servers/mermet/dovecot/sourcephile.fr.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (config.services) dovecot2;
   4   stateDir = "/var/lib/dovecot";
   5   domain = "sourcephile.fr";
   6   domainGroup = "sourcephile";
   7   domainConfig = ''
   8     ssl_cert = <${../../../../sec/openssl/sourcephile.fr/cert.self-signed.pem}
   9     ssl_key = </run/keys/${domain}.key.pem
  10   '';
  11 in
  12 {
  13 systemd.services.dovecot2 = {
  14   preStart = ''
  15     install -D -d -m 1770 \
  16      -o "${dovecot2.user}" \
  17      -g "${domainGroup}" \
  18      ${stateDir}/home/${domain} \
  19      ${stateDir}/control/${domain} \
  20      ${stateDir}/index/${domain} \
  21      ${stateDir}/acl/${domain}
  22
  23     # NOTE: do not set the sticky bit (+t)
  24     #       on acl/<domain>/, to let dovecot
  25     #       rename acl.db.lock (own by new user)
  26     #       to     acl.db      (own by old user)
  27     chmod -t ${stateDir}/acl/${domain}
  28   '';
  29 };
  30 services.dovecot2 = {
  31   extraConfig = lib.mkAfter ''
  32     passdb {
  33       username_filter = *@${domain}
  34       driver = ldap
  35       # Because auth_bind=yes and auth_bind_userdn are used,
  36       # this cannot prefetch any userdb_*.
  37       args = ${./ldap.conf}
  38       default_fields =
  39       override_fields =
  40     }
  41     local_name mail.${domain} {
  42       ${domainConfig}
  43     }
  44     local_name imap.${domain} {
  45       ${domainConfig}
  46     }
  47   '';
  48 };
  49 services.nginx.virtualHosts."autoconfig.${domain}" = {
  50   serverName = "autoconfig.${domain}";
  51   #addSSL = true;
  52   extraConfig = ''
  53     access_log off;
  54     log_not_found off;
  55   '';
  56   forceSSL = true;
  57   useACMEHost = domain;
  58   root = pkgs.writeTextFile {
  59     name = "autoconfig";
  60     destination = "/mail/config-v1.1.xml";
  61     text = ''
  62       <?xml version="1.0"?>
  63       <clientConfig version="1.1">
  64         <emailProvider id="%EMAILDOMAIN%">
  65           <!-- <displayName></displayName> -->
  66           <!-- <displayShortName></displayShortName> -->
  67           <domain>%EMAILDOMAIN%</domain>
  68           <incomingServer type="imap">
  69             <hostname>mail.%EMAILDOMAIN%</hostname>
  70             <port>993</port>
  71             <socketType>SSL</socketType>
  72             <username>%EMAILADDRESS%</username>
  73             <authentication>password-cleartext</authentication>
  74           </incomingServer>
  75           <incomingServer type="pop3">
  76             <hostname>mail.%EMAILDOMAIN%</hostname>
  77             <port>995</port>
  78             <socketType>SSL</socketType>
  79             <username>%EMAILADDRESS%</username>
  80             <authentication>password-cleartext</authentication>
  81             <pop3>
  82               <leaveMessagesOnServer>false</leaveMessagesOnServer>
  83               <downloadOnBiff>true</downloadOnBiff>
  84             </pop3>
  85           </incomingServer>
  86           <outgoingServer type="smtp">
  87             <hostname>mail.%EMAILDOMAIN%</hostname>
  88             <port>465</port>
  89             <socketType>SSL</socketType> <!-- see above -->
  90             <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
  91             <authentication>password-cleartext</authentication>
  92             <!-- <restriction>client-IP-address</restriction> -->
  93             <addThisServer>true</addThisServer>
  94             <useGlobalPreferredServer>false</useGlobalPreferredServer>
  95           </outgoingServer>
  96         </emailProvider>
  97         <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->
  98       </clientConfig>
  99     '';
 100   };
 101 };
 102 }