1 { pkgs, lib, config, ... }:
3 inherit (builtins) readFile;
4 inherit (config.services) dovecot2;
5 stateDir = "/var/lib/dovecot";
6 domain = "autogeree.net";
7 domainGroup = "autogeree";
10 services.dovecot2.extraConfig =
12 ssl_cert = <${../../../../sec/openssl/autogeree.net/cert.self-signed.pem}
13 ssl_key = </run/keys/${domain}.key.pem
16 local_name mail.${domain} {
19 local_name imap.${domain} {
23 username_filter = *@${domain}
24 # Because auth_bind=yes and auth_bind_userdn are used,
25 # this cannot prefetch any userdb_*.
27 # The path to the ldap.conf must be unique,
28 # otherwise dovecot caches the result from other passdb,
29 # which may be wrong because of username_filter.
30 args = ${pkgs.writeText "${domain}-ldap.conf" (readFile ./ldap.conf)}
36 systemd.services.dovecot2.after = [
37 "${domain}.key.pem-key.service"
39 systemd.services.dovecot2 = {
41 install -D -d -m 1770 \
42 -o "${dovecot2.user}" \
44 ${stateDir}/home/${domain} \
45 ${stateDir}/control/${domain} \
46 ${stateDir}/index/${domain} \
47 ${stateDir}/acl/${domain}
49 # NOTE: do not set the sticky bit (+t)
50 # on acl/<domain>/, to let dovecot
51 # rename acl.db.lock (own by new user)
52 # to acl.db (own by old user)
53 chmod -t ${stateDir}/acl/${domain}
56 services.nginx.virtualHosts."autoconfig.${domain}" = {
57 serverName = "autoconfig.${domain}";