]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/dovecot.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nix: fix GPG_TTY
[sourcephile-nix.git] / servers / mermet / dovecot.nix
1 { pkgs, lib, config, system, ... }:
2 let inherit (builtins) toString toFile;
3 inherit (builtins.extraBuiltins) pass;
4 inherit (lib) types;
5 inherit (pkgs.lib) loadFile unlines unlinesAttrs unlinesValues unwords;
6 inherit (config) networking;
7 inherit (config.services) dovecot2 postfix openldap;
8 when = x: y: if x == null then "" else y;
9 extSep = postfix.recipientDelimiter;
10 dirSep = extSep;
11 # NOTE: nixpkgs' dovecot2.stateDir is currently not exported
12 stateDir = "/var/lib/dovecot";
13 mailDir = "${stateDir}/mail";
14 sieveDir = "${stateDir}/sieve";
15 authDir = "${stateDir}/auth";
16 authUser = dovecot2.mailUser; # TODO: php_roundcube
17 authGroup = dovecot2.mailGroup; # TODO: php_roundcube
18 escapeGroup = lib.stringAsChars (c: if "a"<=c && c<="z"
19 || "0"<=c && c<="9"
20 || c=="-"
21 then c else "_");
22 domainGroup = escapeGroup "${networking.domainBase}";
23 etc_dovecot = [
24 { target = "dovecot/${networking.domain}/dovecot-ldap.conf";
25 source = pkgs.writeText "dovecot-ldap.conf" ''
26 ${lib.optionalString dovecot2.debug ''
27 debug_level = 1
28 ''}
29
30 # LDAP database
31 uris = ldapi://
32 base = ou=posix,${openldap.domainSuffix}
33 scope = subtree
34 deref = never
35 # NOTE: sufficient for small systems and uses less resources.
36 blocking = no
37
38 # LDAP auth
39 sasl_bind = yes
40 sasl_mech = EXTERNAL
41 #dn = cn=admin,${openldap.domainSuffix}
42 #dnpass = useless with sasl_mech=EXTERNAL
43 auth_bind = no
44 #auth_bind_userdn = cn=%n,ou=accounts,ou=posix,dc=${openldap.domainSuffix}
45
46 # dovecot passdb query
47 # DOC: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
48 pass_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
49 # TODO: userdb_quota_rule=*:storage=
50 pass_attrs = userPassword=password,\
51 uidNumber=userdb_uid,\
52 gidNumber=userdb_gid,\
53 mailGroupMember=userdb_mail_access_groups=${domainGroup},\
54 quotaBytes=userdb_quota_rule=*:bytes=%{ldap:quotaBytes},\
55 =user=%n@%d
56 #homeDirectory=userdb_home
57 default_pass_scheme = CRYPT
58
59 # dovecot userdb query
60 # DOC: http://wiki2.dovecot.org/UserDatabase/ExtraFields
61 user_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
62 #user_filter = (&(objectClass=inetOrgPerson)(uid=%n))
63 #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
64 #user_attrs = mailHomeDirectory=home,\
65 # mailStorageDirectory=mail,\
66 # mailUidNumber=uid,\
67 # mailGidNumber=gid,\
68 # mailQuota=quota_rule=*:bytes=%$
69
70 # doveadm user query
71 iterate_attrs = =user=%{ldap:uid}@${networking.domain}
72 iterate_filter = (&(objectClass=posixAccount)(mailEnabled=TRUE))
73 '';
74 }
75 ];
76 dovecot-virtual = pkgs.writeTextFile {
77 name = "dovecot-virtual";
78 destination = "/pop3/INBOX/dovecot-virtual";
79 text = ''
80 all
81 all+*
82 all
83 '';
84 };
85
86 learn-spam = pkgs.writeShellScriptBin "learn-spam.sh" ''
87 exec ${pkgs.rspamd}/bin/rspamc -h /run/rspamd/learner.sock learn_spam
88 '';
89 learn-ham = pkgs.writeShellScriptBin "learn-ham.sh" ''
90 exec ${pkgs.rspamd}/bin/rspamc -h /run/rspamd/learner.sock learn_ham
91 '';
92 sieve_pipe_bin_dir = pkgs.buildEnv {
93 name = "sieve_pipe_bin_dir";
94 pathsToLink = [ "/bin" ];
95 paths = [
96 learn-spam
97 learn-ham
98 ];
99 };
100 in
101 {
102 imports = [
103 dovecot/autoconfig.nix
104 ];
105 #services.postfix.mapFiles."transport-dovecot" =
