1 { pkgs, lib, config, ... }:
3 inherit (config.services) dovecot2;
4 stateDir = "/var/lib/dovecot";
5 domain = "sourcephile.fr";
6 domainGroup = "sourcephile";
8 ssl_cert = <${../../../../sec/openssl/sourcephile.fr/cert.self-signed.pem}
9 ssl_key = </run/keys/${domain}.key.pem
13 systemd.services.dovecot2 = {
15 install -D -d -m 1770 \
16 -o "${dovecot2.user}" \
18 ${stateDir}/home/${domain} \
19 ${stateDir}/control/${domain} \
20 ${stateDir}/index/${domain} \
21 ${stateDir}/acl/${domain}
23 # NOTE: do not set the sticky bit (+t)
24 # on acl/<domain>/, to let dovecot
25 # rename acl.db.lock (own by new user)
26 # to acl.db (own by old user)
27 chmod -t ${stateDir}/acl/${domain}
31 extraConfig = lib.mkAfter ''
33 username_filter = *@${domain}
35 # Because auth_bind=yes and auth_bind_userdn are used,
36 # this cannot prefetch any userdb_*.
41 local_name mail.${domain} {
44 local_name imap.${domain} {
49 services.nginx.virtualHosts."autoconfig.${domain}" = {
50 serverName = "autoconfig.${domain}";
56 root = pkgs.writeTextFile {
58 destination = "/mail/config-v1.1.xml";
61 <clientConfig version="1.1">
62 <emailProvider id="%EMAILDOMAIN%">
63 <!-- <displayName></displayName> -->
64 <!-- <displayShortName></displayShortName> -->
65 <domain>%EMAILDOMAIN%</domain>
66 <incomingServer type="imap">
67 <hostname>mail.%EMAILDOMAIN%</hostname>
69 <socketType>SSL</socketType>
70 <username>%EMAILADDRESS%</username>
71 <authentication>password-cleartext</authentication>
73 <incomingServer type="pop3">
74 <hostname>mail.%EMAILDOMAIN%</hostname>
76 <socketType>SSL</socketType>
77 <username>%EMAILADDRESS%</username>
78 <authentication>password-cleartext</authentication>
80 <leaveMessagesOnServer>false</leaveMessagesOnServer>
81 <downloadOnBiff>true</downloadOnBiff>
84 <outgoingServer type="smtp">
85 <hostname>mail.%EMAILDOMAIN%</hostname>
87 <socketType>SSL</socketType> <!-- see above -->
88 <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
89 <authentication>password-cleartext</authentication>
90 <!-- <restriction>client-IP-address</restriction> -->
91 <addThisServer>true</addThisServer>
92 <useGlobalPreferredServer>false</useGlobalPreferredServer>
95 <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->