aboutsummaryrefslogtreecommitdiff
path: root/systems/eldiron
diff options
context:
space:
mode:
Diffstat (limited to 'systems/eldiron')
-rw-r--r--systems/eldiron/flake.lock26
-rw-r--r--systems/eldiron/mail/dovecot.nix19
2 files changed, 31 insertions, 14 deletions
diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock
index 5a60dab..3291993 100644
--- a/systems/eldiron/flake.lock
+++ b/systems/eldiron/flake.lock
@@ -129,7 +129,7 @@
129 "environment": { 129 "environment": {
130 "locked": { 130 "locked": {
131 "lastModified": 1, 131 "lastModified": 1,
132 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 132 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
133 "path": "../environment", 133 "path": "../environment",
134 "type": "path" 134 "type": "path"
135 }, 135 },
@@ -141,7 +141,7 @@
141 "environment_2": { 141 "environment_2": {
142 "locked": { 142 "locked": {
143 "lastModified": 1, 143 "lastModified": 1,
144 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 144 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
145 "path": "../environment", 145 "path": "../environment",
146 "type": "path" 146 "type": "path"
147 }, 147 },
@@ -153,7 +153,7 @@
153 "environment_3": { 153 "environment_3": {
154 "locked": { 154 "locked": {
155 "lastModified": 1, 155 "lastModified": 1,
156 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 156 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
157 "path": "../environment", 157 "path": "../environment",
158 "type": "path" 158 "type": "path"
159 }, 159 },
@@ -165,7 +165,7 @@
165 "environment_4": { 165 "environment_4": {
166 "locked": { 166 "locked": {
167 "lastModified": 1, 167 "lastModified": 1,
168 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 168 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
169 "path": "../environment", 169 "path": "../environment",
170 "type": "path" 170 "type": "path"
171 }, 171 },
@@ -177,7 +177,7 @@
177 "environment_5": { 177 "environment_5": {
178 "locked": { 178 "locked": {
179 "lastModified": 1, 179 "lastModified": 1,
180 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 180 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
181 "path": "../environment", 181 "path": "../environment",
182 "type": "path" 182 "type": "path"
183 }, 183 },
@@ -189,7 +189,7 @@
189 "environment_6": { 189 "environment_6": {
190 "locked": { 190 "locked": {
191 "lastModified": 1, 191 "lastModified": 1,
192 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 192 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
193 "path": "../environment", 193 "path": "../environment",
194 "type": "path" 194 "type": "path"
195 }, 195 },
@@ -1989,7 +1989,7 @@
1989 }, 1989 },
1990 "locked": { 1990 "locked": {
1991 "lastModified": 1, 1991 "lastModified": 1,
1992 "narHash": "sha256-5xTmX1Pq80U/1q27508T1SVJDQXAdmTHGhVyA7lqnPg=", 1992 "narHash": "sha256-ptLDqa3BTCX2orio9YgGsOwYa5bsz2DWn6TrtR2B45w=",
1993 "path": "../../flakes/private/chatons", 1993 "path": "../../flakes/private/chatons",
1994 "type": "path" 1994 "type": "path"
1995 }, 1995 },
@@ -2001,7 +2001,7 @@
2001 "private-environment": { 2001 "private-environment": {
2002 "locked": { 2002 "locked": {
2003 "lastModified": 1, 2003 "lastModified": 1,
2004 "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", 2004 "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=",
2005 "path": "../../flakes/private/environment", 2005 "path": "../../flakes/private/environment",
2006 "type": "path" 2006 "type": "path"
2007 }, 2007 },
@@ -2020,7 +2020,7 @@
2020 }, 2020 },
2021 "locked": { 2021 "locked": {
2022 "lastModified": 1, 2022 "lastModified": 1,