106 # toFile "transport-dovecot"
107 # (unlines
108 # (lib.mapAttrsToList
109 # (dom: {...}: "${transportSubDomain}.${dom} lmtp:unix:private/dovecot-lmtp")
110 # dovecot2.domains));
111 systemd.services.dovecot2 = {
112 after = [
113 "postfix.service"
114 "openldap.service"
115 "dovecot.${networking.domainBase}.key.pem-key.service"
116 ];
117 restartTriggers = map (f: f.source) etc_dovecot;
118 };
119 deployment.keys = {
120 "dovecot.${networking.domainBase}.key.pem" = {
121 text = pass "x509/${networking.domainBase}/key.pem";
122 user = dovecot2.user;
123 group = "root";
124 destDir = "/run/keys/";
125 permissions = "0400"; # WARNING: not enforced when deployment.storeKeysOnMachine = true
126 };
127 };
128 environment.etc = etc_dovecot;
129 users.users."${dovecot2.mailUser}".isSystemUser = true; # Fix nixpkgs
130 services.dovecot2 = {
131 enable = true;
132 debug = true;
133 mailUser = "dovemail";
134 mailGroup = "dovemail";
135 modules = [
136 #pkgs.dovecot_antispam
137 pkgs.dovecot_pigeonhole
138 ];
139 sieves = {
140 global = {
141 list = ''
142 require
143 [ "date"
144 , "fileinto"
145 , "mailbox"
146 , "variables"
147 ];
148
149 if currentdate :matches "year" "*" { set "year" "''${1}"; }
150 if currentdate :matches "month" "*" { set "month" "''${1}"; }
151
152 if exists "List-ID" {
153 if header :matches "List-ID" "*<*.*.*.*>*" {
154 set "list" "''${2}";
155 set "domain" "''${4}";
156 }
157 elsif header :matches "List-ID" "*<*.*.*>*" {
158 set "list" "''${2}";
159 set "domain" "''${3}";
160 }
161 fileinto :create "Listes+''${domain}+''${list}+''${year}+''${month}";
162 stop;
163 }
164 '';
165 spam = ''
166 require [ "imap4flags" ];
167
168 if header :contains "X-Spam-Level" "***" {
169 addflag "Junk";
170 }
171 '';
172 /*
173 require ["fileinto","mailbox"];
174
175 if header :contains "X-Spam" "Yes" {
176 fileinto :create "INBOX.Junk";
177 stop;
178 }
179 */
180 extension = ''
181 require
182 [ "envelope"
183 , "fileinto"
184 , "mailbox"
185 , "subaddress"
186 , "variables"
187 ];
188 if envelope :matches :detail "TO" "*" {
189 set "extension" "''${1}";
190 }
191 if not string :is "''${extension}" "" {
192 fileinto :create "Plus+''${extension}";
193 stop;
194 }
195 '';
196 spam-or-ham = ''
197 require ["vnd.dovecot.pipe", "copy", "imapsieve", "variables", "imap4flags", "environment"];
198
199 if environment :is "imap.changedflags" "Junk" {
200 if hasflag :is "Junk" {
201 pipe :copy :try "learn-spam.sh";
202 } elsif not hasflag :is "Junk" {
203 pipe :copy :try "learn-ham.sh";
204 }
205 }
206 '';
207 report-spam = ''
208 require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
209
210 if environment :matches "imap.user" "*" {
211 set "username" "''${1}";
212 }
213
214 pipe :copy :try "learn-spam.sh" [ "''${username}" ];
215 '';
216 report-ham = ''
217 require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
218
219 if environment :matches "imap.mailbox" "*" {
220 set "mailbox" "''${1}";
221 }
222
223 if string "''${mailbox}" "Trash" {
224 stop;
225 }
226
227 if environment :matches "imap.user" "*" {
228 set "username" "''${1}";
229 }
230
231 pipe :copy :try "learn-ham.sh" [ "''${username}" ];
232 '';
233 };
234 };
235 configFile = toString ( pkgs.writeText "dovecot.conf" ''
236 passdb {
237 driver = ldap
238 args = /etc/dovecot/${networking.domain}/dovecot-ldap.conf
239 default_fields = userdb_mail_access_groups=${domainGroup}
240 override_fields =
241 }
242 userdb {
243 driver = prefetch
244 }
245 userdb {
246 # NOTE: this userdb is only used by lda.
