Merged frace

config/fudo/mail-container.nix

@@ -160,21 +160,21 @@ in rec {
           };
         };
 
-        users = {
+        # users = {
-          users = {
+        #   users = {
-            ${container-mail-user} = {
+        #     ${container-mail-user} = {
-              isSystemUser = true;
+        #       isSystemUser = true;
-              uid = container-mail-user-id;
+        #       uid = container-mail-user-id;
-              group = "mailer";
+        #       group = "mailer";
-            };
+        #     };
-          };
+        #   };
 
-          groups = {
+        #   groups = {
-            ${container-mail-group} = {
+        #     ${container-mail-group} = {
-              members = ["mailer"];
+        #       members = ["mailer"];
-            };
+        #     };
-          };
+        #   };
-        };
+        # };
 
         fudo.mail-server = {
           enable = true;
@@ -193,10 +193,12 @@ in rec {
           dovecot = {
             ssl-certificate = "/etc/${container-dovecot-cert}";
             ssl-private-key = "/etc/dovecot-certs/key.pem";
-            ldap-ca = "/etc/${container-fudo-ca-cert}";
+            ldap = {
-            ldap-urls = cfg.dovecot.ldap-urls;
+              # ca = "/etc/${container-fudo-ca-cert}";
-            ldap-reader-dn = cfg.dovecot.ldap-reader-dn;
+              server-urls = cfg.dovecot.ldap.server-urls;
-            ldap-reader-passwd = cfg.dovecot.ldap-reader-passwd;
+              reader-dn = cfg.dovecot.ldap.reader-dn;
+              reader-passwd = cfg.dovecot.ldap.reader-passwd;
+            };
           };
 
           local-domains = cfg.local-domains;

config/fudo/mail/dovecot.nix

@@ -53,10 +53,12 @@ let
       }
     '';
 
-  ldapOpts = with types; {
+  ldapOpts = {
+    options = with types; {
       ca = mkOption {
-      type = str;
+        type = nullOr str;
         description = "The path to the CA cert used to sign the LDAP server certificate.";
+        default = null;
       };
 
       server-urls = mkOption {
@@ -72,13 +74,14 @@ let
       '';
       };
 
-    reader-pw = mkOption {
+      reader-passwd = mkOption {
         type = str;
         description = ''
         Password for the user specified in ldap-reader-dn.
       '';
       };
     };
+  };
 
   dovecot-user = config.services.dovecot2.user;
 
@@ -204,7 +207,7 @@ in {
         auth_mechanisms = login plain
 
         ${optionalString (cfg.dovecot.ldap != null)
-          (ldap-conf cfg.dovecot.ldap)}
+          (ldap-passwd-entry cfg.dovecot.ldap)}
         userdb {
           driver = static
           args = uid=${toString cfg.mail-user-id} home=${cfg.mail-directory}/%u

hosts/france.nix

@@ -237,11 +237,13 @@ in {
     state-directory = "${system-mail-directory}/var";
     mail-directory = "${system-mail-directory}/mailboxes";
 
-    dovecot.ldap-reader-dn = "cn=user_db_reader,dc=fudo,dc=org";
+    dovecot.ldap = {
-    dovecot.ldap-reader-passwd = fileContents /srv/ldap/secure/user_db.passwd;
+      reader-dn = "cn=user_db_reader,dc=fudo,dc=org";
+      reader-passwd = fileContents /srv/ldap/secure/user_db.passwd;
 
       # FIXME: use SSL once I can figure out Acme SSL cert CA for LDAP.
-    dovecot.ldap-urls = [ "ldap://france.fudo.org" ];
+      server-urls = [ "ldap://france.fudo.org" ];
+    };
 
     clamav.enable = true;
 
@@ -277,7 +279,7 @@ in {
           name = "webmail";
           hostname = "localhost";
           user = "webmail";
-          password-file = /srv/webmail/secure/db.passwd;
+          password-file = "/srv/webmail/secure/db.passwd";
         };
       };
 
@@ -290,7 +292,7 @@ in {
           name = "webmail";
           hostname = "localhost";
           user = "webmail";
-          password-file = /srv/webmail/secure/db.passwd;
+          password-file = "/srv/webmail/secure/db.passwd";
         };
       };
     };