Create a mail directory

2023-09-30 18:54:17 -07:00 · 2023-09-30 18:54:17 -07:00 · 9d3c86a118
parent 99e9b6c519
commit 9d3c86a118
2 changed files with 13 additions and 6 deletions
--- a/dovecot.nix
+++ b/dovecot.nix
@ -17,6 +17,11 @@ in {
      description = "Directory at which to store server state.";
    };

+    mail-directory = mkOption {
+      type = str;
+      description = "Directory at which to store user email.";
+    };
+
    ports = {
      lmtp = mkOption {
        type = port;
@ -192,7 +197,7 @@ in {
    systemd = {
      tmpfiles.rules = [
        "d ${cfg.state-directory}        0751 ${cfg.mail-user} ${cfg.mail-group} - -"
-        "d ${cfg.state-directory}/mail   0750 ${cfg.mail-user} ${cfg.mail-group} - -"
+        "d ${cfg.mail-directory}         0750 ${cfg.mail-user} ${cfg.mail-group} - -"
        "d ${cfg.state-directory}/sieves 0750 ${config.services.dovecot2.user} ${config.services.dovecot2.group} - -"
      ];

@ -263,7 +268,7 @@ in {

        mailUser = cfg.mail-user;
        mailGroup = cfg.mail-group;
-        mailLocation = "maildir:${cfg.state-directory}/mail/%u/";
+        mailLocation = "maildir:${cfg.mail-directory}/%u/";
        createMailUser = false;

        sslServerCert = cfg.ssl.certificate;
@ -357,9 +362,7 @@ in {
          # All users map to one actual system user
          userdb {
            driver = static
-            args = uid=${
-              toString mailUserUid
-            } home=${cfg.state-directory}/mail/%u
+            args = uid=${toString mailUserUid} home=${cfg.mail-directory}/%u
          }

          service imap {
--- a/mail-server.nix
+++ b/mail-server.nix
@ -207,9 +207,10 @@ in {
            "dn = ${cfg.ldap.bind-dn}"
            "dnpass = ${readFile cfg.ldap.bind-password-file}"
            "auth_bind = yes"
-            "auth_bind_userdn = cn=%u,${cfg.ldap.member-ou},${cfg.ldap.base}"
+            "auth_bind_userdn = cn=%n,${cfg.ldap.member-ou},${cfg.ldap.base}"
            "base = ${cfg.ldap.base}"
            "user_filter = (&(objectClass=organizationalPerson)(cn=%n))"
+            "pass_filter = (&(objectClass=organizationalPerson)(cn=%n))"
          ]);
        target-file = "/run/dovecot-secret/ldap.conf";
      };
@ -220,6 +221,7 @@ in {
      "d ${cfg.state-directory}/dovecot-dhparams   0700 - - - -"
      "d ${cfg.state-directory}/antivirus          0700 - - - -"
      "d ${cfg.state-directory}/dkim               0700 - - - -"
+      "d ${cfg.state-directory}/mail               0700 - - - -"
    ];

    virtualisation.arion.projects.mail-server.settings = let
@ -316,6 +318,7 @@ in {
                "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
                "${cfg.imap.ssl-directory}:/run/certs/imap"
                "${cfg.state-directory}/dovecot-dhparams:/var/lib/dhparams"
+                "${cfg.state-directory}/mail:/mail"
              ];
              depends_on = [ "antispam" "ldap-proxy" ];
            };
@ -329,6 +332,7 @@ in {
                  enable = true;
                  debug = cfg.debug;
                  state-directory = "/state";
+                  mail-directory = "/mail";
                  ports = {
                    lmtp = lmtpPort;
                    auth = authPort;