Merged frace
This commit is contained in:
root
parent
b82ec83d3c
commit
98fa41f171
@ -160,21 +160,21 @@ in rec {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users = {
|
# users = {
|
||||||
users = {
|
# users = {
|
||||||
${container-mail-user} = {
|
# ${container-mail-user} = {
|
||||||
isSystemUser = true;
|
# isSystemUser = true;
|
||||||
uid = container-mail-user-id;
|
# uid = container-mail-user-id;
|
||||||
group = "mailer";
|
# group = "mailer";
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
|
||||||
groups = {
|
# groups = {
|
||||||
${container-mail-group} = {
|
# ${container-mail-group} = {
|
||||||
members = ["mailer"];
|
# members = ["mailer"];
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
|
||||||
fudo.mail-server = {
|
fudo.mail-server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -193,10 +193,12 @@ in rec {
|
|||||||
dovecot = {
|
dovecot = {
|
||||||
ssl-certificate = "/etc/${container-dovecot-cert}";
|
ssl-certificate = "/etc/${container-dovecot-cert}";
|
||||||
ssl-private-key = "/etc/dovecot-certs/key.pem";
|
ssl-private-key = "/etc/dovecot-certs/key.pem";
|
||||||
ldap-ca = "/etc/${container-fudo-ca-cert}";
|
ldap = {
|
||||||
ldap-urls = cfg.dovecot.ldap-urls;
|
# ca = "/etc/${container-fudo-ca-cert}";
|
||||||
ldap-reader-dn = cfg.dovecot.ldap-reader-dn;
|
server-urls = cfg.dovecot.ldap.server-urls;
|
||||||
ldap-reader-passwd = cfg.dovecot.ldap-reader-passwd;
|
reader-dn = cfg.dovecot.ldap.reader-dn;
|
||||||
|
reader-passwd = cfg.dovecot.ldap.reader-passwd;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
local-domains = cfg.local-domains;
|
local-domains = cfg.local-domains;
|
||||||
|
|||||||
@ -53,30 +53,33 @@ let
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
ldapOpts = with types; {
|
ldapOpts = {
|
||||||
ca = mkOption {
|
options = with types; {
|
||||||
type = str;
|
ca = mkOption {
|
||||||
description = "The path to the CA cert used to sign the LDAP server certificate.";
|
type = nullOr str;
|
||||||
};
|
description = "The path to the CA cert used to sign the LDAP server certificate.";
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
|
||||||
server-urls = mkOption {
|
server-urls = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
description = "A list of LDAP server URLs used for authentication.";
|
description = "A list of LDAP server URLs used for authentication.";
|
||||||
};
|
};
|
||||||
|
|
||||||
reader-dn = mkOption {
|
reader-dn = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
description = ''
|
description = ''
|
||||||
DN to use for reading user information. Needs access to homeDirectory,
|
DN to use for reading user information. Needs access to homeDirectory,
|
||||||
uidNumber, gidNumber, and uid, but not password attributes.
|
uidNumber, gidNumber, and uid, but not password attributes.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
reader-pw = mkOption {
|
reader-passwd = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
description = ''
|
description = ''
|
||||||
Password for the user specified in ldap-reader-dn.
|
Password for the user specified in ldap-reader-dn.
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -204,7 +207,7 @@ in {
|
|||||||
auth_mechanisms = login plain
|
auth_mechanisms = login plain
|
||||||
|
|
||||||
${optionalString (cfg.dovecot.ldap != null)
|
${optionalString (cfg.dovecot.ldap != null)
|
||||||
(ldap-conf cfg.dovecot.ldap)}
|
(ldap-passwd-entry cfg.dovecot.ldap)}
|
||||||
userdb {
|
userdb {
|
||||||
driver = static
|
driver = static
|
||||||
args = uid=${toString cfg.mail-user-id} home=${cfg.mail-directory}/%u
|
args = uid=${toString cfg.mail-user-id} home=${cfg.mail-directory}/%u
|
||||||
|
|||||||
@ -237,11 +237,13 @@ in {
|
|||||||
state-directory = "${system-mail-directory}/var";
|
state-directory = "${system-mail-directory}/var";
|
||||||
mail-directory = "${system-mail-directory}/mailboxes";
|
mail-directory = "${system-mail-directory}/mailboxes";
|
||||||
|
|
||||||
dovecot.ldap-reader-dn = "cn=user_db_reader,dc=fudo,dc=org";
|
dovecot.ldap = {
|
||||||
dovecot.ldap-reader-passwd = fileContents /srv/ldap/secure/user_db.passwd;
|
reader-dn = "cn=user_db_reader,dc=fudo,dc=org";
|
||||||
|
reader-passwd = fileContents /srv/ldap/secure/user_db.passwd;
|
||||||
|
|
||||||
# FIXME: use SSL once I can figure out Acme SSL cert CA for LDAP.
|
# FIXME: use SSL once I can figure out Acme SSL cert CA for LDAP.
|
||||||
dovecot.ldap-urls = [ "ldap://france.fudo.org" ];
|
server-urls = [ "ldap://france.fudo.org" ];
|
||||||
|
};
|
||||||
|
|
||||||
clamav.enable = true;
|
clamav.enable = true;
|
||||||
|
|
||||||
@ -277,7 +279,7 @@ in {
|
|||||||
name = "webmail";
|
name = "webmail";
|
||||||
hostname = "localhost";
|
hostname = "localhost";
|
||||||
user = "webmail";
|
user = "webmail";
|
||||||
password-file = /srv/webmail/secure/db.passwd;
|
password-file = "/srv/webmail/secure/db.passwd";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -290,7 +292,7 @@ in {
|
|||||||
name = "webmail";
|
name = "webmail";
|
||||||
hostname = "localhost";
|
hostname = "localhost";
|
||||||
user = "webmail";
|
user = "webmail";
|
||||||
password-file = /srv/webmail/secure/db.passwd;
|
password-file = "/srv/webmail/secure/db.passwd";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user