]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/dovecot/sourcephile.fr.nix
nginx: use Let's Encrypt X.509 certificate
[sourcephile-nix.git] / servers / mermet / dovecot / sourcephile.fr.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.services) dovecot2;
4 stateDir = "/var/lib/dovecot";
5 domain = "sourcephile.fr";
6 domainGroup = "sourcephile";
7 domainConfig = ''
8 ssl_cert = <${../../../../sec/openssl/sourcephile.fr/cert.self-signed.pem}
9 ssl_key = </run/keys/${domain}.key.pem
10 '';
11 in
12 {
13 systemd.services.dovecot2 = {
14 preStart = ''
15 install -D -d -m 1770 \
16 -o "${dovecot2.user}" \
17 -g "${domainGroup}" \
18 ${stateDir}/home/${domain} \
19 ${stateDir}/control/${domain} \
20 ${stateDir}/index/${domain} \
21 ${stateDir}/acl/${domain}
22
23 # NOTE: do not set the sticky bit (+t)
24 # on acl/<domain>/, to let dovecot
25 # rename acl.db.lock (own by new user)
26 # to acl.db (own by old user)
27 chmod -t ${stateDir}/acl/${domain}
28 '';
29 };
30 services.dovecot2 = {
31 extraConfig = lib.mkAfter ''
32 passdb {
33 username_filter = *@${domain}
34 driver = ldap
35 # Because auth_bind=yes and auth_bind_userdn are used,
36 # this cannot prefetch any userdb_*.
37 args = ${./ldap.conf}
38 default_fields =
39 override_fields =
40 }
41 local_name mail.${domain} {
42 ${domainConfig}
43 }
44 local_name imap.${domain} {
45 ${domainConfig}
46 }
47 '';
48 };
49 services.nginx.virtualHosts."autoconfig.${domain}" = {
50 serverName = "autoconfig.${domain}";
51 #addSSL = true;
52 extraConfig = ''
53 access_log off;
54 log_not_found off;
55 '';
56 root = pkgs.writeTextFile {
57 name = "autoconfig";
58 destination = "/mail/config-v1.1.xml";
59 text = ''
60 <?xml version="1.0"?>
61 <clientConfig version="1.1">
62 <emailProvider id="%EMAILDOMAIN%">
63 <!-- <displayName></displayName> -->
64 <!-- <displayShortName></displayShortName> -->
65 <domain>%EMAILDOMAIN%</domain>
66 <incomingServer type="imap">
67 <hostname>mail.%EMAILDOMAIN%</hostname>
68 <port>993</port>
69 <socketType>SSL</socketType>
70 <username>%EMAILADDRESS%</username>
71 <authentication>password-cleartext</authentication>
72 </incomingServer>
73 <incomingServer type="pop3">
74 <hostname>mail.%EMAILDOMAIN%</hostname>
75 <port>995</port>
76 <socketType>SSL</socketType>
77 <username>%EMAILADDRESS%</username>
78 <authentication>password-cleartext</authentication>
79 <pop3>
80 <leaveMessagesOnServer>false</leaveMessagesOnServer>
81 <downloadOnBiff>true</downloadOnBiff>
82 </pop3>
83 </incomingServer>
84 <outgoingServer type="smtp">
85 <hostname>mail.%EMAILDOMAIN%</hostname>
86 <port>465</port>
87 <socketType>SSL</socketType> <!-- see above -->
88 <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
89 <authentication>password-cleartext</authentication>
90 <!-- <restriction>client-IP-address</restriction> -->
91 <addThisServer>true</addThisServer>
92 <useGlobalPreferredServer>false</useGlobalPreferredServer>
93 </outgoingServer>
94 </emailProvider>
95 <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->
96 </clientConfig>
97 '';
98 };
99 };
100 }