From 2025d58c2a3359aa367862cecad28e87f65eec98 Mon Sep 17 00:00:00 2001 From: Michael Raskin <7c6f434c@mail.ru> Date: Mon, 30 Jun 2008 21:12:02 +0000 Subject: [PATCH] At least dovecot and postfix work together and with Thunderbird svn path=/nixos/trunk/; revision=12223 --- system/ids.nix | 2 + system/options.nix | 57 ++++++++++++++++++++++++++ upstart-jobs/default.nix | 6 +++ upstart-jobs/dovecot.nix | 87 ++++++++++++++++++++++++++++++++++++++++ upstart-jobs/postfix.nix | 23 +++++++++-- 5 files changed, 172 insertions(+), 3 deletions(-) create mode 100644 upstart-jobs/dovecot.nix diff --git a/system/ids.nix b/system/ids.nix index a704ef163ea..71f8a6d583c 100644 --- a/system/ids.nix +++ b/system/ids.nix @@ -16,6 +16,7 @@ atd = 12; zabbix = 13; postfix = 14; + dovecot = 15; nixbld = 30000; # start of range of uids nobody = 65534; @@ -33,6 +34,7 @@ atd = 12; postfix = 13; postdrop = 14; + dovecot = 15; audio = 17; diff --git a/system/options.nix b/system/options.nix index e63531f577c..8279949b3cb 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2189,6 +2189,63 @@ Additional entries to put verbatim into aliases file. "; }; + + sslCert = mkOption { + default = ""; + description = " + SSL certificate to use. + "; + }; + sslCACert = mkOption { + default = ""; + description = " + SSL certificate of CA. + "; + }; + sslKey = mkOption { + default = ""; + description =" + SSL key to use. + "; + }; + + recipientDelimiter = mkOption { + default = ""; + example = "+"; + description = " + Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test + "; + }; + + }; + + dovecot = { + enable = mkOption { + default = false; + description = "Whether to enable dovecot POP3/IMAP server."; + }; + + user = mkOption { + default = "dovecot"; + description = "dovecot user name"; + }; + group = mkOption { + default = "dovecot"; + description = "dovecot group name"; + }; + + sslServerCert = mkOption { + default = ""; + description = "Server certificate"; + }; + sslCACert = mkOption { + default = ""; + description = "CA certificate used by server certificate"; + }; + sslServerKey = mkOption { + default = ""; + description = "Server key"; + }; }; }; diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 08afd46449a..1e0df9cb64a 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -396,6 +396,12 @@ let inherit config pkgs; }) + # Dovecot POP3/IMAP server. + ++ optional config.services.dovecot.enable + (import ../upstart-jobs/dovecot.nix { + inherit config pkgs; + }) + # Handles the reboot/halt events. ++ (map (event: makeJob (import ../upstart-jobs/halt.nix { diff --git a/upstart-jobs/dovecot.nix b/upstart-jobs/dovecot.nix new file mode 100644 index 00000000000..349775635c0 --- /dev/null +++ b/upstart-jobs/dovecot.nix @@ -0,0 +1,87 @@ +{config, pkgs}: +let + startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; + + cfg = config.services.dovecot; + idList = import ../system/ids.nix; + + dovecotConf = + '' + base_dir = /var/run/dovecot/ + + protocols = imap imaps pop3 pop3s + '' + + (if cfg.sslServerCert!="" then + '' + ssl_cert_file = ${cfg.sslServerCert} + ssl_key_file = ${cfg.sslServerKey} + ssl_ca_file = ${cfg.sslCACert} + '' else '' + ssl_disable = yes + disable_plaintext_auth = no + '') + + + + '' + login_user = ${cfg.user} + login_chroot = no + + mail_location = maildir:/var/spool/mail/%u + + maildir_copy_with_hardlinks = yes + + auth default { + mechanisms = plain login + userdb passwd { + } + passdb pam { + } + user = root + } + auth_debug = yes + auth_verbose = yes + + pop3_uidl_format = %08Xv%08Xu + '' + ; + confFile = pkgs.writeText "dovecot.conf" dovecotConf; + + pamdFile = pkgs.writeText "dovecot.pam" '' + auth include common + account include common + ''; + +in +{ + name = "dovecot"; + users = [{ + name = cfg.user; + uid = idList.uids.dovecot; + description = "Dovecot user"; + group = cfg.group; + }]; + groups = [{ + name = cfg.group; + gid = idList.gids.dovecot; + }]; + + job = '' + description "Dovecot IMAP/POP3 server" + + start on ${startingDependency}/started + stop on never + + start script + ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login + ${pkgs.coreutils}/bin/chown -R ${cfg.user}.${cfg.group} /var/run/dovecot + end script + + respawn ${pkgs.dovecot}/sbin/dovecot -F -c ${confFile} + ''; + + extraEtc = [{ + source = pamdFile; + target = "pam.d/dovecot"; + }]; +} + diff --git a/upstart-jobs/postfix.nix b/upstart-jobs/postfix.nix index 9b85969692d..c4765f29c43 100644 --- a/upstart-jobs/postfix.nix +++ b/upstart-jobs/postfix.nix @@ -68,6 +68,23 @@ let setgid_group = ${setgidGroup} '') + + optionalString (cfg.sslCert != "") ('' + + smtp_tls_CAfile = ${cfg.sslCACert} + smtp_tls_cert_file = ${cfg.sslCert} + smtp_tls_key_file = ${cfg.sslKey} + + smtp_use_tls = yes + + smtpd_tls_CAfile = ${cfg.sslCACert} + smtpd_tls_cert_file = ${cfg.sslCert} + smtpd_tls_key_file = ${cfg.sslKey} + + smtpd_use_tls = yes + + recipientDelimiter = ${cfg.recipientDelimiter} + + '') ; aliases = @@ -121,10 +138,10 @@ in ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue fi - ${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix - ${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue + ${pkgs.coreutils}/bin/chown -R ${user}.${group} /var/postfix + ${pkgs.coreutils}/bin/chown -R ${user}.${setgidGroup} /var/postfix/queue ${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue - ${pkgs.coreutils}/bin/chown -R root:root /var/spool/mail + ${pkgs.coreutils}/bin/chown -R root.root /var/spool/mail ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail ln -sf ${pkgs.postfix}/share/postfix/conf/* /var/postfix/conf