From 1cf1f9162bd4556858a0190eee5bfd7ba0f7bb4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 13 Oct 2023 00:43:03 +0200 Subject: Allow imap login using alias e-mails --- systems/eldiron/flake.lock | 26 +++++++++++++------------- systems/eldiron/mail/dovecot.nix | 19 ++++++++++++++++++- 2 files changed, 31 insertions(+), 14 deletions(-) (limited to 'systems/eldiron') diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock index 5a60dab..3291993 100644 --- a/systems/eldiron/flake.lock +++ b/systems/eldiron/flake.lock @@ -129,7 +129,7 @@ "environment": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../environment", "type": "path" }, @@ -141,7 +141,7 @@ "environment_2": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../environment", "type": "path" }, @@ -153,7 +153,7 @@ "environment_3": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../environment", "type": "path" }, @@ -165,7 +165,7 @@ "environment_4": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../environment", "type": "path" }, @@ -177,7 +177,7 @@ "environment_5": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../environment", "type": "path" }, @@ -189,7 +189,7 @@ "environment_6": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../environment", "type": "path" }, @@ -1989,7 +1989,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-5xTmX1Pq80U/1q27508T1SVJDQXAdmTHGhVyA7lqnPg=", + "narHash": "sha256-ptLDqa3BTCX2orio9YgGsOwYa5bsz2DWn6TrtR2B45w=", "path": "../../flakes/private/chatons", "type": "path" }, @@ -2001,7 +2001,7 @@ "private-environment": { "locked": { "lastModified": 1, - "narHash": "sha256-iW4Q8C1AR4i+Vm7KSaYUtXwTpVHCK0niGiZWnYboAtY=", + "narHash": "sha256-VO82m/95IcX3xxJ63wcLh3hXzXDRFKUohYil/18pBSY=", "path": "../../flakes/private/environment", "type": "path" }, @@ -2020,7 +2020,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-Q8RIW88dtLmxFy8ziw49PhWjU70fKJ8gO9SjdRr2ySw=", + "narHash": "sha256-x6nZbsijTyyeFsCiOHIXTPVsEGaGle3a1QDWsxlp51I=", "path": "../../flakes/private/milters", "type": "path" }, @@ -2038,7 +2038,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-DN3hgnw6hXCrSGXep4mumwksWSggsuyyaKXuKvswXl8=", + "narHash": "sha256-OFfV6XJcWqdRCBlRKMFmlGyBQPKmsjNfIQPLZn2R/e4=", "path": "../../flakes/private/monitoring", "type": "path" }, @@ -2073,7 +2073,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-C75rGGf2EOkXc04RkzpTkyWOGF3GMZElDyvLSa4MsiI=", + "narHash": "sha256-/vQ6FGFc53r79yiQrzF0NWTbRd4RKf8QiPSDhmiCciU=", "path": "../../flakes/private/opendmarc", "type": "path" }, @@ -2134,7 +2134,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-NufDaV9j3eKqlJNs09lqytKDTuwjh4Wh78mOEyID05w=", + "narHash": "sha256-gjapO6CZFeLMHUlhqBVZu5P+IJzJaPu4pnuTep4ZSuM=", "path": "../../flakes/private/ssh", "type": "path" }, @@ -2153,7 +2153,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-V/T6CB1328uHUHNof3OFeqrDH8C73Dw8hVhpVvjq684=", + "narHash": "sha256-CCtWODUiUD8w0+GpDyFGCEgsKWukd26pUcwdACGZGTA=", "path": "../../flakes/private/system", "type": "path" }, diff --git a/systems/eldiron/mail/dovecot.nix b/systems/eldiron/mail/dovecot.nix index a1282e3..9c9cd7c 100644 --- a/systems/eldiron/mail/dovecot.nix +++ b/systems/eldiron/mail/dovecot.nix @@ -44,6 +44,19 @@ in }; }; systemd.services.dovecot2.serviceConfig.Slice = "mail.slice"; + secrets.keys."dovecot/sql" = { + user = config.services.dovecot2.user; + group = config.services.dovecot2.group; + permissions = "0400"; + text = '' + driver = mysql + connect = host=${config.myEnv.mail.dovecot.mysql.socket} dbname=${config.myEnv.mail.dovecot.mysql.database} user=${config.myEnv.mail.dovecot.mysql.user} password=${config.myEnv.mail.dovecot.mysql.password} + password_query = SELECT NULL AS password, 'Y' as noauthenticate, destination AS user \ + FROM forwardings WHERE \ + ((regex = 1 AND '%u' REGEXP CONCAT('^',source,'$')) OR (regex = 0 AND source = '%u')) \ + AND active = 1 + ''; + }; secrets.keys."dovecot/ldap" = { user = config.services.dovecot2.user; group = config.services.dovecot2.group; @@ -81,7 +94,7 @@ in nixpkgs.overlays = [ (self: super: { - dovecot = super.dovecot.override { openldap = self.openldap_libressl_cyrus; }; + dovecot = super.dovecot.override { withMySQL = true; openldap = self.openldap_libressl_cyrus; }; }) ]; @@ -237,6 +250,10 @@ in '' first_valid_uid = ${toString config.ids.uids.vhost} disable_plaintext_auth = yes + passdb { + driver = sql + args = ${config.secrets.fullPaths."dovecot/sql"} + } passdb { driver = ldap args = ${config.secrets.fullPaths."dovecot/ldap"} -- cgit v1.2.3