{ pkgs, lib, config, ... }: let inherit (config.services) dovecot2; stateDir = "/var/lib/dovecot"; domain = "sourcephile.fr"; domainGroup = "sourcephile"; domainConfig = '' ssl_cert = <${../../../../sec/openssl/sourcephile.fr/cert.self-signed.pem} ssl_key = /, to let dovecot # rename acl.db.lock (own by new user) # to acl.db (own by old user) chmod -t ${stateDir}/acl/${domain} ''; }; services.dovecot2 = { extraConfig = lib.mkAfter '' passdb { username_filter = *@${domain} driver = ldap # Because auth_bind=yes and auth_bind_userdn are used, # this cannot prefetch any userdb_*. args = ${./ldap.conf} default_fields = override_fields = } local_name mail.${domain} { ${domainConfig} } local_name imap.${domain} { ${domainConfig} } ''; }; services.nginx.virtualHosts."autoconfig.${domain}" = { serverName = "autoconfig.${domain}"; #addSSL = true; extraConfig = '' access_log off; log_not_found off; ''; forceSSL = true; useACMEHost = domain; root = pkgs.writeTextFile { name = "autoconfig"; destination = "/mail/config-v1.1.xml"; text = '' %EMAILDOMAIN% mail.%EMAILDOMAIN% 993 SSL %EMAILADDRESS% password-cleartext mail.%EMAILDOMAIN% 995 SSL %EMAILADDRESS% password-cleartext false true mail.%EMAILDOMAIN% 465 SSL %EMAILADDRESS% password-cleartext true false ''; }; }; }