public-inbox: fix coderepo paths
[sourcephile-nix.git] / nixos / modules / services / mail / dovecot.nix
index 5e6b5da69cca4bef9aa51d2109b82d712e2e741d..a4c693a9827b3306487957eef95badd8e73c223c 100644 (file)
-{pkgs, lib, config, system, ...}:
-let inherit (builtins) toString toFile attrNames;
-    inherit (lib) types;
-    inherit (config.services) dovecot2 postfix x509;
-    unlines     = lib.concatStringsSep "\n";
-    when        = x: y: if x == null then "" else y;
-    extSep      = postfix.recipientDelimiter;
-    dirSep      = extSep;
-    libDir      = "/var/lib/dovecot";
-    mailDir     = "${libDir}/mail";
-    sieveDir    = "${libDir}/sieve";
-    authDir     = "${libDir}/auth";
-    authUser    = dovecot2.mailUser;  # TODO: php_roundcube
-    authGroup   = dovecot2.mailGroup; # TODO: php_roundcube
-    escapeGroup = lib.stringAsChars (c: if "a"<=c && c<="z"
-                                        || "0"<=c && c<="9"
-                                        || c=="-"
-                                        then c else "_");
+{ pkgs, lib, config, ... }:
+let
+  inherit (pkgs.lib) unlinesValues;
+  inherit (config.services) dovecot2;
+  stateDir = "/var/lib/dovecot";
 in
 {
-
-options.services.dovecot2 = {
-  domains = lib.mkOption {
-    default = {};
-    type    = types.attrsOf (types.submodule ({domain, ...}: {
-      #config.domain = lib.mkDefault domain;
-      options = {
-        accounts = lib.mkOption {
-          type = types.attrsOf (types.submodule ({account, ...}: {
-            options = {
-              password = lib.mkOption {
-                type        = types.str;
-                example     = "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
-                description = ''Password.
-                Use: `doveadm pw -s SSHA512 -p "$password"`
-                '';
-              };
-              aliases = lib.mkOption {
-                type        = with types; listOf types.str;
-                example     = [ "abuse@${config.networking.domain}" ];
-                default     = [];
-                description = ''Aliases of this account.'';
-              };
-              quota = lib.mkOption {
-                type        = with types; nullOr types.str;
-                default     = null;
-                example     = "2G";
-                description = ''
-                  Per user quota rules. Accepted sizes are `xx k/M/G/T` with the
-                  obvious meaning. Leave blank for the standard quota `100G`.
-                '';
-              };
-              sieves = lib.mkOption {
-                type    = with types; attrsOf str;
-                default = { main = ''
-                              require ["include"];
-  
-                              #include :personal "roundcube";
-                              include :global "spam";
-                              include :global "list";
-                              include :global "extension";
-                            '';
-                          };
-              };
-              groups = lib.mkOption {
-                type    = with types; listOf str;
-                default = [];
-              };
-            };
-          }));
-        };
-      };
-    }));
-  };
-  debug = lib.mkOption {
-    type        = types.bool;
-    default     = false;
-    description = ''
-      Whether to enable verbose logging or not in mail related services.