247 driver = ldap
248 args = /etc/dovecot/${networking.domain}/dovecot-ldap.conf
249 default_fields = mail_access_groups=${domainGroup}
250 override_fields =
251 skip = found
252 }
253 #passdb {
254 # driver = passwd-file
255 # args = scheme=crypt username_format=%n ${authDir}/%d/passwd
256 #}
257 #userdb {
258 # # NOTE: this userdb is only used by lda.
259 # driver = passwd-file
260 # args = username_format=%n ${authDir}/%d/passwd
261 # #default_fields = home=${mailDir}/%d/%n
262 # skip = found
263 #}
264 # Store METADATA information within user's HOME directory
265 mail_attribute_dict = file:%h/dovecot-attributes
266 # If needed, may be overrided by userdb_mail
267 mail_home = ${mailDir}/%d/%n
268 # NOTE: if needed, may be overrided by userdb_mail
269 # NOTE: INDEX and CONTROL are on a partition without quota, as explain in the doc.
270 # SEE: http://wiki2.dovecot.org/Quota/FS
271 mail_location = maildir:${mailDir}/%d/%n/mail.d:LAYOUT=fs:INDEX=${stateDir}/index/%d/%n:INDEXPVT=${stateDir}/index/%d/%n:CONTROL=${stateDir}/control/%d/%n
272 auth_mechanisms = plain login
273 # NOTE: postfix does not supply a client cert.
274 auth_ssl_require_client_cert = no
275 #auth_ssl_username_from_cert = yes
276 auth_verbose = yes
277 # NOTE: lowercase the username, help with LDAP?
278 auth_username_format = %Lu
279 ${lib.optionalString dovecot2.debug ''
280 auth_debug = yes
281 mail_debug = yes
282 verbose_ssl = yes
283 ''}
284 default_internal_user = ${dovecot2.user}
285 default_internal_group = ${dovecot2.group}
286 disable_plaintext_auth = yes
287 # NOTE: sync with LDAP's data.
288 first_valid_uid = 1000
289 lda_mailbox_autocreate = yes
290 lda_mailbox_autosubscribe = yes
291 listen = *
292 log_timestamp = "%Y-%m-%d %H:%M:%S "
293 #maildir_copy_with_hardlinks = yes
294 namespace inbox {
295 # NOTE: here because protocol sieve {namespace inbox{}} does not seem to work.
296 type = private
297 inbox = yes
298 location =
299 list = yes
300 prefix =
301 separator = ${dirSep}
302 }
303 namespace {
304 type = shared
305 #list = children
306 # NOTE: always listed in the LIST command.
307 list = yes
308 # NOTE: how to access the other users' mailboxes.
309 # NOTE: %var expands to the logged in user's variable, while
310 # %%var expands to the other users' variables.
311 # NOTE: INDEX and CONTROL are shared, INDEXPVT is not.
312 location = maildir:${mailDir}/%%d/%%n/mail.d:LAYOUT=fs:INDEX=${stateDir}/index/%%d/%%n/Shared:INDEXPVT=${stateDir}/index/%d/%n/Shared/%%n:CONTROL=${stateDir}/control/%d/%n/Shared
313 prefix = Partages+%%n+
314 separator = ${dirSep}
315 subscriptions = yes
316 }
317 mail_plugins = $mail_plugins acl quota virtual
318 #mail_uid = ${dovecot2.mailUser}
319 #mail_gid = ${dovecot2.mailGroup}
320 # NOTE: each user has a dedicated (uid,gid) pair
321 #mail_privileged_group = mail
322 #mail_access_groups =
323 plugin {
324 acl = vfile:/etc/dovecot/acl/global.d
325 acl_anyone = allow
326 # NOTE: to let users LIST mailboxes shared by other users,
327 # Dovecot needs a shared mailbox dictionary.
