public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Wrap dovecot2 with services {}

This commit is contained in:
niten 2023-09-24 13:02:51 -07:00
parent d6dfd183cb
commit 292c0bad61
1 changed files with 164 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

326
dovecot.nix
View File

@ -188,17 +188,6 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services = {
prometheus.exporters.dovecot = {
enable = true;
scopes = [ "user" "global" ];
user = cfg.metrics.user;
listenAddresses = "127.0.0.1";
port = cfg.metrics.port;
socketPath = "/var/run/dovecot2/old-stats";
};
};
users = { users = {
users = { users = {
"${cfg.mail-user}" = { "${cfg.mail-user}" = {
@ -224,167 +213,180 @@ in {
]; ];
}; };
dovecot2 = { services = {
enable = true; prometheus.exporters.dovecot = {
enableImap = true; enable = true;
enableLmtp = true; scopes = [ "user" "global" ];
user = cfg.metrics.user;
listenAddresses = "127.0.0.1";
port = cfg.metrics.port;
socketPath = "/var/run/dovecot2/old-stats";
};
mailUser = cfg.mail-user; dovecot2 = {
mailGroup = cfg.mail-group; enable = true;
mailLocation = "maildir:${cfg.state-directory}/mail//%u/"; enableImap = true;
createMailUser = false; enableLmtp = true;
sslServerCert = cfg.ssl.certificate; mailUser = cfg.mail-user;
sslServerKey = cfg.ssl.private-key; mailGroup = cfg.mail-group;
mailLocation = "maildir:${cfg.state-directory}/mail//%u/";
createMailUser = false;
mailboxes = cfg.mailboxes; sslServerCert = cfg.ssl.certificate;
sslServerKey = cfg.ssl.private-key;
modules = with pkgs; [ dovecot_pidgeonhole ]; mailboxes = cfg.mailboxes;
protocols = [ "sieve" ];
mailPlugins.globally.enable = [ "old_stats" ]; modules = with pkgs; [ dovecot_pidgeonhole ];
protocols = [ "sieve" ];
sieveScripts = { mailPlugins.globally.enable = [ "old_stats" ];
after = builtins.toFile "spam.sieve" ''
require "fileinto";
if header :is "X-Spam" "Yes" { sieveScripts = {
fileinto "Junk"; after = builtins.toFile "spam.sieve" ''
stop; require "fileinto";
if header :is "X-Spam" "Yes" {
fileinto "Junk";
stop;
}
'';
};
extraConfig = let
# Add learn_ham & learn_spam to dovecot2 path for use by sieves
pipeBin = let
teachRspamd = msg:
pkgs.writeShellApplication {
name = "rspamd_${msg}";
runtimeInputs = with pkgs; [ rspamd ];
text =
"exec rspamc -h ${cfg.rspamd.host}:${cfg.rspam.port} ${msg}";
};
learnHam = teachRspamd "learn_ham";
learnSpam = teachRspamd "learn_spam";
in pkgs.buildEnv {
name = "rspam_pipe_bin";
paths = [ learnHam learnSpam ];
};
mailUserUid = config.users.users."${cfg.mail-user}".uid;
mailUserGid = config.users.group."${cfg.mail-group}".gid;
in ''
## Extra Config
mail_plugins = $mail_plugins
${lib.optionalString cfg.debug ''
mail_debug = yes
auth_debug = yes
verbose_ssl = yes
''}
protocol imap {
mail_max_userip_connections = ${toString cfg.max-user-connections}
mail_plugins = $mail_plugins imap_sieve
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
mail_access_groups = ${cfg.mail-group}
# When looking up usernames, just use the name, not the full address
auth_username_format = %n
auth_mechanisms = login plain
service lmtp {
# Enable logging in debug mode
${optionalString cfg.debug "executable = lmtp -L"}
inet_listener dovecot-lmtp {
address = 0.0.0.0
port = ${toString cfg.ports.lmtp}
}
# Drop privs, since all mail is owned by one user
user = ${cfg.mail-user}
# group = ${cfg.mail-group}
# user = root
}
passdb {
driver = ldap
args = ${cfg.ldap-conf}
}
# All users map to one actual system user
userdb {
driver = static
args = uid=${
toString mailUserUid
} home=${cfg.state-directory}/mail/%u
}
service imap {
vsz_limit = 1024M
}
namespace inbox {
separator = "/"
inbox = yes