2023 "narHash": "sha256-Q8RIW88dtLmxFy8ziw49PhWjU70fKJ8gO9SjdRr2ySw=", 2023 "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=",
2024 "path": "../../flakes/private/milters", 2024 "path": "../../flakes/private/milters",
2025 "type": "path" 2025 "type": "path"
2026 }, 2026 },
@@ -2038,7 +2038,7 @@
2038 }, 2038 },
2039 "locked": { 2039 "locked": {
2040 "lastModified": 1, 2040 "lastModified": 1,
2041 "narHash": "sha256-DN3hgnw6hXCrSGXep4mumwksWSggsuyyaKXuKvswXl8=", 2041 "narHash": "sha256-OFfV6XJcWqdRCBlRKMFmlGyBQPKmsjNfIQPLZn2R/e4=",
2042 "path": "../../flakes/private/monitoring", 2042 "path": "../../flakes/private/monitoring",
2043 "type": "path" 2043 "type": "path"
2044 }, 2044 },
@@ -2073,7 +2073,7 @@
2073 }, 2073 },
2074 "locked": { 2074 "locked": {
2075 "lastModified": 1, 2075 "lastModified": 1,
2076 "narHash": "sha256-C75rGGf2EOkXc04RkzpTkyWOGF3GMZElDyvLSa4MsiI=", 2076 "narHash": "sha256-/vQ6FGFc53r79yiQrzF0NWTbRd4RKf8QiPSDhmiCciU=",
2077 "path": "../../flakes/private/opendmarc", 2077 "path": "../../flakes/private/opendmarc",
2078 "type": "path" 2078 "type": "path"
2079 }, 2079 },
@@ -2134,7 +2134,7 @@
2134 }, 2134 },
2135 "locked": { 2135 "locked": {
2136 "lastModified": 1, 2136 "lastModified": 1,
2137 "narHash": "sha256-NufDaV9j3eKqlJNs09lqytKDTuwjh4Wh78mOEyID05w=", 2137 "narHash": "sha256-gjapO6CZFeLMHUlhqBVZu5P+IJzJaPu4pnuTep4ZSuM=",
2138 "path": "../../flakes/private/ssh", 2138 "path": "../../flakes/private/ssh",
2139 "type": "path" 2139 "type": "path"
2140 }, 2140 },
@@ -2153,7 +2153,7 @@
2153 }, 2153 },
2154 "locked": { 2154 "locked": {
2155 "lastModified": 1, 2155 "lastModified": 1,
2156 "narHash": "sha256-V/T6CB1328uHUHNof3OFeqrDH8C73Dw8hVhpVvjq684=", 2156 "narHash": "sha256-CCtWODUiUD8w0+GpDyFGCEgsKWukd26pUcwdACGZGTA=",
2157 "path": "../../flakes/private/system", 2157 "path": "../../flakes/private/system",
2158 "type": "path" 2158 "type": "path"
2159 }, 2159 },
diff --git a/systems/eldiron/mail/dovecot.nix b/systems/eldiron/mail/dovecot.nix
index a1282e3..9c9cd7c 100644
--- a/systems/eldiron/mail/dovecot.nix
+++ b/systems/eldiron/mail/dovecot.nix
@@ -44,6 +44,19 @@ in
44 }; 44 };
45 }; 45 };
46 systemd.services.dovecot2.serviceConfig.Slice = "mail.slice"; 46 systemd.services.dovecot2.serviceConfig.Slice = "mail.slice";
47 secrets.keys."dovecot/sql" = {
48 user = config.services.dovecot2.user;
49 group = config.services.dovecot2.group;
50 permissions = "0400";
51 text = ''
52 driver = mysql
53 connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password}
54 password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \
55 FROM forwardings WHERE \
56 ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \
57 AND active = 1
58 '';
59 };
47 secrets.keys."dovecot/ldap" = { 60 secrets.keys."dovecot/ldap" = {
48 user = config.services.dovecot2.user; 61 user = config.services.dovecot2.user;
49 group = config.services.dovecot2.group; 62 group = config.services.dovecot2.group;
@@ -81,7 +94,7 @@ in
81 94
82 nixpkgs.overlays = [ 95 nixpkgs.overlays = [
83 (self: super: { 96 (self: super: {
84 dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; }; 97 dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; };
85 }) 98 })
86 ]; 99 ];
87 100
@@ -238,6 +251,10 @@ in
238 first_valid_uid = ${toString config.ids.uids.vhost} 251 first_valid_uid = ${toString config.ids.uids.vhost}
239 disable_plaintext_auth = yes 252 disable_plaintext_auth = yes
240 passdb { 253 passdb {
254 driver = sql
255 args = ${config.secrets.fullPaths."dovecot/sql"}
256 }
257 passdb {
241 driver = ldap 258 driver = ldap
242 args = ${config.secrets.fullPaths."dovecot/ldap"} 259 args = ${config.secrets.fullPaths."dovecot/ldap"}
243 } 260 }
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 21:00:20 +0000