-{ inputs, pkgs, lib, config, system, host, ... }:
+{ pkgs, lib, config, host, hostName, ... }:
let
inherit (builtins) toString toFile readFile;
inherit (lib) types;
inherit (config) networking;
inherit (config.services) dovecot2 postfix openldap;
- # NOTE: nixpkgs' dovecot2.stateDir is currently not exported
stateDir = "/var/lib/dovecot";
sieve_pipe_bin_dir = pkgs.buildEnv {
dovecot/sourcephile.fr.nix
dovecot/autogeree.net.nix
];
+environment.systemPackages = [
+ pkgs.dovecot_pigeonhole
+];
users.groups.acme.members = [ dovecot2.user ];
systemd.services.dovecot2 = {
after = [
${stateDir}/mail
'';
*/
+ preStart = ''
+ ln -fns -t ${stateDir}/virtual/ \
+ ${dovecot-virtual-all}/All \
+ ${dovecot-virtual-recents}/Recents
+ '';
serviceConfig = {
#ExecStart = lib.mkForce "${pkgs.utillinux}/bin/setarch x86_64 --addr-no-randomize /bin/sh -c 'LD_PRELOAD=${pkgs.gcc-unwrapped.lib}/lib/libasan.so ${pkgs.dovecot}/sbin/dovecot -F'";
# Dovecot2 does not work with environment.memoryAllocator.provider="scudo"
# Scudo ERROR: CHECK failed at /build/compiler-rt-7.1.0.src/lib/scudo/../sanitizer_common/sanitizer_allocator_primary64.h:
# 644 ((beg)) == ((address_range.MapOrDie(beg, size))) (4398046511092, 4398046507008)
BindReadOnlyPaths = [ "/dev/null:/etc/ld-nix.so.preload" ];
+ StateDirectory = ["dovecot/virtual"];
};
};
#users.users."${dovecot2.mailUser}".isSystemUser = true; # Fix nixpkgs
networking.nftables.ruleset = ''
- add rule inet filter net2fw tcp dport 993 counter accept comment "IMAPS"
- #add rule inet filter net2fw tcp dport 995 counter accept comment "POP3S"
- add rule inet filter net2fw tcp dport 4190 counter accept comment "Sieve"
+ table inet filter {
+ chain input-net {
+ tcp dport imaps counter accept comment "dovecot: IMAPS"
+ #tcp dport 995 counter accept comment "dovecot: POP3S"
+ tcp dport sieve counter accept comment "dovecot: Sieve"
+ }
+ }
'';
fileSystems."/var/lib/dovecot" = {
device = "rpool/var/mail";
fsType = "zfs";
};
+services.sanoid.datasets."rpool/var/mail" = {
+ use_template = [ "snap" ];
+ daily = 7;
+};
services.dovecot2 = {
enable = true;
modules = [
log_timestamp = "%Y-%m-%d %H:%M:%S "
ssl = required
- ssl_dh = <${inputs.secrets + "/openssl/dh.pem"}
+ ssl_dh = <${dovecot/dh4096.pem}
ssl_cipher_list = HIGH:!LOW:!SSLv2:!EXP:!aNULL
ssl_prefer_server_ciphers = yes
ssl_cert = </var/lib/acme/${networking.domain}/fullchain.pem
protocol lda {
hostname = ${networking.domain}
mail_plugins = $mail_plugins sieve
- postmaster_address = postmaster+dovecot+lda@${networking.domain}
+ postmaster_address = root+dovecot+lda@${networking.domain}
syslog_facility = mail
}
lda_mailbox_autocreate = yes
protocol lmtp {
mail_plugins = $mail_plugins sieve
- postmaster_address = postmaster+dovecot+lmtp@${networking.domain}
+ postmaster_address = root+dovecot+lmtp@${networking.domain}
}
service lmtp {
process_min_avail = ${toString host.CPUs}
USER=$2
cat << EOF | ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -d $USER -o
"plugin/quota=maildir:User quota:noenforcing"
- From: postmaster@${networking.domain}
+ From: root+docevot@${networking.domain}
Subject: [WARNING] your mailbox is now $PERCENT% full.
Please remove some mails to make room for new ones.
sourcephile / git / sourcephile-nix.git / blobdiff