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve = file:${cfg.state-directory}/sieves/%u/scripts;active=${cfg.state-directory}/sieves/%u/active.sieve
sieve_default = file:${cfg.sieve-directory}/%u/default.sieve
sieve_default_name = default
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:${sievePath}/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${sievePath}/report-ham.sieve
sieve_pipe_bin_dir = ${pipeBin}/bin
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
recipient_delimiter = +
lmtp_save_to_detail_mailbox = yes
lda_mailbox_autosubscribe = yes
lda_mailbox_autocreate = yes
service old-stats {
unix_listener old-stats {
user = ${cfg.metrics.user}
group = ${cfg.metrics.group}
}
fifo_listener old-stats-mail {
mode = 0660
user = ${config.services.dovecot2.user}
group = ${config.services.dovecot2.group}
}
fifo_listener old-stats-user {
mode = 0660
user = ${config.services.dovecot2.user}
group = ${config.services.dovecot2.group}
}
}
plugin {
old_stats_refresh = 30 secs
old_stats_track_cmds = yes
} }
''; '';
}; };
extraConfig = let
# Add learn_ham & learn_spam to dovecot2 path for use by sieves
pipeBin = let
teachRspamd = msg:
pkgs.writeShellApplication {
name = "rspamd_${msg}";
runtimeInputs = with pkgs; [ rspamd ];
text =
"exec rspamc -h ${cfg.rspamd.host}:${cfg.rspam.port} ${msg}";
};
learnHam = teachRspamd "learn_ham";
learnSpam = teachRspamd "learn_spam";
in pkgs.buildEnv {
name = "rspam_pipe_bin";
paths = [ learnHam learnSpam ];
};
mailUserUid = config.users.users."${cfg.mail-user}".uid;
mailUserGid = config.users.group."${cfg.mail-group}".gid;
in ''
## Extra Config
mail_plugins = $mail_plugins
${lib.optionalString cfg.debug ''
mail_debug = yes
auth_debug = yes
verbose_ssl = yes
''}
protocol imap {
mail_max_userip_connections = ${toString cfg.max-user-connections}
mail_plugins = $mail_plugins imap_sieve
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
mail_access_groups = ${cfg.mail-group}
# When looking up usernames, just use the name, not the full address
auth_username_format = %n
auth_mechanisms = login plain
service lmtp {
# Enable logging in debug mode
${optionalString cfg.debug "executable = lmtp -L"}
inet_listener dovecot-lmtp {
address = 0.0.0.0
port = ${toString cfg.ports.lmtp}
}
# Drop privs, since all mail is owned by one user
user = ${cfg.mail-user}
# group = ${cfg.mail-group}
# user = root
}
passdb {
driver = ldap
args = ${cfg.ldap-conf}
}
# All users map to one actual system user
userdb {
driver = static
args = uid=${toString mailUserUid} home=${cfg.state-directory}/mail/%u
}
service imap {
vsz_limit = 1024M
}
namespace inbox {
separator = "/"
inbox = yes
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve = file:${cfg.state-directory}/sieves/%u/scripts;active=${cfg.state-directory}/sieves/%u/active.sieve
sieve_default = file:${cfg.sieve-directory}/%u/default.sieve
sieve_default_name = default
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:${sievePath}/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${sievePath}/report-ham.sieve
sieve_pipe_bin_dir = ${pipeBin}/bin
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
recipient_delimiter = +
lmtp_save_to_detail_mailbox = yes
lda_mailbox_autosubscribe = yes
lda_mailbox_autocreate = yes
service old-stats {
unix_listener old-stats {
user = ${cfg.metrics.user}
group = ${cfg.metrics.group}
}
fifo_listener old-stats-mail {
mode = 0660
user = ${config.services.dovecot2.user}
group = ${config.services.dovecot2.group}
}
fifo_listener old-stats-user {
mode = 0660
user = ${config.services.dovecot2.user}
group = ${config.services.dovecot2.group}
}
}
plugin {
old_stats_refresh = 30 secs
old_stats_track_cmds = yes
}
'';
}; };
}; };
} }