From afcc5de071dfffdc507995d1845372ba40dc1dc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Mon, 1 Jul 2019 22:07:52 +0200
Subject: Implement mta-sts and move mail services to specific domain

---
 modules/private/websites/tools/mail/default.nix | 75 +++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 modules/private/websites/tools/mail/default.nix

(limited to 'modules/private/websites/tools/mail/default.nix')

diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
new file mode 100644
index 0000000..ea0a27f
--- /dev/null
+++ b/modules/private/websites/tools/mail/default.nix
@@ -0,0 +1,75 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  roundcubemail = pkgs.callPackage ./roundcubemail.nix {
+    inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
+    env = myconfig.env.tools.roundcubemail;
+  };
+  rainloop = pkgs.callPackage ./rainloop.nix {};
+  cfg = config.myServices.websites.tools.email;
+in
+{
+  options.myServices.websites.tools.email = {
+    enable = lib.mkEnableOption "enable email website";
+  };
+
+  imports = [
+    ./mta-sts.nix
+  ];
+
+  config = lib.mkIf cfg.enable {
+    secrets.keys = roundcubemail.keys;
+
+    services.websites.env.tools.modules =
+      [ "proxy_fcgi" ]
+      ++ rainloop.apache.modules
+      ++ roundcubemail.apache.modules;
+
+    services.websites.env.tools.vhostConfs.mail = {
+      certName   = "mail";
+      addToCerts = true;
+      hosts      = ["mail.immae.eu"];
+      root       = "/run/current-system/webapps/_mail";
+      extraConfig = [
+        rainloop.apache.vhostConf
+        roundcubemail.apache.vhostConf
+        ''
+          <Directory /run/current-system/webapps/_mail>
+            Require all granted
+            Options -Indexes
+          </Directory>
+        ''
+      ];
+    };
+    systemd.services = {
+      phpfpm-rainloop = {
+        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
+        wants = rainloop.phpFpm.serviceDeps;
+      };
+      phpfpm-roundcubemail = {
+        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
+        wants = roundcubemail.phpFpm.serviceDeps;
+      };
+    };
+
+    services.phpfpm.pools.roundcubemail = {
+      listen = roundcubemail.phpFpm.socket;
+      extraConfig = roundcubemail.phpFpm.pool;
+      phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
+    };
+    services.phpfpm.poolConfigs = {
+      rainloop = rainloop.phpFpm.pool;
+    };
+    system.activationScripts = {
+      roundcubemail = roundcubemail.activationScript;
+      rainloop = rainloop.activationScript;
+    };
+
+    myServices.websites.webappDirs = {
+      _mail = ./www;
+      "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
+      "${rainloop.apache.webappName}" = rainloop.webRoot;
+    };
+
+  };
+
+}
-- 
cgit v1.2.3