-    '';
+config = lib.mkIf dovecot2.enable {
+  systemd.services.dovecot2 = {
+    preStart = unlinesValues {
+      installDomains = ''
+        # SEE: http://wiki2.dovecot.org/SharedMailboxes/Permissions
+        install -D -d -m 0771 \
+         -o "${dovecot2.user}" \
+         -g "${dovecot2.group}" \
+         ${stateDir}/mail
+      '';
+    };
   };
 };
-
-# config = lib.mkIf dovecot2.enable {
-#   environment.etc."nginx/site.d/autoconfig.conf".source =
-#     let servers = lib.concatMapStringsSep " "
-#                    (dom: "autoconfig.${dom}")
-#                    (attrNames dovecot2.domains);
-#         autoconfigSite = pkgs.writeTextFile {
-#           name = "autoconfig";
-#           destination = "/mail/config-v1.1.xml";
-#           text = ''
-#             <?xml version="1.0"?>
-#             <clientConfig version="1.1">
-#               <emailProvider id="%EMAILDOMAIN%">
-#                 <!-- <displayName></displayName> -->
-#                 <!-- <displayShortName></displayShortName> -->
-#                 <domain>%EMAILDOMAIN%</domain>
-#                 <incomingServer type="imap">
-#                   <hostname>imap.%EMAILDOMAIN%</hostname>
-#                   <port>993</port>
-#                   <socketType>SSL</socketType>
-#                   <username>%EMAILADDRESS%</username>
-#                   <authentication>password-cleartext</authentication>
-#                 </incomingServer>
-#                 <incomingServer type="pop3">
-#                   <hostname>pop.%EMAILDOMAIN%</hostname>
-#                   <port>995</port>
-#                   <socketType>SSL</socketType>
-#                   <username>%EMAILADDRESS%</username>
-#                   <authentication>password-cleartext</authentication>
-#                   <pop3>
-#                     <leaveMessagesOnServer>false</leaveMessagesOnServer>
-#                     <downloadOnBiff>true</downloadOnBiff>
-#                   </pop3>
-#                 </incomingServer>
-#                 <outgoingServer type="smtp">
-#                   <hostname>smtp.%EMAILDOMAIN%</hostname>
-#                   <port>465</port>
-#                   <socketType>SSL</socketType> <!-- see above -->
-#                   <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
-#                   <authentication>password-cleartext</authentication>
-#                   <!-- <restriction>client-IP-address</restriction> -->
-#                   <addThisServer>true</addThisServer>
-#                   <useGlobalPreferredServer>false</useGlobalPreferredServer>
-#                 </outgoingServer>
-#               </emailProvider>
-#               <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->
-#             </clientConfig>
-#           '';
-#         };
-#     in
-#     pkgs.writeText "autoconfig.conf" ''
-#       server {
-#         listen 80;
-#         server_name ${servers};
-#         root ${autoconfigSite};
-#         access_log off;
-#         log_not_found off;
-#       }
-#       server {
-#         listen 443 ssl http2;
-#         ssl on;
-#         server_name ${servers};
-#         root ${autoconfigSite};
-#         access_log off;
-#         log_not_found off;
-#       }
-#     '';
-#   #services.postfix.mapFiles."transport-dovecot" =
-#   #  toFile "transport-dovecot"
-#   #   (unlines
-#   #     (lib.mapAttrsToList
-#   #       (dom: {...}: "${transportSubDomain}.${dom} lmtp:unix:private/dovecot-lmtp")
-#   #       dovecot2.domains));
-#   systemd.services.dovecot2.after = [ "postfix.service" ];
-#   #users.extraUsers = [
-#   #  { name        = "dovecot";
-#   #    uid         = config.ids.uids.dovecot2;
-#   #    description = "Dovecot user";
-#   #    group       = dovecot2.group;
-#   #  }
-#   #];
-#   users.extraGroups = lib.mapAttrs
-#                        (domain: {...}:
-#                         { name = escapeGroup "${dovecot2.mailGroup}-${domain}";
-#                         })
-#                        dovecot2.domains;
-#   systemd.services.dovecot2.preStart =
-#     let sieveList =
-#           pkgs.writeText "list.sieve" ''
-#           require
-#            [ "date"
-#            , "fileinto"
-#            , "mailbox"
-#            , "variables"
-#            ];
-# 
-#           if currentdate :matches "year"  "*" { set "year"  "''${1}"; }
-#           if currentdate :matches "month" "*" { set "month" "''${1}"; }
-# 
-#           if exists "List-ID" {
-#             if header :matches "List-ID" "*<*.*.*.*>*" {
-#               set "list"   "''${2}";
-#               set "domain" "''${4}";
