nixos-mailserver/mail-server/dovecot.nix

179 lines
5.1 KiB
Nix
Raw Normal View History

2016-07-25 20:40:58 +05:00
# nixos-mailserver: a simple mail server
2018-01-29 14:34:27 +05:00
# Copyright (C) 2016-2018 Robin Raymond
2016-07-25 20:40:58 +05:00
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
2017-09-03 14:13:34 +05:00
{ config, pkgs, lib, ... }:
2017-12-22 20:08:42 +05:00
with (import ./common.nix { inherit config lib; });
let
2017-09-03 14:13:34 +05:00
cfg = config.mailserver;
maildirLayoutAppendix = lib.optionalString cfg.useFsLayout ":LAYOUT=fs";
2017-08-12 21:27:22 +05:00
# maildir in format "/${domain}/${user}"
dovecotMaildir = "maildir:${cfg.mailDirectory}/%d/%n${maildirLayoutAppendix}";
postfixCfg = config.services.postfix;
dovecot2Cfg = config.services.dovecot2;
stateDir = "/var/lib/dovecot";
pipeBin = pkgs.stdenv.mkDerivation {
name = "pipe_bin";
src = ./dovecot/pipe_bin;
buildInputs = with pkgs; [ makeWrapper coreutils bash rspamd ];
buildCommand = ''
mkdir -p $out/pipe/bin
cp $src/* $out/pipe/bin/
chmod a+x $out/pipe/bin/*
patchShebangs $out/pipe/bin
for file in $out/pipe/bin/*; do
wrapProgram $file \
--set PATH "${pkgs.coreutils}/bin:${pkgs.rspamd}/bin"
done
'';
};
in
2016-07-25 20:40:58 +05:00
{
2017-09-03 14:13:34 +05:00
config = with cfg; lib.mkIf enable {
services.dovecot2 = {
enable = true;
enableImap = enableImap;
enablePop3 = enablePop3;
2017-12-22 20:08:42 +05:00
enablePAM = false;
2017-12-22 20:58:35 +05:00
enableQuota = true;
2017-09-03 14:13:34 +05:00
mailGroup = vmailGroupName;
mailUser = vmailUserName;
mailLocation = dovecotMaildir;
2017-09-03 14:13:34 +05:00
sslServerCert = certificatePath;
sslServerKey = keyPath;
enableLmtp = true;
2017-09-13 15:36:35 +05:00
modules = [ pkgs.dovecot_pigeonhole ];
2017-09-13 16:06:44 +05:00
protocols = [ "sieve" ];
sieveScripts = {
after = builtins.toFile "spam.sieve" ''
require "fileinto";
if header :is "X-Spam" "Yes" {
fileinto "Junk";
stop;
}
'';
2017-09-13 16:06:44 +05:00
};
mailboxes = cfg.mailboxes;
2017-09-03 14:13:34 +05:00
extraConfig = ''
#Extra Config
2017-11-14 02:46:59 +05:00
${lib.optionalString debug ''
mail_debug = yes
auth_debug = yes
verbose_ssl = yes
''}
protocol imap {
mail_max_userip_connections = ${toString cfg.maxConnectionsPerUser}
mail_plugins = $mail_plugins imap_sieve
}
protocol pop3 {
mail_max_userip_connections = ${toString cfg.maxConnectionsPerUser}
}
2017-09-03 14:13:34 +05:00
mail_access_groups = ${vmailGroupName}
ssl = required
${lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3") ''
ssl_dh = <${certificateDirectory}/dh.pem
''}
2017-09-03 14:13:34 +05:00
service lmtp {
unix_listener dovecot-lmtp {
group = ${postfixCfg.group}
mode = 0600
user = ${postfixCfg.user}
}
2017-09-03 14:13:34 +05:00
}
2017-09-13 16:06:44 +05:00
protocol lmtp {
mail_plugins = $mail_plugins sieve
2017-09-13 16:06:44 +05:00
}
2017-12-22 20:08:42 +05:00
passdb {
driver = passwd-file
args = ${passwdFile}
}
2017-12-22 20:58:35 +05:00
userdb {
driver = passwd-file
args = ${passwdFile}
}
2017-09-03 14:13:34 +05:00
service auth {
unix_listener auth {
mode = 0660
user = ${postfixCfg.user}
group = ${postfixCfg.group}
}
2017-09-03 14:13:34 +05:00
}
2017-09-03 14:13:34 +05:00
auth_mechanisms = plain login
2017-09-03 14:13:34 +05:00
namespace inbox {
separator = ${cfg.hierarchySeparator}
inbox = yes
2017-09-03 14:13:34 +05:00
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve = file:/var/sieve/%u/scripts;active=/var/sieve/%u/active.sieve
sieve_default = file:/var/sieve/%u/default.sieve
sieve_default_name = default
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:${stateDir}/imap_sieve/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${stateDir}/imap_sieve/report-ham.sieve
sieve_pipe_bin_dir = ${pipeBin}/pipe/bin
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
lda_mailbox_autosubscribe = yes
lda_mailbox_autocreate = yes
2017-09-03 14:13:34 +05:00
'';
};
systemd.services.dovecot2.preStart = ''
rm -rf '${stateDir}/imap_sieve'
mkdir '${stateDir}/imap_sieve'
cp -p "${./dovecot/imap_sieve}"/*.sieve '${stateDir}/imap_sieve/'
for k in "${stateDir}/imap_sieve"/*.sieve ; do
${pkgs.dovecot_pigeonhole}/bin/sievec "$k"
done
chown -R '${dovecot2Cfg.mailUser}:${dovecot2Cfg.mailGroup}' '${stateDir}/imap_sieve'
'';
2017-09-03 14:13:34 +05:00
};
2016-07-25 20:40:58 +05:00
}