328 # FIXME: %d not working with userdb ldap
329 acl_shared_dict = file:${stateDir}/acl/%d/acl.db
330 ## NOTE: pour offlineimap
331 ##antispam_allow_append_to_spam = yes
332 #antispam_backend = pipe
333 ##antispam_crm_args = -u;${mailDir}/%d/.crm114;/usr/share/crm114/mailfilter.crm
334 #antispam_crm_args = -u;${mailDir}/crm114;/usr/share/crm114/mailfilter.crm
335 #antispam_crm_binary = /usr/bin/crm
336 #antispam_debug_target = syslog
337 ##antispam_crm_env = HOME=%h;USER=%u
338 #antispam_ham_keywords = NonJunk
339 #antispam_pipe_program = /usr/bin/crm
340 #antispam_pipe_program_args = -u;${mailDir}/crm114;/usr/share/crm114/mailfilter.crm;--stats_only;--force
341 #antispam_pipe_program_notspam_arg = --learnnonspam
342 #antispam_pipe_program_spam_arg = --learnspam
343 #antispam_pipe_program_unlearn_spam_args = --unlearn;--learnspam
344 #antispam_pipe_program_unlearn_notspam_args = --unlearn;--learnnonspam
345 #antispam_pipe_tmpdir = ${mailDir}/crm114/tmp
346 #antispam_signature = X-CRM114-CacheID
347 #antispam_signature_missing = move
348 #antispam_spam = Junk
349 #antispam_spam_keywords = Junk
350 #antispam_trash = Trash
351 #antispam_unsure = Unsure
352 #antispam_verbose_debug = 0
353 quota = maildir:User quota
354 quota_rule = *:storage=256M
355 quota_rule2 = Trash:storage=+64M
356 quota_max_mail_size = 20M
357 #quota_exceeded_message = </path/to/quota_exceeded_message.txt
358 quota_warning = storage=95%% quota-warning 95 %u
359 quota_warning2 = storage=80%% quota-warning 80 %u
360 quota_warning3 = -storage=100%% quota-warning below %u
361 recipient_delimiter = ${extSep}
362 #sieve_default = file:${mailDir}/%u/default.sieve
363 #sieve_default_name = default
364 sieve_after = ${sieveDir}/after.d/
365 sieve_before = ${sieveDir}/before.d/
366 sieve = file:~/sieve.d;active=~/sieve
367 #sieve_extensions = +spamtest +spamtestplus
368 sieve_global = ${sieveDir}/global.d/
369 sieve_max_script_size = 1M
370 sieve_quota_max_scripts = 0
371 sieve_quota_max_storage = 10M
372 sieve_spamtest_max_value = 10
373 sieve_spamtest_status_header = X-Spam-Score
374 sieve_spamtest_status_type = strlen
375 sieve_user_log = /var/log/dovecot/%d/sieve.%n.log
376
377 sieve_plugins = sieve_imapsieve sieve_extprograms
378 sieve_pipe_bin_dir = ${sieve_pipe_bin_dir}/bin
379 sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
380 # Enables support for user Sieve scripts in IMAP
381 #imapsieve_url = sieve://mail.${networking.domain}:4190
382
383 # When a flag changes, spam or ham according to the \Junk or \NonJunk flags
384 imapsieve_mailbox1_name = *
385 imapsieve_mailbox1_causes = FLAG
386 imapsieve_mailbox1_before = file:${sieveDir}/global.d/spam-or-ham.sieve
387
388 # From elsewhere to Junk folder
389 imapsieve_mailbox2_name = Pourriel
390 imapsieve_mailbox2_causes = COPY APPEND
391 imapsieve_mailbox2_before = file:${sieveDir}/global.d/report-spam.sieve
392
393 # From Junk folder to elsewhere
394 imapsieve_mailbox3_name = *
395 imapsieve_mailbox3_from = Pourriel
396 imapsieve_mailbox3_causes = COPY
397 imapsieve_mailbox3_before = file:${sieveDir}/global.d/report-ham.sieve
398 }
399 # If you have Dovecot v2.2.8+ you may get a significant performance improvement with fetch-headers:
400 imapc_features = $imapc_features fetch-headers
401 # Read multiple mails in parallel, improves performance
402 mail_prefetch_count = 20
403 service quota-warning {
404 executable = script ${
405 pkgs.writeScript "quota-warning" ''
406 #!/bin/sh -eu
407 PERCENT=$1
408 USER=$2
409 cat << EOF | ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -d $USER -o
410 "plugin/quota=maildir:User quota:noenforcing"