-#             }
-#             elsif header :matches "List-ID" "*<*.*.*>*" {
-#               set "list"   "''${2}";
-#               set "domain" "''${3}";
-#             }
-#             fileinto :create "Listes+''${domain}+''${list}+''${year}+''${month}";
-#             stop;
-#            }
-#           '';
-#         sieveSpam =
-#           pkgs.writeText "spam.sieve" ''
-#           require
-#            [ "imap4flags"
-#            ];
-# 
-#           if header :contains "X-Spam-Level" "***" {
-#             addflag "Junk";
-#           }
-#           '';
-#         sieveExtension =
-#           pkgs.writeText "extension.sieve" ''
-#           require
-#            [ "envelope"
-#            , "fileinto"
-#            , "mailbox"
-#            , "subaddress"
-#            , "variables"
-#            ];
-#           if envelope :matches :detail "TO" "*" {
-#             set "extension" "''${1}";
-#           }
-#           if not string :is "''${extension}" "" {
-#             fileinto :create "Plus+''${extension}";
-#             stop;
-#           }
-#           '';
-#         dovecot-virtual =
-#           pkgs.writeText "dovecot-virtual" ''
-#           all
-#           all+*
-#             all
-#           '';
-#     in ''
-#     # SEE: http://wiki2.dovecot.org/SharedMailboxes/Permissions
-#     # The sticky bit is to allow the acl.db{.lock,} done by dovecot
-#     install -D -d -m 2771 \
-#      -o ${dovecot2.mailUser} \
-#      -g ${dovecot2.mailGroup} \
-#      ${mailDir}
-#     
-#     # Install global sieves
-#     install -D -d -m 0755 \
-#      -o root \
-#      -g root \
-#      ${sieveDir} \
-#      ${sieveDir}/after.d \
-#      ${sieveDir}/before.d \
-#      ${sieveDir}/global.d
-#     ln -fns ${sieveList}      ${sieveDir}/global.d/list.sieve
-#     ln -fns ${sieveExtension} ${sieveDir}/global.d/extension.sieve
-#     ln -fns ${sieveSpam}      ${sieveDir}/global.d/spam.sieve
-#     for f in ${sieveDir}/*/*.sieve
-#      do ${pkgs.dovecot_pigeonhole}/bin/sievec $f
-#      done
-#     
-#     # Install pop3 Inbox
-#     install -D -m 0644 \
-#      -o root \
-#      -g root \
-#      ${dovecot-virtual} \
-#      ${libDir}/pop3/INBOX/dovecot-virtual
-#     ''
-#     + ''
-#     # Install domains
-#     new_uid=5000
-#     ''
-#     + unlines (lib.mapAttrsToList (domain: {accounts, ...}:
-#       let domainGroup = escapeGroup "${dovecot2.mailGroup}-${domain}"; in
-#       ''
-#       install -D -d -m 1770 \
-#        -o ${dovecot2.mailUser} \
-#        -g ${domainGroup} \
-#        ${mailDir}/${domain} \
-#        ${libDir}/control/${domain} \
-#        ${libDir}/index/${domain}
-#       install -D -d -m 1770 \
-#        -o ${dovecot2.mailUser} \
-#        -g ${authGroup} \
-#        ${libDir}/auth \
-#        ${libDir}/auth/${domain}
-#       dir_passwd=${libDir}/auth/${domain}
-#       old_passwd=$dir_passwd/passwd
-#       new_passwd=$(TMPDIR= mktemp --tmpdir=$dir_passwd -t passwd.XXXXXXXX.tmp)
-#       
-#       # Install users
-#       ''
-#       + unlines (lib.mapAttrsToList (user: acct: ''
-#         home=${mailDir}/${domain}/${user}
-#         gecos=
-#         shell=/run/current-system/sw/bin/nologin
-#         if test -e $home
-#          then
-#           uid=$(stat -c %u $home)
-#           gid=$(stat -c %g $home)
-#          fi
-#         [ "''${uid:+set}" ] || {
-#           while test exists = "$(find $(dirname $home) -mindepth 1 -maxdepth 1 -uid $new_uid -printf exists -quit)"
-#            do new_uid=$((new_uid + 1))
-#            done
-#           uid=$new_uid
-#           gid=$new_uid
-#         }
-#         install -D -d -o $uid -g $gid -m 2770 $home $home/Maildir
-#         install    -d -o $uid -g $gid -m 0700 $home/sieve
-#         ''
-#         + unlines (lib.mapAttrsToList
-#             (n: v: ''
-#               install -D -m 640 -o $uid -g $gid \
-#                ${pkgs.writeText "${n}.sieve" v} \
-#                $home/sieve/${n}.sieve
-#               ${pkgs.dovecot_pigeonhole}/bin/sievec \
-#                $home/sieve/${n}.sieve
-#             '')
-#             acct.sieves)
-#         + ''
-#         mail_access_groups=${lib.concatStringsSep "," ([domainGroup] ++ acct.groups)}
-#         quota=${if lib.isString acct.quota
-#                 then ''"userdb_quota_rule=*:storage=${acct.quota}"''
-#                 else ""}
-#         extra_fields="userdb_uid=$uid userdb_gid=$gid userdb_mail_access_groups=$mail_access_groups $quota"
-#         #test ! -e $old_passwd || {
-#         #  # Preserve password changed by another mechanism, eg. roundcube.
