fix Dovecot's home directory

Dovecot's home directory is a user-specific state directory, see https://doc.dovecot.org/2.3/configuration_manual/home_directories_for_virtual_users/. It is recommendated 1. to never configure a userdb to return the same home directory for multiple users 2. to store the mailbox under the home directory, e.g. home = /var/vmail/domain/user and mail = /var/vmail/domain/user/mail This change implements these recommendations. For stateVersion 24.11 or later, the mailboxes are stored at ${cfg.mailDirectory}/<domain>/<user>/mail. Existing mailboxes are moved automatically to the new location by the systemd service dovecot-move-maildirs).
2025-03-31 07:59:52 +05:00 · 2024-11-28 17:36:28 +01:00 · 2024-11-28 17:36:28 +01:00 · 15af6ec694
commit 15af6ec694
parent af7d3bf5da
1 changed files with 33 additions and 4 deletions
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -31,9 +31,14 @@ let
  maildirLayoutAppendix = lib.optionalString cfg.useFsLayout ":LAYOUT=fs";
  maildirUTF8FolderNames = lib.optionalString cfg.useUTF8FolderNames ":UTF-8";

-  # maildir in format "/${domain}/${user}"
+  # maildir will be at "<cfg.mailDirectory>/<domain>/<user>" (older than stateVersion 24.11) or
+  # "<cfg.mailDirectory>/<domain>/<user>/mail" (stateVersion 24.11 or newer)
+  dovecotHomeDir = if lib.versionAtLeast config.system.stateVersion "24.11"
+    then "${cfg.mailDirectory}/%d/%n/mail"
+    else "${cfg.mailDirectory}/%d/%n";
+
  dovecotMaildir =
-    "maildir:${cfg.mailDirectory}/%d/%n${maildirLayoutAppendix}${maildirUTF8FolderNames}"
+    "maildir:${dovecotHomeDir}${maildirLayoutAppendix}${maildirUTF8FolderNames}"
    + (lib.optionalString (cfg.indexDir != null)
       ":INDEX=${cfg.indexDir}/%d/%n"
      );
@ -308,7 +313,7 @@ in
        userdb {
          driver = passwd-file
          args = ${userdbFile}
-          default_fields = uid=${builtins.toString cfg.vmailUID} gid=${builtins.toString cfg.vmailUID} home=${cfg.mailDirectory}
+          default_fields = home=${dovecotHomeDir} uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
        }

        ${lib.optionalString cfg.ldap.enable ''
@ -320,7 +325,7 @@ in
        userdb {
          driver = ldap
          args = ${ldapConfFile}
-          default_fields = home=/var/vmail/ldap/%u uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
+          default_fields = home=${dovecotHomeDir} uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
        }
        ''}

@ -372,6 +377,30 @@ in

    systemd.services.postfix.restartTriggers = [ genPasswdScript ] ++ (lib.optional cfg.ldap.enable [setPwdInLdapConfFile]);

+    systemd.services.dovecot-move-maildirs = lib.mkIf (lib.versionAtLeast config.system.stateVersion "24.11") {
+      description = "Move maildirs into the subdirectory 'mail'";
+      wantedBy = [ "dovecot2.service" ];
+      requisite = [ "dovecot2.service" ];
+      before = [ "dovecot2.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = "${cfg.vmailUserName}";
+        Group = "${cfg.vmailGroupName}";
+        ExecStart = pkgs.writeShellScript "move-maildirs" ''
+          set -euo pipefail
+          shopt -s dotglob extglob
+
+          for mailbox in $(find "${cfg.mailDirectory}" -mindepth 2 -maxdepth 2 -type d); do
+            if [ ! -d "$mailbox/mail" ]; then
+              umask 077
+              mkdir "$mailbox/mail"
+              mv "$mailbox"/!(mail) "$mailbox/mail/"
+            fi
+          done
+        '';
+      };
+    };
+
    systemd.services.dovecot-fts-xapian-optimize = lib.mkIf (cfg.fullTextSearch.enable && cfg.fullTextSearch.maintenance.enable) {
      description = "Optimize dovecot indices for fts_xapian";
      requisite = [ "dovecot2.service" ];