From d8976486dc8f10368d943af877c503884622155b Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Tue, 26 Sep 2023 23:11:04 -0700
Subject: [PATCH] Port-forward imap, smtp, submission

---
 mail-server.nix | 55 +++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 46 insertions(+), 9 deletions(-)

diff --git a/mail-server.nix b/mail-server.nix
index 91e7f9f..e768fd6 100644
--- a/mail-server.nix
+++ b/mail-server.nix
@@ -176,15 +176,52 @@ in {
   };
 
   config = mkIf cfg.enable {
-    services.nginx = {
-      virtualHosts = {
-        "${cfg.smtp.hostname}".locations."/metrics" = {
-          proxyPass = "http://localhost:${toString metricsPort}/metrics";
-        };
-        "${cfg.imap.hostname}".locations."/metrics" = {
-          proxyPass = "http://localhost:${toString metricsPort}/metrics";
+    services = {
+      nginx = {
+        virtualHosts = {
+          "${cfg.smtp.hostname}".locations."/metrics" = {
+            proxyPass = "http://localhost:${toString metricsPort}/metrics";
+          };
+          "${cfg.imap.hostname}".locations."/metrics" = {
+            proxyPass = "http://localhost:${toString metricsPort}/metrics";
+          };
         };
       };
+
+      xinetd = {
+        enable = true;
+        services = let
+          genService = { name, port, protocols ? [ "tcp" ] }:
+            map (protocol: {
+              inherit name;
+              service = "/usr/bin/env";
+              extraConfig = "redirect = 127.0.0.1 ${toString port}";
+            }) protocols;
+        in concatMap genService [
+          {
+            name = "imap";
+            port = 9143;
+          }
+          {
+            name = "imaps";
+            port = 9993;
+          }
+          {
+            name = "smtp";
+            port = 9025;
+            protocols = [ "tcp" "udp" ];
+          }
+          {
+            name = "submission";
+            port = 9587;
+            protocols = [ "tcp" "udp" ];
+          }
+          {
+            name = "submissions";
+            port = 9465;
+          }
+        ];
+      };
     };
 
     fudo.secrets.host-secrets."${hostname}" = {
@@ -246,7 +283,7 @@ in {
                 "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"
                 "${cfg.smtp.ssl-directory}:/run/certs/smtp"
               ];
-              ports = [ "25:25" "587:587" "465:465" "2525:2525" ];
+              ports = [ "9025:25" "9587:587" "9465:465" ];
               depends_on = [ "imap" "ldap-proxy" ];
             };
             nixos = {
@@ -301,7 +338,7 @@ in {
           imap = {
             service = {
               networks = [ "internal_network" ];
-              ports = [ "143:143" "993:993" ];
+              ports = [ "9143:143" "9993:993" ];
               volumes = [
                 "${cfg.state-directory}/dovecot:/state"
                 "${hostSecrets.dovecotLdapConfig.target-file}:/run/dovecot2/conf.d/ldap.conf:ro"