-#         #  # But this also does not overwrite any old password set by this config.
-#         #  pass="$(sed -ne "s/^${user}:\([^:]*\):.*/\1/p" $old_passwd)"
-#         #}
-#         [ "''${pass:+set}" ] || {
-#           pass=${lib.escapeShellArg acct.password}
-#         }
-#         printf '%s\n' >>$new_passwd \
-#          "${user}:$pass:$uid:$gid:$gecos:$home:$shell:$extra_fields"
-#       '') accounts)
-#       + ''
-#       install -o ${authUser} -g ${authGroup} -m 0640 $new_passwd $old_passwd
-#       rm $new_passwd
-#       ''
-#     ) dovecot2.domains);
-#   services.dovecot2 = {
-#     enable    = true;
-#     mailUser  = "dovemail";
-#     mailGroup = "dovemail";
-#     modules   = [
-#       #pkgs.dovecot_antispam
-#       pkgs.dovecot_pigeonhole
-#     ];
-#     # ${lib.concatMapStringsSep "\n"
-#     #     (dom: ''
-#     #       local_name imap.${dom} {
-#     #         #ssl_ca   = <''${caPath}
-#     #         ssl_cert = <${x509.cert dom}
-#     #         ssl_key  = <${x509.key dom}
-#     #         }
-#     #       local_name pop.${dom} {
-#     #         #ssl_ca   = <''${caPath}
-#     #         ssl_cert = <${x509.cert dom}
-#     #         ssl_key  = <${x509.key dom}
-#     #         }
-#     #     '')
-#     #     dovecot2.domains
-#     # }
-# 
-#     configFile = toString (pkgs.writeText "dovecot.conf" ''
-#       passdb {
-#         driver = passwd-file
-#         args   = scheme=crypt username_format=%n ${authDir}/%d/passwd
-#         }
-#       userdb {
-#         driver = prefetch
-#         }
-#       userdb {
-#         # NOTE: this userdb is only used by lda.
-#         driver = passwd-file
-#         args = username_format=%n ${authDir}/%d/passwd
-#         #default_fields = home=${mailDir}/%d/%n
-#         }
-#       mail_home = ${mailDir}/%d/%n
-#       auth_mechanisms = plain login
-#       # postfix does not supply a client cert.
-#       auth_ssl_require_client_cert = no
-#       auth_ssl_username_from_cert = yes
-#       auth_verbose = yes
-#       ${lib.optionalString dovecot2.debug ''
-#         auth_debug  = yes
-#         mail_debug  = yes
-#         verbose_ssl = yes
-#       ''}
-#       default_internal_user = ${dovecot2.user}
-#       default_internal_group = ${dovecot2.group}
-#       disable_plaintext_auth = yes
-#       first_valid_uid = 1000
-#       lda_mailbox_autocreate = yes
-#       lda_mailbox_autosubscribe = yes
-#       listen = *
-#       log_timestamp = "%Y-%m-%d %H:%M:%S "
-#       # NOTE: INDEX and CONTROL are on a partition without quota, as explain in the doc.
-#       # SEE: http://wiki2.dovecot.org/Quota/FS
-#       mail_location = maildir:${mailDir}/%d/%n/Maildir:LAYOUT=fs:INDEX=${libDir}/index/%d/%n:CONTROL=${libDir}/control/%d/%n
-#       namespace inbox {
-#         # NOTE: here because protocol sieve {namespace inbox{}} does not seem to work.
