From 7cb61e6e3a4085e12ce0a9a05e15da1bd66a086d Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 22 May 2025 01:52:17 +0200
Subject: [PATCH] dovecot: respect the mailDirectory base for LDAP home
 directories

This change is safe, if you have not altered the default value of the
 `mailserver.mailDirectory` setting.
---
 docs/migrations.rst        | 23 +++++++++++++++++++++++
 mail-server/assertions.nix | 17 ++++++++++++++++-
 mail-server/dovecot.nix    |  2 +-
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/docs/migrations.rst b/docs/migrations.rst
index bd52196..e1972e1 100644
--- a/docs/migrations.rst
+++ b/docs/migrations.rst
@@ -13,6 +13,29 @@ to your setup.
 NixOS 25.11
 -----------
 
+#2 LDAP home directory migration
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The Dovecot configuration for LDAP home directories previously did not respect
+the ``mailserver.mailDirectory`` setting.
+
+This means that home directories were unconditionally located at
+``/var/vmail/ldap/%{user}``.
+
+This migration is required if you both:
+
+* enabled the LDAP integration (``mailserver.ldap.enable``)
+* and customized the default mail directory (``mailserver.mailDirectory != "/var/vmail"``)
+
+For remediating this issue the following steps are required:
+
+1. Stop ``dovecot2.service``.
+2. Move ``/var/vmail/ldap`` below your ``m̀ailserver.mailDirectory``.
+3. Update the ``mailserver.stateVersion`` to ``2``.
+
+#1 Initialization
+^^^^^^^^^^^^^^^^^
+
 This option was introduced in the NixOS 25.11 release cycle, in which case you
 can safely initialize its value at `1`.
 
diff --git a/mail-server/assertions.nix b/mail-server/assertions.nix
index b30ccaa..deabe03 100644
--- a/mail-server/assertions.nix
+++ b/mail-server/assertions.nix
@@ -1,6 +1,21 @@
 { config, lib, ... }:
 {
-  assertions = lib.optionals config.mailserver.enable [
+  assertions = [
+    {
+      assertion = config.mailserver.stateVersion < 2
+        && config.mailserver.ldap.enable
+        && config.mailserver.mailDirectory != "/var/vmail";
+      message = ''
+        Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`.
+        Remediation:
+          - Stop the `dovecot2.service`
+          - Move `/var/vmail/ldap` below your `mailserver.mailDirectory`
+          - Increase the `stateVersion` to 2.
+
+        Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information.
+      ''; 
+    }
+  ] ++ lib.optionals config.mailserver.enable [
     {
       assertion = config.mailserver.stateVersion != null;
       message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at.";
diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 56cebf2..5cdd67b 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -356,7 +356,7 @@ in
         userdb {
           driver = ldap
           args = ${ldapConfFile}
-          default_fields = home=/var/vmail/ldap/%{user} uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
+          default_fields = home=${cfg.mailDirectory}/ldap/%{user} uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
         }
         ''}