in
{
config = {
- environment.etc."nginx/site.d/autoconfig.conf".source =
- let servers = lib.concatMapStringsSep " "
- (dom: "autoconfig.${dom}")
- (attrNames dovecot2.domains);
- autoconfigSite = pkgs.writeTextFile {
- name = "autoconfig";
- destination = "/mail/config-v1.1.xml";
- text = ''
- <?xml version="1.0"?>
- <clientConfig version="1.1">
- <emailProvider id="%EMAILDOMAIN%">
- <!-- <displayName></displayName> -->
- <!-- <displayShortName></displayShortName> -->
- <domain>%EMAILDOMAIN%</domain>
- <incomingServer type="imap">
- <hostname>imap.%EMAILDOMAIN%</hostname>
- <port>993</port>
- <socketType>SSL</socketType>
- <username>%EMAILADDRESS%</username>
- <authentication>password-cleartext</authentication>
- </incomingServer>
- <incomingServer type="pop3">
- <hostname>pop.%EMAILDOMAIN%</hostname>
- <port>995</port>
- <socketType>SSL</socketType>
- <username>%EMAILADDRESS%</username>
- <authentication>password-cleartext</authentication>
- <pop3>
- <leaveMessagesOnServer>false</leaveMessagesOnServer>
- <downloadOnBiff>true</downloadOnBiff>
- </pop3>
- </incomingServer>
- <outgoingServer type="smtp">
- <hostname>smtp.%EMAILDOMAIN%</hostname>
- <port>465</port>
- <socketType>SSL</socketType> <!-- see above -->
- <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
- <authentication>password-cleartext</authentication>
- <!-- <restriction>client-IP-address</restriction> -->
- <addThisServer>true</addThisServer>
- <useGlobalPreferredServer>false</useGlobalPreferredServer>
- </outgoingServer>
- </emailProvider>
- <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->
- </clientConfig>
- '';
- };
- in
- pkgs.writeText "autoconfig.conf" ''
- server {
- listen 80;
- server_name ${servers};
- root ${autoconfigSite};
- access_log off;
- log_not_found off;
- }
- server {
- listen 443 ssl http2;
- ssl on;
- server_name ${servers};
- root ${autoconfigSite};
- access_log off;
- log_not_found off;
- }
- '';
+ #environment.etc."nginx/site.d/autoconfig.conf".source =
+ # let servers = lib.concatMapStringsSep " "
+ # (dom: "autoconfig.${dom}")
+ # (attrNames dovecot2.domains);
+ # autoconfigSite = pkgs.writeTextFile {
+ # name = "autoconfig";
+ # destination = "/mail/config-v1.1.xml";
+ # text = ''
+ # <?xml version="1.0"?>
+ # <clientConfig version="1.1">
+ # <emailProvider id="%EMAILDOMAIN%">
+ # <!-- <displayName></displayName> -->
+ # <!-- <displayShortName></displayShortName> -->
+ # <domain>%EMAILDOMAIN%</domain>
+ # <incomingServer type="imap">
+ # <hostname>imap.%EMAILDOMAIN%</hostname>
+ # <socketType>SSL</socketType>
+ # <username>%EMAILADDRESS%</username>
+
# <authentication>password-cleartext</authentication>
+ # </incomingServer>
+ # <incomingServer type="pop3">
+ # <hostname>pop.%EMAILDOMAIN%</hostname>
+ # <socketType>SSL</socketType>
+ # <username>%EMAILADDRESS%</username>
+
# <authentication>password-cleartext</authentication>
+ # <leaveMessagesOnServer>false</leaveMessagesOnServer>
+ # <downloadOnBiff>true</downloadOnBiff>
+ # </pop3>
+ # </incomingServer>
+ # <outgoingServer type="smtp">
+ # <hostname>smtp.%EMAILDOMAIN%</hostname>
+ # <socketType>SSL</socketType> <!-- see above -->
+ # <username>%EMAILADDRESS%</username> <!-- if smtp-auth -->
+
# <authentication>password-cleartext</authentication>
+ # <!-- <restriction>client-IP-address</restriction> -->
+
# <addThisServer>true</addThisServer>
+ # <useGlobalPreferredServer>false</useGlobalPreferredServer>
+ # </outgoingServer>
+ # </emailProvider>
+ # <!-- <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" /> -->
+ # </clientConfig>
+ # '';
+ # };
+ # in
+ # pkgs.writeText "autoconfig.conf" ''
+ # server {
+ # listen 80;
+ # server_name ${servers};
+ # root ${autoconfigSite};
+ # access_log off;
+ # log_not_found off;
+ # }
+ # server {
+ # listen 443 ssl http2;
+ # ssl on;
+ # server_name ${servers};
+ # root ${autoconfigSite};
+ # access_log off;
+ # log_not_found off;
+ # }
+ # '';
#services.postfix.mapFiles."transport-dovecot" =
# toFile "transport-dovecot"
# (unlines
# Install users
''
+ unlines (lib.mapAttrsToList (user: acct: ''
+ (
home=${mailDir}/${domain}/${user}
gecos=
shell=/run/current-system/sw/bin/nologin
}
printf '%s\n' >>$new_passwd \
"${user}:$pass:$uid:$gid:$gecos:$home:$shell:$extra_fields"
+ )
'') accounts)
+ ''
install -o ${authUser} -g ${authGroup} -m 0640 $new_passwd $old_passwd
ssl = required
#ssl_ca = <''${caPath}
ssl_cert = <${x509.cert}
- # Only with dovecot >= 2.3
- #ssl_dh = <${x509.dir}/dh.pem
+ ssl_dh = <${x509.dir}/dh.pem
+ # gOTE: only with dovecot >= 2.3
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_key = <${x509.key}
#ssl_verify_client_cert = yes
inherit (lib) types;
inherit (config.services) dkim dovecot2 rmilter;
- createDomainDkimCert = dom:
- let dkim_key = "${dkim.keyDir}/${dom}.${dkim.selector}.key";
- dkim_txt = "${dkim.keyDir}/${dom}.${dkim.selector}.txt";
+ createDomainDkimCert = domain:
+ let dkim_key = "${dkim.keyDir}/${domain}.${dkim.selector}.key";
+ dkim_txt = "${dkim.keyDir}/${domain}.${dkim.selector}.txt";
in ''
if [ ! -f "${dkim_key}" ] || [ ! -f "${dkim_txt}" ]
then
${pkgs.opendkim}/bin/opendkim-genkey \
- -s "${dkim.selector}" \
- -d "${dom}" \
+ --domain "${domain}" \
+ --selector "${dkim.selector}" \
--directory="${dkim.keyDir}"
mv "${dkim.keyDir}/${dkim.selector}.private" "${dkim_key}"
mv "${dkim.keyDir}/${dkim.selector}.txt" "${dkim_txt}"
auth_only = yes;
};
'';
+ bindSocket.type = "inet";
};
+ #systemd.sockets.rmilter.socketConfig.Accept = true;
systemd.services.rmilter = {
requires = [ "rmilter.socket" ];
after = [ "rmilter.socket" ];
sourcephile / git / sourcephile-nix.git / commitdiff