From 292c0bad617f3eb5a73b4aaf373d16a0803eab6c Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 24 Sep 2023 13:02:51 -0700 Subject: [PATCH] Wrap dovecot2 with services {} --- dovecot.nix | 326 ++++++++++++++++++++++++++-------------------------- 1 file changed, 164 insertions(+), 162 deletions(-) diff --git a/dovecot.nix b/dovecot.nix index 71f91d7..c7efa05 100644 --- a/dovecot.nix +++ b/dovecot.nix @@ -188,17 +188,6 @@ in { }; config = mkIf cfg.enable { - services = { - prometheus.exporters.dovecot = { - enable = true; - scopes = [ "user" "global" ]; - user = cfg.metrics.user; - listenAddresses = "127.0.0.1"; - port = cfg.metrics.port; - socketPath = "/var/run/dovecot2/old-stats"; - }; - }; - users = { users = { "${cfg.mail-user}" = { @@ -224,167 +213,180 @@ in { ]; }; - dovecot2 = { - enable = true; - enableImap = true; - enableLmtp = true; + services = { + prometheus.exporters.dovecot = { + enable = true; + scopes = [ "user" "global" ]; + user = cfg.metrics.user; + listenAddresses = "127.0.0.1"; + port = cfg.metrics.port; + socketPath = "/var/run/dovecot2/old-stats"; + }; - mailUser = cfg.mail-user; - mailGroup = cfg.mail-group; - mailLocation = "maildir:${cfg.state-directory}/mail//%u/"; - createMailUser = false; + dovecot2 = { + enable = true; + enableImap = true; + enableLmtp = true; - sslServerCert = cfg.ssl.certificate; - sslServerKey = cfg.ssl.private-key; + mailUser = cfg.mail-user; + mailGroup = cfg.mail-group; + mailLocation = "maildir:${cfg.state-directory}/mail//%u/"; + createMailUser = false; - mailboxes = cfg.mailboxes; + sslServerCert = cfg.ssl.certificate; + sslServerKey = cfg.ssl.private-key; - modules = with pkgs; [ dovecot_pidgeonhole ]; - protocols = [ "sieve" ]; + mailboxes = cfg.mailboxes; - mailPlugins.globally.enable = [ "old_stats" ]; + modules = with pkgs; [ dovecot_pidgeonhole ]; + protocols = [ "sieve" ]; - sieveScripts = { - after = builtins.toFile "spam.sieve" '' - require "fileinto"; + mailPlugins.globally.enable = [ "old_stats" ]; - if header :is "X-Spam" "Yes" { - fileinto "Junk"; - stop; + sieveScripts = { + after = builtins.toFile "spam.sieve" '' + require "fileinto"; + + if header :is "X-Spam" "Yes" { + fileinto "Junk"; + stop; + } + ''; + }; + + extraConfig = let + # Add learn_ham & learn_spam to dovecot2 path for use by sieves + pipeBin = let + teachRspamd = msg: + pkgs.writeShellApplication { + name = "rspamd_${msg}"; + runtimeInputs = with pkgs; [ rspamd ]; + text = + "exec rspamc -h ${cfg.rspamd.host}:${cfg.rspam.port} ${msg}"; + }; + learnHam = teachRspamd "learn_ham"; + learnSpam = teachRspamd "learn_spam"; + in pkgs.buildEnv { + name = "rspam_pipe_bin"; + paths = [ learnHam learnSpam ]; + }; + + mailUserUid = config.users.users."${cfg.mail-user}".uid; + mailUserGid = config.users.group."${cfg.mail-group}".gid; + in '' + ## Extra Config + + mail_plugins = $mail_plugins + + ${lib.optionalString cfg.debug '' + mail_debug = yes + auth_debug = yes + verbose_ssl = yes + ''} + + protocol imap { + mail_max_userip_connections = ${toString cfg.max-user-connections} + mail_plugins = $mail_plugins imap_sieve + } + + protocol lmtp { + mail_plugins = $mail_plugins sieve + } + + mail_access_groups = ${cfg.mail-group} + + # When looking up usernames, just use the name, not the full address + auth_username_format = %n + + auth_mechanisms = login plain + + service lmtp { + # Enable logging in debug mode + ${optionalString cfg.debug "executable = lmtp -L"} + + inet_listener dovecot-lmtp { + address = 0.0.0.0 + port = ${toString cfg.ports.lmtp} + } + + # Drop privs, since all mail is owned by one user + user = ${cfg.mail-user} + # group = ${cfg.mail-group} + # user = root + } + + + passdb { + driver = ldap + args = ${cfg.ldap-conf} + } + + # All users map to one actual system user + userdb { + driver = static + args = uid=${ + toString mailUserUid + } home=${cfg.state-directory}/mail/%u + } + + service imap { + vsz_limit = 1024M + } + + namespace inbox { + separator = "/" + inbox = yes + } + + plugin { + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve = file:${cfg.state-directory}/sieves/%u/scripts;active=${cfg.state-directory}/sieves/%u/active.sieve + sieve_default = file:${cfg.sieve-directory}/%u/default.sieve + sieve_default_name = default + # From elsewhere to Spam folder + imapsieve_mailbox1_name = Junk + imapsieve_mailbox1_causes = COPY + imapsieve_mailbox1_before = file:${sievePath}/report-spam.sieve + # From Spam folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Junk + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:${sievePath}/report-ham.sieve + + sieve_pipe_bin_dir = ${pipeBin}/bin + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment + } + + recipient_delimiter = + + + lmtp_save_to_detail_mailbox = yes + + lda_mailbox_autosubscribe = yes + lda_mailbox_autocreate = yes + + service old-stats { + unix_listener old-stats { + user = ${cfg.metrics.user} + group = ${cfg.metrics.group} + } + fifo_listener old-stats-mail { + mode = 0660 + user = ${config.services.dovecot2.user} + group = ${config.services.dovecot2.group} + } + fifo_listener old-stats-user { + mode = 0660 + user = ${config.services.dovecot2.user} + group = ${config.services.dovecot2.group} + } + } + + plugin { + old_stats_refresh = 30 secs + old_stats_track_cmds = yes } ''; }; - - extraConfig = let - # Add learn_ham & learn_spam to dovecot2 path for use by sieves - pipeBin = let - teachRspamd = msg: - pkgs.writeShellApplication { - name = "rspamd_${msg}"; - runtimeInputs = with pkgs; [ rspamd ]; - text = - "exec rspamc -h ${cfg.rspamd.host}:${cfg.rspam.port} ${msg}"; - }; - learnHam = teachRspamd "learn_ham"; - learnSpam = teachRspamd "learn_spam"; - in pkgs.buildEnv { - name = "rspam_pipe_bin"; - paths = [ learnHam learnSpam ]; - }; - - mailUserUid = config.users.users."${cfg.mail-user}".uid; - mailUserGid = config.users.group."${cfg.mail-group}".gid; - in '' - ## Extra Config - - mail_plugins = $mail_plugins - - ${lib.optionalString cfg.debug '' - mail_debug = yes - auth_debug = yes - verbose_ssl = yes - ''} - - protocol imap { - mail_max_userip_connections = ${toString cfg.max-user-connections} - mail_plugins = $mail_plugins imap_sieve - } - - protocol lmtp { - mail_plugins = $mail_plugins sieve - } - - mail_access_groups = ${cfg.mail-group} - - # When looking up usernames, just use the name, not the full address - auth_username_format = %n - - auth_mechanisms = login plain - - service lmtp { - # Enable logging in debug mode - ${optionalString cfg.debug "executable = lmtp -L"} - - inet_listener dovecot-lmtp { - address = 0.0.0.0 - port = ${toString cfg.ports.lmtp} - } - - # Drop privs, since all mail is owned by one user - user = ${cfg.mail-user} - # group = ${cfg.mail-group} - # user = root - } - - - passdb { - driver = ldap - args = ${cfg.ldap-conf} - } - - # All users map to one actual system user - userdb { - driver = static - args = uid=${toString mailUserUid} home=${cfg.state-directory}/mail/%u - } - - service imap { - vsz_limit = 1024M - } - - namespace inbox { - separator = "/" - inbox = yes - } - - plugin { - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve = file:${cfg.state-directory}/sieves/%u/scripts;active=${cfg.state-directory}/sieves/%u/active.sieve - sieve_default = file:${cfg.sieve-directory}/%u/default.sieve - sieve_default_name = default - # From elsewhere to Spam folder - imapsieve_mailbox1_name = Junk - imapsieve_mailbox1_causes = COPY - imapsieve_mailbox1_before = file:${sievePath}/report-spam.sieve - # From Spam folder to elsewhere - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Junk - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:${sievePath}/report-ham.sieve - - sieve_pipe_bin_dir = ${pipeBin}/bin - sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment - } - - recipient_delimiter = + - - lmtp_save_to_detail_mailbox = yes - - lda_mailbox_autosubscribe = yes - lda_mailbox_autocreate = yes - - service old-stats { - unix_listener old-stats { - user = ${cfg.metrics.user} - group = ${cfg.metrics.group} - } - fifo_listener old-stats-mail { - mode = 0660 - user = ${config.services.dovecot2.user} - group = ${config.services.dovecot2.group} - } - fifo_listener old-stats-user { - mode = 0660 - user = ${config.services.dovecot2.user} - group = ${config.services.dovecot2.group} - } - } - - plugin { - old_stats_refresh = 30 secs - old_stats_track_cmds = yes - } - ''; }; }; }