From 5047c2982f07dd581b78261fbfe792b83c71da7d Mon Sep 17 00:00:00 2001
From: Ruben Maher <r@rkm.id.au>
Date: Mon, 13 Nov 2017 09:29:29 +1030
Subject: [PATCH 1/2] default.nix: add options to open ports 993 (IMAPS) and
 995 (POP3S)

Dovecot is already configured to serve IMAPS on port 993 and POP3S on port 995.
---
 default.nix                | 25 ++++++++++++++++++++-----
 mail-server/networking.nix |  4 +++-
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/default.nix b/default.nix
index d5cb669..4de34f5 100644
--- a/default.nix
+++ b/default.nix
@@ -184,7 +184,7 @@ in
       default = true;
       description = ''
         Whether to enable imap / pop3. Both variants are only supported in the
-        (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are
+        (sane) startTLS configuration. The ports are
 
         110 - Pop3
         143 - IMAP
@@ -192,12 +192,21 @@ in
       '';
     };
 
+    enableImapSsl = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable IMAPS, setting this option to true will open port 993
+        in the firewall.
+      '';
+    };
+
     enablePop3 = mkOption {
       type = types.bool;
       default = false;
       description = ''
-        Whether to enable POP3. Both variants are only supported in the
-        (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are
+        Whether to enable POP3. Both variants are only supported in the (sane)
+        startTLS configuration. The ports are
 
         110 - Pop3
         143 - IMAP
@@ -205,8 +214,14 @@ in
       '';
     };
 
-    # imapSsl = mkOption {} #< TODO
-    # pop3Ssl = mkOption {} #< TODO
+    enablePop3Ssl = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable POP3S, setting this option to true will open port 995
+        in the firewall.
+      '';
+    };
 
     virusScanning = mkOption {
       type = types.bool;
diff --git a/mail-server/networking.nix b/mail-server/networking.nix
index 4a685f5..851a1f0 100644
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@@ -25,7 +25,9 @@ in
     networking.firewall = {
       allowedTCPPorts = [ 25 587 ]
         ++ (if enableImap then [ 143 ] else [])
-        ++ (if enablePop3 then [ 110 ] else []);
+        ++ (if enableImapSsl then [ 993 ] else [])
+        ++ (if enablePop3 then [ 110 ] else [])
+        ++ (if enablePop3Ssl then [ 995 ] else []);
     };
   };
 }

From 7b3e33c49cb543d6a21cf846aae7103ef118d2d8 Mon Sep 17 00:00:00 2001
From: Ruben Maher <r@rkm.id.au>
Date: Mon, 13 Nov 2017 20:03:19 +1030
Subject: [PATCH 2/2] mail-server/networking.nix: make use of use lib.optional

---
 mail-server/networking.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mail-server/networking.nix b/mail-server/networking.nix
index 851a1f0..f9b3336 100644
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@@ -24,10 +24,10 @@ in
 
     networking.firewall = {
       allowedTCPPorts = [ 25 587 ]
-        ++ (if enableImap then [ 143 ] else [])
-        ++ (if enableImapSsl then [ 993 ] else [])
-        ++ (if enablePop3 then [ 110 ] else [])
-        ++ (if enablePop3Ssl then [ 995 ] else []);
+        ++ lib.optional enableImap 143
+        ++ lib.optional enableImapSsl 993
+        ++ lib.optional enablePop3 110
+        ++ lib.optional enablePop3Ssl 995;
     };
   };
 }