411 From: postmaster@${networking.domain}
412 Subject: [WARNING] your mailbox is now $PERCENT% full.
413
414 Please remove some mails to make room for new ones.
415 EOF
416 ''
417 }
418 # use some unprivileged user for executing the quota warnings
419 user = ${dovecot2.user}
420 unix_listener quota-warning {
421 }
422 }
423 protocol imap {
424 #mail_max_userip_connections = 10
425 mail_plugins = $mail_plugins imap_acl imap_quota imap_sieve # antispam
426 # DOC: https://wiki.dovecot.org/MailboxSettings
427 # Due to a bug in Dovecot v2.2.30+ if special-use flags are used,
428 # SPECIAL-USE needs to be added to post-login CAPABILITY response as RFC 6154 mandates.
429 imap_capability = +SPECIAL-USE
430 namespace inbox {
431 inbox = yes
432 location =
433 list = yes
434 prefix =
435 separator = ${dirSep}
436 mailbox "Archive" {
437 auto = no
438 special_use = \Archive
439 }
440 mailbox "Archives" {
441 auto = no
442 special_use = \Archive
443 }
444 mailbox "Drafts" {
445 auto = no
446 special_use = \Drafts
447 }
448 mailbox "Brouillons" {
449 auto = no
450 special_use = \Drafts
451 }
452 mailbox "Junk" {
453 auto = no
454 #autoexpunge = 30d
455 special_use = \Junk
456 }
457 mailbox "Spams" {
458 auto = no
459 special_use = \Junk
460 }
461 mailbox "Spam" {
462 auto = no
463 special_use = \Junk
464 }
465 mailbox "Pourriels" {
466 auto = no
467 special_use = \Junk
468 }
469 mailbox "Pourriel" {
470 auto = no
471 special_use = \Junk
472 }
473 mailbox "Sent" {
474 auto = no
475 special_use = \Sent
476 }
477 mailbox "Sent Items" {
478 auto = no
479 special_use = \Sent
480 }
481 mailbox "Sent Messages" {
482 auto = no
483 special_use = \Sent
484 }
485 mailbox "Envoyés" {
486 auto = no
487 special_use = \Sent
488 }
489 mailbox "Trash" {
490 auto = no
491 special_use = \Trash
492 #autoexpunge = 30d
493 }
494 mailbox "Corbeille" {
495 auto = no
496 special_use = \Trash
497 }
498 }
499 }
500 protocol lda {
501 auth_socket_path = /var/run/dovecot/auth-userdb
502 hostname = ${networking.domain}
503 info_log_path =
504 log_path =
505 mail_plugins = $mail_plugins sieve
506 namespace inbox {
507 inbox = yes
508 location =
509 list = yes
510 prefix =
511 separator = ${dirSep}
512 }
513 postmaster_address = postmaster${extSep}dovecot${extSep}lda@${networking.domain}
514 syslog_facility = mail
515 }
516 protocol lmtp {
517 #info_log_path = /tmp/dovecot-lmtp.log
518 mail_plugins = $mail_plugins sieve
519 namespace inbox {
520 inbox = yes
521 location =
522 list = yes
523 prefix =
524 separator = ${dirSep}
525 }
526 postmaster_address = postmaster${extSep}dovecot${extSep}lmtp@${networking.domain}
527 }
528 protocol pop3 {
529 #mail_max_userip_connections = 10
530 namespace all {
531 # NOTE: used by ${dovecot-virtual}/pop3/INBOX/dovecot-virtual
532 hidden = yes
533 list = no
534 location =
535 prefix = all+
536 separator = ${dirSep}
537 }
538 # Virtual namespace for the virtual INBOX.
539 # Use a global directory for dovecot-virtual files.
