diff options
Diffstat (limited to 'systems/eldiron/mail/dovecot.nix')
-rw-r--r-- | systems/eldiron/mail/dovecot.nix | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/systems/eldiron/mail/dovecot.nix b/systems/eldiron/mail/dovecot.nix index a1282e3..9c9cd7c 100644 --- a/systems/eldiron/mail/dovecot.nix +++ b/systems/eldiron/mail/dovecot.nix | |||
@@ -44,6 +44,19 @@ in | |||
44 | }; | 44 | }; |
45 | }; | 45 | }; |
46 | systemd.services.dovecot2.serviceConfig.Slice = "mail.slice"; | 46 | systemd.services.dovecot2.serviceConfig.Slice = "mail.slice"; |
47 | secrets.keys."dovecot/sql" = { | ||
48 | user = config.services.dovecot2.user; | ||
49 | group = config.services.dovecot2.group; | ||
50 | permissions = "0400"; | ||
51 | text = '' | ||
52 | driver = mysql | ||
53 | connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password} | ||
54 | password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \ | ||
55 | FROM forwardings WHERE \ | ||
56 | ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \ | ||
57 | AND active = 1 | ||
58 | ''; | ||
59 | }; | ||
47 | secrets.keys."dovecot/ldap" = { | 60 | secrets.keys."dovecot/ldap" = { |
48 | user = config.services.dovecot2.user; | 61 | user = config.services.dovecot2.user; |
49 | group = config.services.dovecot2.group; | 62 | group = config.services.dovecot2.group; |
@@ -81,7 +94,7 @@ in | |||
81 | 94 | ||
82 | nixpkgs.overlays = [ | 95 | nixpkgs.overlays = [ |
83 | (self: super: { | 96 | (self: super: { |
84 | dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; }; | 97 | dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; }; |
85 | }) | 98 | }) |
86 | ]; | 99 | ]; |
87 | 100 | ||
@@ -238,6 +251,10 @@ in | |||
238 | first_valid_uid = ${toString config.ids.uids.vhost} | 251 | first_valid_uid = ${toString config.ids.uids.vhost} |
239 | disable_plaintext_auth = yes | 252 | disable_plaintext_auth = yes |
240 | passdb { | 253 | passdb { |
254 | driver = sql | ||
255 | args = ${config.secrets.fullPaths."dovecot/sql"} | ||
256 | } | ||
257 | passdb { | ||
241 | driver = ldap | 258 | driver = ldap |
242 | args = ${config.secrets.fullPaths."dovecot/ldap"} | 259 | args = ${config.secrets.fullPaths."dovecot/ldap"} |
243 | } | 260 | } |