /dev/null
@@ -1,74 +0,0 @@
1	<!doctype html>
2	<html lang="fr">
3	<head>
4	<meta charset="UTF-8">
5	<meta name="viewport" content="width=device-width, initial-scale=1.0">
6	<title>E-mail configuration</title>
7	<style type="text/css">
8	body {
9	padding-top: 1em;
10	padding-left: 5px;
11	padding-right: 5px;
12	text-align: left;
13	margin: auto;
14	font: 20px Helvetica, sans-serif;
15	color: #333;
16	height: 100%;
17	min-height: 100%;
18	}
19	article {
20	text-align: justify;
21	display: block;
22	max-width: 850px;
23	margin: 0 auto;
24	padding-top: 30px;
25	}
26	span.code {
27	font-family: monospace;
28	}
29	</style>
30	</head>
31	<body>
32	<p>
33	Email configuration. For automatic configuration in your smart e-mail
34	client, use <span class="code">login@mail.immae.eu</span>. If it
35	doesn’t work, the details are there:
36	<ul>
37	<li>IMAP: <span class="code">imap.immae.eu</span>
38	<ul>
39	<li>No unencrypted access</li>
40	<li>STARTTLS: 143</li>
41	<li>SSL: 993</li>
42	</ul>
43	</li>
44	<li>POP3: <span class="code">pop3.immae.eu</span>
45	<ul>
46	<li>No unencrypted access</li>
47	<li>STARTTLS: 110</li>
48	<li>SSL: 995</li>
49	</ul>
50	</li>
51	<li>SMTP: <span class="code">smtp.immae.eu</span>
52	<ul>
53	<li>No unencrypted access</li>
54	<li>STARTTLS: 587</li>
55	<li>SSL: 465</li>
56	</ul>
57	</li>
58	<li>Sieve: <span class="code">imap.immae.eu</span>
59	<ul>
60	<li>No unencrypted access</li>
61	<li>STARTTLS: 4190</li>
62	</ul>
63	</li>
64	</ul>
65	</p>
66	<p>Webmails:
67	<ul>
68	<li><a href="/roundcube">Roundcube</a></li>
69	<li><a href="/rainloop">Rainloop</a> (experimental)</li>
70	</ul>
71	</p>
72	</body>
73	</html>
74