540 namespace inbox {
541 inbox = yes
542 hidden = yes
543 list = no
544 location = virtual:${dovecot-virtual}/pop3:INDEX=${stateDir}/index/%d/%n/POP3:LAYOUT=fs
545 prefix = pop3+
546 separator = ${dirSep}
547 }
548 pop3_client_workarounds =
549 pop3_fast_size_lookups = yes
550 pop3_lock_session = yes
551 pop3_no_flag_updates = yes
552 # Use GUIDs to avoid accidental POP3 UIDL changes instead of IMAP UIDs.
553 pop3_uidl_format = %g
554 }
555 protocol sieve {
556 #mail_max_userip_connections = 10
557 #managesieve_implementation_string = Dovecot Pigeonhole
558 managesieve_max_compile_errors = 5
559 #managesieve_max_line_length = 65536
560 #managesieve_notify_capability = mailto
561 #managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
562 }
563 # DOC: https://wiki2.dovecot.org/Pigeonhole/ManageSieve/Configuration
564 protocol sieve {
565 # Maximum number of ManageSieve connections allowed for a user from each IP address.
566 # NOTE: The username is compared case-sensitively.
567 mail_max_userip_connections = 10
568
569 # To fool ManageSieve clients that are focused on CMU's timesieved you can specify
570 # the IMPLEMENTATION capability that the dovecot reports to clients.
571 # For example: 'Cyrus timsieved v2.2.13'
572 managesieve_implementation_string = Dovecot Pigeonhole
573
574 # The maximum number of compile errors that are returned to the client upon script
575 # upload or script verification.
576 managesieve_max_compile_errors = 5
577 }
578 protocols = imap lmtp pop3 sieve
579 service lmtp {
580 #executable = lmtp -L
581 process_min_avail = 2
582 unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
583 user = ${postfix.user}
584 group = ${postfix.group}
585 mode = 0600
586 }
587 #user = mail
588 }
589 service auth {
590 # FIXME: may be user=dovecot-auth with LDAP?
591 user = root
592 unix_listener auth-userdb {
593 user = ${dovecot2.user}
594 group = ${dovecot2.group}
595 mode = 0660
596 }
597 unix_listener /var/lib/postfix/queue/private/auth {
598 user = ${postfix.user}
599 group = ${postfix.group}
600 mode = 0660
601 }
602 }
603 service imap {
604 # Most of the memory goes to mmap()ing files.
605 # You may need to increase this limit if you have huge mailboxes.
606 #vsz_limit =
607 process_limit = 1024
608 }
609 service imap-login {
610 #inet_listener imap {
611 # address = 127.0.0.1
612 # port = 143
613 # ssl = no
614 #}
615 inet_listener imaps {
616 port = 993
617 ssl = yes
618 }
619 }
620 service pop3 {
621 process_limit = 1024
622 }
623 service pop3-login {
624 inet_listener pop3s {
625 port = 995
626 ssl = yes
627 }
628 }
629 service managesieve-login {
630 inet_listener sieve {
631 port = 4190
632 #ssl = yes
633 }
634
635 # Number of connections to handle before starting a new process. Typically
636 # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
637 # is faster. <doc/wiki/LoginProcess.txt>
638 service_count = 1
639
640 # Number of processes to always keep waiting for more connections.
641 process_min_avail = 0
642
643 # If you set service_count=0, you probably need to grow this.
644 #vsz_limit = 64M
645 }
646 ssl = required
647 ssl_dh = <${../../../sec/openssl/dh.pem}
648 ssl_cipher_list = HIGH:!LOW:!SSLv2:!EXP:!aNULL
649 ssl_cert = <${loadFile (../../../sec + "/openssl/${networking.domainBase}/cert.self-signed.pem")}
650 ssl_key = </run/keys/dovecot.${networking.domainBase}.key.pem
651 #ssl_ca = <''${caPath}
652 #ssl_verify_client_cert = yes
653 '' );
654 #${lib.concatMapStringsSep "\n"
655 # (dom: ''
656 # local_name mail.${dom} {
657 # #ssl_ca = <''${caPath}
658 # ssl_cert = <${x509.cert dom}
659 # ssl_key = <${x509.key dom}
660 # }
661 # '')
662 # dovecot2.domains
663 #}
664 };
665 }
NixOS configurations for Sourcephile's infrastructure