nixos-config/config/host-config/france/mail-server.nix

{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  domain-name = config.instance.local-domain;

  secrets = config.fudo.secrets.host-secrets.${hostname};

  mail-reader-dn = "mail-auth-reader";
in {
  options.france.mail = with types; {
    mail-directory = mkOption {
      type = str;
      description = "Directory to contain user maildirs.";
    };

    state-directory = mkOption {
      type = str;
      description = "Directory to contain mail-server state.";
    };

    ldap-server-urls = mkOption {
      type = listOf str;
      description = "List of LDAP server URLs.";
    };
  };

  config.fudo = {
    system-users = {
      username = mail-reader-dn;
      description = "Used by the mail server to connect to LDAP for auth.";
      ldap-hashed-password =
        pkgs.lib.fudo.passwd.hash-ldap-passwd
          secrets.mail-reader-passwd.target-file;
    };

    mail-server = {
      enableContainer = true;
      monitoring = true;

      hostname = "mail.${domain-name}";

      state-directory = cfg.state-directory;
      mail-directory = cfg.mail-directory;

      dovecot.ldap = {
        reader-dn = "cn=mail-reader-dn,${config.fudo.auth.ldap.base}";
        reader-password-file = secrets.mail-reader-passwd.target-file;
        server-urls = cfg.ldap-server-urls;
      };

      clamav.enable = true;
      dkim.signing = true;
    };
  };
}
Partway to getting France back in the fold. Stuck on ACME certs. 2021-10-28 09:32:35 -07:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`domain-name = config.instance.local-domain;`

			`secrets = config.fudo.secrets.host-secrets.${hostname};`

			`mail-reader-dn = "mail-auth-reader";`
			`in {`
			`options.france.mail = with types; {`
			`mail-directory = mkOption {`
			`type = str;`
			`description = "Directory to contain user maildirs.";`
			`};`

			`state-directory = mkOption {`
			`type = str;`
			`description = "Directory to contain mail-server state.";`
			`};`

			`ldap-server-urls = mkOption {`
			`type = listOf str;`
			`description = "List of LDAP server URLs.";`
			`};`
			`};`

			`config.fudo = {`
			`system-users = {`
			`username = mail-reader-dn;`
			`description = "Used by the mail server to connect to LDAP for auth.";`
			`ldap-hashed-password =`
			`pkgs.lib.fudo.passwd.hash-ldap-passwd`
			`secrets.mail-reader-passwd.target-file;`
			`};`

			`mail-server = {`
			`enableContainer = true;`
			`monitoring = true;`

			`hostname = "mail.${domain-name}";`

			`state-directory = cfg.state-directory;`
			`mail-directory = cfg.mail-directory;`

			`dovecot.ldap = {`
			`reader-dn = "cn=mail-reader-dn,${config.fudo.auth.ldap.base}";`
			`reader-password-file = secrets.mail-reader-passwd.target-file;`
			`server-urls = cfg.ldap-server-urls;`
			`};`

			`clamav.enable = true;`
			`dkim.signing = true;`
			`};`
			`};`
			`}`