servers/mermet/dovecot/autogeree.net.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (config.services) dovecot2;
   4   stateDir = "/var/lib/dovecot";
   5   domain = "autogeree.net";
   6   domainGroup = "autogeree";
   7   domainConfig = ''
   8     ssl_cert = <${../../../../sec/openssl/autogeree.net/cert.self-signed.pem}
   9     ssl_key = </run/keys/${domain}.key.pem
  10   '';
  11 in
  12 {
  13 systemd.services.dovecot2 = {
  14   preStart = ''
  15     install -D -d -m 1770 \
  16      -o "${dovecot2.user}" \
  17      -g "${domainGroup}" \
  18      ${stateDir}/home/${domain} \
  19      ${stateDir}/control/${domain} \
  20      ${stateDir}/index/${domain} \
  21      ${stateDir}/acl/${domain}
  22
  23     # NOTE: do not set the sticky bit (+t)
  24     #       on acl/<domain>/, to let dovecot
  25     #       rename acl.db.lock (own by new user)
  26     #       to     acl.db      (own by old user)
  27     chmod -t ${stateDir}/acl/${domain}
  28   '';
  29 };
  30 services.dovecot2 = {
  31   extraConfig = lib.mkAfter ''
  32     passdb {
  33       username_filter = *@${domain}
  34       driver = ldap
  35       # Because auth_bind=yes and auth_bind_userdn are used,
  36       # this cannot prefetch any userdb_*.
  37       args = ${./ldap.conf}
  38       default_fields =
  39       override_fields =
  40     }
  41     local_name mail.${domain} {
  42       ${domainConfig}
  43     }
  44     local_name imap.${domain} {
  45       ${domainConfig}
  46     }
  47   '';
  48 };
  49 services.nginx.virtualHosts."autoconfig.${domain}" = {
  50   serverName = "autoconfig.${domain}";
  51   #addSSL = true;
  52   extraConfig = ''
  53     access_log off;
  54     log_not_found off;
  55   '';
  56   root = pkgs.writeTextFile {
  57     name = "autoconfig";
  58     destination = "/mail/config-v1.1.xml";
  59     text = ''
  60       <?xml version="1.0"?>
  61       <clientConfig version="1.1">
  62         <emailProvider id="%EMAILDOMAIN%">
  63           <!-- <displayName></displayName> -->
  64           <!-- <displayShortName></displayShortName> -->
  65           <domain>%EMAILDOMAIN%</domain>
  66           <incomingServer type="imap">
  67             <hostname>mail.%EMAILDOMAIN%</hostname>
  68             <port>993</port>
  69             <socketType>SSL</socketType>
  70             <username>%EMAILADDRESS%</username>
  71             <authentication>password-cleartext</authentication>
  72           </incomingServer>
  73           <incomingServer type="pop3">
  74             <hostname>mail.%EMAILDOMAIN%</hostname>
  75             <port>995</port>
  76             <socketType>SSL</socketType>
  77             <username>%EMAILADDRESS%</username>
  78             <authentication>password-cleartext</authentication>
  79             <pop3>
  80               <leaveMessagesOnServer>false</leaveMessagesOnServer>
  81               <downloadOnBiff>true</downloadOnBiff>
  82             </pop3>
  83           </incomingServer>
  84           <outgoingServer type="smtp">
  85             <hostname>mail.%EMAILDOMAIN%</hostname>
  86             <port>465</port>
  87             <socketType>SSL</socketType> <!-- see above -->
  88             <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
  89             <authentication>password-cleartext</authentication>
  90             <!-- <restriction>client-IP-address</restriction> -->
  91             <addThisServer>true</addThisServer>
  92             <useGlobalPreferredServer>false</useGlobalPreferredServer>
  93           </outgoingServer>
  94         </emailProvider>
  95         <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->
  96       </clientConfig>
  97     '';
  98   };
  99 };
 100 }