-#         inbox     = yes
-#         location  =
-#         list      = yes
-#         prefix    =
-#         separator = ${dirSep}
-#         }
-#       namespace {
-#         #list          = children
-#         list          = yes
-#         location      = maildir:${mailDir}/%%d/%%n/Maildir:LAYOUT=fs:INDEX=${libDir}/index/%d/%n/Shared/%%n:CONTROL=${libDir}/control/%d/%n/Shared/%%n
-#         prefix        = Partages+%%n+
-#         separator     = ${dirSep}
-#         subscriptions = yes
-#         type          = shared
-#         }
-#       mail_plugins = $mail_plugins acl quota virtual
-#       #mail_uid = ${dovecot2.mailUser}
-#       #mail_gid = ${dovecot2.mailGroup}
-#       #mail_privileged_group = mail
-#       #mail_access_groups =
-#       plugin {
-#         acl = vfile:/etc/dovecot/acl/global.d
-#         acl_anyone = allow
-#         acl_shared_dict = file:${mailDir}/%d/acl.db
-#         ##antispam_allow_append_to_spam = yes
-#         # # NOTE: pour offlineimap
-#         #antispam_backend = pipe
-#         ##antispam_crm_args = -u;${mailDir}/%d/.crm114;/usr/share/crm114/mailfilter.crm
-#         #antispam_crm_args = -u;${mailDir}/crm114;/usr/share/crm114/mailfilter.crm
-#         #antispam_crm_binary = /usr/bin/crm
-#         #antispam_debug_target = syslog
-#         ##antispam_crm_env = HOME=%h;USER=%u
-#         #antispam_ham_keywords = NonJunk
-#         #antispam_pipe_program = /usr/bin/crm
-#         #antispam_pipe_program_args = -u;${mailDir}/crm114;/usr/share/crm114/mailfilter.crm;--stats_only;--force
-#         #antispam_pipe_program_notspam_arg = --learnnonspam
-#         #antispam_pipe_program_spam_arg = --learnspam
-#         #antispam_pipe_program_unlearn_spam_args = --unlearn;--learnspam
-#         #antispam_pipe_program_unlearn_notspam_args = --unlearn;--learnnonspam
-#         #antispam_pipe_tmpdir = ${mailDir}/crm114/tmp
-#         #antispam_signature = X-CRM114-CacheID
-#         #antispam_signature_missing = move
-#         #antispam_spam = Junk
-#         #antispam_spam_keywords = Junk
-#         #antispam_trash = Trash
-#         #antispam_unsure = Unsure
-#         #antispam_verbose_debug = 0
-#         quota = maildir:User quota
-#         quota_rule = *:storage=256M
-#         quota_rule2 = Trash:storage=+64M
-#         recipient_delimiter = ${extSep}
-#         sieve = file:${mailDir}/%d/%n/sieve;active=${mailDir}/%d/%n/sieve/main.sieve
-#         #sieve_default = file:${mailDir}/%u/default.sieve
-#         #sieve_default_name = default
-#         sieve_after  = ${sieveDir}/after.d/
-#         sieve_before = ${sieveDir}/before.d/
-#         sieve_dir = ${mailDir}/%d/%n/sieve/
-#         #sieve_extensions = +spamtest +spamtestplus
-#         sieve_global_dir = ${sieveDir}/global.d/
-#         sieve_max_script_size = 1M
-#         sieve_quota_max_scripts = 0
-#         sieve_quota_max_storage = 10M
-#         sieve_spamtest_max_value = 10
-#         sieve_spamtest_status_header = X-Spam-Score
-#         sieve_spamtest_status_type = strlen
-#         sieve_user_log = /var/log/dovecot/%d/sieve.%n.log
-#         }
-#       protocol imap {
-#         #mail_max_userip_connections = 10
-#         mail_plugins = $mail_plugins imap_acl imap_quota # antispam
-#         namespace inbox {
-#           inbox = yes
-#           location =
-#           list = yes
-#           mailbox Drafts {
-#             special_use = \Drafts
-#             }
-#           mailbox Junk {
-#             special_use = \Junk
-#             }
-#           mailbox Sent {
