losurdo: openvpn-calyx: update CA and IPv4
[sourcephile-nix.git] / hosts / mermet / dovecot / sourcephile.fr.nix
index eb5d692216ba8b1de8a5263c7524f936e9f5ae38..e8c7acfe4198aef4ebc974a04c9e45921c2cfc42 100644 (file)
@@ -7,63 +7,65 @@ let
   domainGroup = "sourcephile";
 in
 {
-services.dovecot2.extraConfig =
-  let domainConfig = ''
-    ssl_cert = </var/lib/acme/${domain}/fullchain.pem
-    ssl_key = </var/lib/acme/${domain}/key.pem
-  '';
-  in lib.mkAfter ''
-  local_name mail.${domain} {
-    ${domainConfig}
-  }
-  local_name imap.${domain} {
-    ${domainConfig}
-  }
-  passdb {
-    username_filter = *@${domain}
-    # Because auth_bind=yes and auth_bind_userdn are used,
-    # this cannot prefetch any userdb_*.
-    driver = ldap
-    # The path to the ldap.conf must be unique,
-    # otherwise dovecot caches the result from other passdb,
-    # which may be wrong because of username_filter.
-    args = ${pkgs.writeText "${domain}-ldap.conf" (readFile ./ldap.conf)}
-    default_fields =
-    override_fields =
-    skip = authenticated
-  }
-'';
-security.acme.certs."${domain}" = {
-  postRun = "systemctl reload dovecot2";
-};
-systemd.services.dovecot2 = {
-  wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
-  after = [ "acme-selfsigned-${domain}.service" ];
-  preStart = ''
-    install -D -d -m 1770 \
-     -o "${dovecot2.user}" \
-     -g "${domainGroup}" \
-     ${stateDir}/home/${domain} \
-     ${stateDir}/control/${domain} \
-     ${stateDir}/index/${domain} \
-     ${stateDir}/acl/${domain}
+  services.dovecot2.extraConfig =
+    let
+      domainConfig = ''
+        ssl_cert = </var/lib/acme/${domain}/fullchain.pem
+        ssl_key = </var/lib/acme/${domain}/key.pem
+      '';
+    in
+    lib.mkAfter ''
+      local_name mail.${domain} {
+        ${domainConfig}
+      }
+      local_name imap.${domain} {
+        ${domainConfig}
+      }
+      passdb {
+        username_filter = *@${domain}
+        # Because auth_bind=yes and auth_bind_userdn are used,
+        # this cannot prefetch any userdb_*.
+        driver = ldap
+        # The path to the ldap.conf must be unique,
+        # otherwise dovecot caches the result from other passdb,
+        # which may be wrong because of username_filter.
+        args = ${pkgs.writeText "${domain}-ldap.conf" (readFile ./ldap.conf)}
+        default_fields =
+        override_fields =
+        skip = authenticated
+      }
+    '';
+  security.acme.certs."${domain}" = {
+    postRun = "systemctl reload dovecot2";
+  };
+  systemd.services.dovecot2 = {
+    wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
+    after = [ "acme-selfsigned-${domain}.service" ];
+    preStart = ''
+      install -D -d -m 1770 \
+       -o "${dovecot2.user}" \
+       -g "${domainGroup}" \
+       ${stateDir}/home/${domain} \
+       ${stateDir}/control/${domain} \
+       ${stateDir}/index/${domain} \
+       ${stateDir}/acl/${domain}
 
-    # NOTE: do not set the sticky bit (+t)
-    #       on acl/<domain>/, to let dovecot
-    #       rename acl.db.lock (own by new user)
-    #       to     acl.db      (own by old user)
-    chmod -t ${stateDir}/acl/${domain}
-  '';
-};
-services.nginx.virtualHosts."autoconfig.${domain}" = {
-  serverName = "autoconfig.${domain}";
-  #addSSL = true;
-  extraConfig = ''
-    access_log off;
-    log_not_found off;
-  '';
-  forceSSL = true;
-  useACMEHost = domain;
-  root = ./autoconfig;
-};
+      # NOTE: do not set the sticky bit (+t)
+      #       on acl/<domain>/, to let dovecot
+      #       rename acl.db.lock (own by new user)
+      #       to     acl.db      (own by old user)
+      chmod -t ${stateDir}/acl/${domain}
+    '';
+  };
+  services.nginx.virtualHosts."autoconfig.${domain}" = {
+    serverName = "autoconfig.${domain}";
+    #addSSL = true;
+    extraConfig = ''
+      access_log off;
+      log_not_found off;
+    '';
+    forceSSL = true;
+    useACMEHost = domain;
+    root = ./autoconfig;
+  };
 }