Allow imap login using alias e-mails

2 files changed, 31 insertions, 14 deletions

diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock
index 5a60dab..3291993 100644
--- a/systems/eldiron/flake.lock
+++ b/systems/eldiron/flake.lock
@@ -129,7 +129,7 @@
     "environment": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../environment",
         "type": "path"
       },
@@ -141,7 +141,7 @@
     "environment_2": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../environment",
         "type": "path"
       },
@@ -153,7 +153,7 @@
     "environment_3": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../environment",
         "type": "path"
       },
@@ -165,7 +165,7 @@
     "environment_4": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../environment",
         "type": "path"
       },
@@ -177,7 +177,7 @@
     "environment_5": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../environment",
         "type": "path"
       },
@@ -189,7 +189,7 @@
     "environment_6": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../environment",
         "type": "path"
       },
@@ -1989,7 +1989,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-5xTmX1Pq80U/1q27508T1SVJDQXAdmTHGhVyA7lqnPg=",
+        "narHash": "sha256-ptLDqa3BTCX2orio9YgGsOwYa5bsz2DWn6TrtR2B45w=",
         "path": "../../flakes/private/chatons",
         "type": "path"
       },
@@ -2001,7 +2001,7 @@
     "private-environment": {
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=",
+        "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
         "path": "../../flakes/private/environment",
         "type": "path"
       },
@@ -2020,7 +2020,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-Q8RIW88dtLmxFy8ziw49PhWjU70fKJ8gO9SjdRr2ySw=",
+        "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=",
         "path": "../../flakes/private/milters",
         "type": "path"
       },
@@ -2038,7 +2038,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-DN3hgnw6hXCrSGXep4mumwksWSggsuyyaKXuKvswXl8=",
+        "narHash": "sha256-OFfV6XJcWqdRCBlRKMFmlGyBQPKmsjNfIQPLZn2R/e4=",
         "path": "../../flakes/private/monitoring",
         "type": "path"
       },
@@ -2073,7 +2073,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-C75rGGf2EOkXc04RkzpTkyWOGF3GMZElDyvLSa4MsiI=",
+        "narHash": "sha256-/vQ6FGFc53r79yiQrzF0NWTbRd4RKf8QiPSDhmiCciU=",
         "path": "../../flakes/private/opendmarc",
         "type": "path"
       },
@@ -2134,7 +2134,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-NufDaV9j3eKqlJNs09lqytKDTuwjh4Wh78mOEyID05w=",
+        "narHash": "sha256-gjapO6CZFeLMHUlhqBVZu5P+IJzJaPu4pnuTep4ZSuM=",
         "path": "../../flakes/private/ssh",
         "type": "path"
       },
@@ -2153,7 +2153,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-V/T6CB1328uHUHNof3OFeqrDH8C73Dw8hVhpVvjq684=",
+        "narHash": "sha256-CCtWODUiUD8w0+GpDyFGCEgsKWukd26pUcwdACGZGTA=",
         "path": "../../flakes/private/system",
         "type": "path"
       },
diff --git a/systems/eldiron/mail/dovecot.nix b/systems/eldiron/mail/dovecot.nix
index a1282e3..9c9cd7c 100644
--- a/systems/eldiron/mail/dovecot.nix
+++ b/systems/eldiron/mail/dovecot.nix
@@ -44,6 +44,19 @@ in
       };
     };
     systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
+    secrets.keys."dovecot/sql" = {
+      user = config.services.dovecot2.user;
+      group = config.services.dovecot2.group;
+      permissions = "0400";
+      text = ''
+        driver = mysql
+        connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password}
+        password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \
+          FROM forwardings WHERE \
+            ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \
+            AND active = 1
+      '';
+    };
     secrets.keys."dovecot/ldap" = {
       user = config.services.dovecot2.user;
       group = config.services.dovecot2.group;
@@ -81,7 +94,7 @@ in
 
     nixpkgs.overlays = [
       (self: super: {
-        dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; };
+        dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; };
       })
     ];
 
@@ -238,6 +251,10 @@ in
         first_valid_uid = ${toString config.ids.uids.vhost}
         disable_plaintext_auth = yes
         passdb {
+          driver = sql
+          args = ${config.secrets.fullPaths."dovecot/sql"}
+        }
+        passdb {
           driver = ldap
           args = ${config.secrets.fullPaths."dovecot/ldap"}
         }