-#             special_use = \Sent
-#             }
-#           mailbox "Sent Messages" {
-#             special_use = \Sent
-#             }
-#           mailbox Trash {
-#             special_use = \Trash
-#             }
-#           prefix =
-#           separator = ${dirSep}
-#           }
-#         }
-#       protocol lda {
-#         auth_socket_path = /var/run/dovecot/auth-userdb
-#         hostname         = ${machine.fqdn}
-#         info_log_path    =
-#         log_path         =
-#         mail_plugins     = $mail_plugins sieve
-#         namespace inbox {
-#           inbox     = yes
-#           location  =
-#           list      = yes
-#           prefix    =
-#           separator = ${dirSep}
-#           }
-#         postmaster_address = postmaster${extSep}dovecot${extSep}lda@${machine.fqdn}
-#         syslog_facility = mail
-#         }
-#       protocol lmtp {
-#         #info_log_path = /tmp/dovecot-lmtp.log
-#         mail_plugins = $mail_plugins sieve
-#         namespace inbox {
-#           inbox     = yes
-#           location  =
-#           list      = yes
-#           prefix    =
-#           separator = ${dirSep}
-#           }
-#         postmaster_address = postmaster${extSep}dovecot${extSep}lmtp@${machine.fqdn}
-#         }
-#       protocol pop3 {
-#         #mail_max_userip_connections = 10
-#         # Used by ${libDir}/pop3/INBOX/dovecot-virtual
-#         namespace all {
-#           hidden    = yes
-#           list      = no
-#           location  =
-#           prefix    = all+
-#           separator = ${dirSep}
-#           }
-#         # Virtual namespace for the virtual INBOX.
-#         # Use a global directory for dovecot-virtual files.
-#         namespace inbox {
-#           inbox     = yes
-#           hidden    = yes
-#           list      = no
-#           location  = virtual:${libDir}/pop3:INDEX=${libDir}/index/%d/%n/POP3:LAYOUT=fs
-#           prefix    = pop3+
-#           separator = ${dirSep}
-#           }
-#         pop3_client_workarounds =
-#         pop3_fast_size_lookups = yes
-#         pop3_lock_session = yes
-#         pop3_no_flag_updates = yes
-#         # Use GUIDs to avoid accidental POP3 UIDL changes instead of IMAP UIDs.
-#         pop3_uidl_format = %g
-#         }
-#       protocol sieve {
-#         #mail_max_userip_connections = 10
-#         #managesieve_implementation_string = Dovecot Pigeonhole
-#         managesieve_max_compile_errors = 5
-#         #managesieve_max_line_length = 65536
-#         #managesieve_notify_capability = mailto
-#         #managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
-#         }
-#       protocols = imap lmtp pop3 sieve
-#       service lmtp {
-#         #executable = lmtp -L
-#         process_min_avail = 2
-#         unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
-#           user  = ${postfix.user}
-#           group = ${postfix.group}
-#           mode  = 0600
-#           }
-#         #user = mail
-#         }
-#       service auth {
-#         user = root
-#         unix_listener auth-userdb {
-#           user  = ${dovecot2.user}
-#           group = ${dovecot2.group}
-#           mode  = 0660
-#           }
-#         unix_listener /var/lib/postfix/queue/private/auth {
-#           user  = ${postfix.user}
-#           group = ${postfix.group}
-#           mode  = 0660
-#           }
-#         }
-#       service imap {
-#         # Most of the memory goes to mmap()ing files.
-#         # You may need to increase this limit if you have huge mailboxes.
-#         #vsz_limit =
-#         process_limit = 1024
-#         }
-#       service imap-login {
-#         #inet_listener imap {
-#         #  address = 127.0.0.1
-#         #  port    = 143
-#         #  ssl     = no
-#         #  }
-#         inet_listener imaps {
-#           port = 993
-#           ssl  = yes
-#           }
-#         }
-#       service pop3 {
-#         process_limit = 1024
-#         }
-#       service pop3-login {
-#         inet_listener pop3s {
-#           port = 995
-#           ssl  = yes
-#           }
-#         }
-#       ssl = required
-#       #ssl_ca   = <''${caPath}
-#       ssl_cert = <${x509.cert}
-#       # Only with dovecot >= 2.3
-#       #ssl_dh   = <${x509.dir}/dh.pem
-#       ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
-#       ssl_key = <${x509.key}
-#       #ssl_verify_client_cert = yes
-#     '');
-#   };
-# };
-
 }
-
-   #loginAccounts = lib.mkOption {
-   #  type = types.loaOf (types.submodule ({name, ...}: {
-   #    config.name = lib.mkDefault name;
-   #    options     = {
-   #      name = lib.mkOption {
-   #        type        = types.str;
-   #        example     = "user1@example.coop";
-   #        description = "Username";
-   #      };
-   #      password = lib.mkOption {
-   #        type        = types.str;
-   #        example     = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";
-   #        description = ''
-   #          Hashed password. Use `mkpasswd` as follows
-   #          
-   #          ```
-   #          mkpasswd -m sha-512 "super secret password"
-   #          ```
-   #        '';
-   #      };
-   #      aliases = lib.mkOption {
-   #        type        = with types; listOf types.str;
-   #        example     = ["abuse@example.coop" "postmaster@example.coop"];
-   #        default     = [];
-   #        description = ''
-   #          A list of aliases of this login account.
-   #        '';
-   #      };
-   #      catchAll = lib.mkOption {
-   #        type        = with types; listOf (enum dovecot2.domains);
-   #        example     = ["example.coop" "example2.coop"];
-   #        default     = [];
-   #        description = ''
-   #          For which domains should this account act as a catch all?
-   #        '';
-   #      };
-   #      sieveScript = lib.mkOption {
-   #        type    = with types; nullOr lines;
-   #        default = null;
-   #        example = ''
-   #          require ["fileinto", "mailbox"];
-   #          
-   #          if address :is "from" "notifications@github.coop" {
-   #            fileinto :create "GitHub";
-   #            stop;
-   #          }
-   #          
-   #          # This must be the last rule, it will check if list-id is set, and
-   #          # file the message into the Lists folder for further investigation
-   #          elsif header :matches "list-id" "<?*>" {
-   #            fileinto :create "Lists";
-   #            stop;
-   #          }
-   #        '';
-   #        description = ''
-   #          Per-user sieve script.
-   #        '';
-   #      };
-   #    };
-   #  }));
-   #  example = {
-   #    user1 = {
-   #      password = "$6$vy7SOr8Cg$l1QwFSkK6YR72ASUBmMmAqg51Fqu96mPZrKzADh5aI7bEOtTzDger9JSVnUhQ/DiqhxO1N55BUikE01mWvBee1";
-   #    };
-   #    user2 = {
-   #      password = "$6$gmebVgh5iJ9IyAJ5$i2aEvWZqS3iUq7mxSAhs5F./uUvQ4zmqFAdH3fsGiwabekdP.On8HCzpDCRS2nzzYNQ8ZisqyIwXf9R2rkC531";
-   #    };
-   #  };
-   #  description = ''
-   #    The login account of the domain. Every account is mapped to a unix user,
-   #    e.g. `user1@example.coop`. To generate the passwords use `mkpasswd` as
-   #    follows
-   #    
-   #    ```
-   #    mkpasswd -m sha-512 "super secret password"
-   #    ```
-   #  '';
-   #  default = {};
-   #};
-   #extraVirtualAliases = lib.mkOption {
-   #  type = with types; attrsOf (enum (builtins.attrNames machine.mail.loginAccounts));
-   #  example = {
-   #    "info@example.coop"       = "user1@example.coop";
-   #    "postmaster@example.coop" = "user1@example.coop";
-   #    "abuse@example.coop"      = "user1@example.coop";
-   #  };
-   #  default = {};
-   #  description = ''
-   #    Virtual Aliases. A virtual alias `"info@example2.coop" = "user1@example.coop"`
-   #    means that all mail to `info@example2.coop` is forwarded to `user1@example.coop`.
-   #    Note that it is expected that `postmaster@example.coop` and `abuse@example.coop` is
-   #    forwarded to some valid email address. (Alternatively you can create login
-   #    accounts for `postmaster` and (or) `abuse`). Furthermore, it also allows
-   #    the user `user1@example.coop` to send emails as `info@example2.coop`.
-   #  '';
-   #};
-