2014-04-14 14:26:48 +00:00
{ config , lib , pkgs , . . . }:
2011-10-27 19:43:20 +00:00
2014-04-14 14:26:48 +00:00
with lib ;
2011-10-27 19:43:20 +00:00
let
cfg = config . services . dovecot2 ;
2016-04-22 15:21:17 +00:00
dovecotPkg = pkgs . dovecot ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
baseDir = " / r u n / d o v e c o t 2 " ;
stateDir = " / v a r / l i b / d o v e c o t " ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
dovecotConf = concatStrings [
2011-10-27 19:43:20 +00:00
''
2015-12-09 09:27:44 +00:00
base_dir = $ { baseDir }
2016-01-10 03:54:07 +00:00
protocols = $ { concatStringsSep " " cfg . protocols }
2017-01-29 10:11:01 +00:00
sendmail_path = /run/wrappers/bin/sendmail
2019-12-31 12:00:00 +00:00
# defining mail_plugins must be done before the first protocol {} filter because of https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#variable-expansion
mail_plugins = $ mail_plugins $ { concatStringsSep " " cfg . mailPlugins . globally . enable }
2011-10-27 19:43:20 +00:00
''
2015-12-09 09:27:44 +00:00
2019-12-31 12:00:00 +00:00
( concatStringsSep " \n " ( mapAttrsToList ( protocol : plugins : ''
protocol $ { protocol } {
mail_plugins = $ mail_plugins $ { concatStringsSep " " plugins . enable }
}
'' ) c f g . m a i l P l u g i n s . p e r P r o t o c o l ) )
2019-04-24 03:48:22 +00:00
( if cfg . sslServerCert == null then ''
2015-12-09 09:27:44 +00:00
ssl = no
disable_plaintext_auth = no
'' e l s e ''
2012-09-21 10:28:49 +00:00
ssl_cert = < $ { cfg . sslServerCert }
ssl_key = < $ { cfg . sslServerKey }
2019-04-24 03:48:22 +00:00
$ { optionalString ( cfg . sslCACert != null ) ( " s s l _ c a = < " + cfg . sslCACert ) }
2018-05-10 06:29:29 +00:00
ssl_dh = < $ { config . security . dhparams . params . dovecot2 . path }
2012-09-21 10:26:53 +00:00
disable_plaintext_auth = yes
2011-10-27 19:43:20 +00:00
'' )
2015-12-09 09:27:44 +00:00
''
2011-10-27 19:43:20 +00:00
default_internal_user = $ { cfg . user }
2018-03-28 17:16:41 +00:00
default_internal_group = $ { cfg . group }
2016-01-10 04:07:26 +00:00
$ { optionalString ( cfg . mailUser != null ) " m a i l _ u i d = ${ cfg . mailUser } " }
$ { optionalString ( cfg . mailGroup != null ) " m a i l _ g i d = ${ cfg . mailGroup } " }
2011-10-27 19:43:20 +00:00
2012-06-10 15:07:25 +00:00
mail_location = $ { cfg . mailLocation }
2011-10-27 19:43:20 +00:00
maildir_copy_with_hardlinks = yes
2015-12-09 09:27:44 +00:00
pop3_uidl_format = % 0 8 Xv % 0 8 Xu
2011-10-27 19:43:20 +00:00
auth_mechanisms = plain login
2015-12-09 09:27:44 +00:00
2011-10-27 19:43:20 +00:00
service auth {
user = root
}
2015-12-09 09:27:44 +00:00
''
( optionalString cfg . enablePAM ''
2011-10-27 19:43:20 +00:00
userdb {
2011-10-27 22:04:08 +00:00
driver = passwd
2011-10-27 19:43:20 +00:00
}
2015-12-09 09:27:44 +00:00
2011-10-27 19:43:20 +00:00
passdb {
2011-10-27 22:04:08 +00:00
driver = pam
2013-03-30 21:25:19 +00:00
args = $ { optionalString cfg . showPAMFailure " f a i l u r e _ s h o w _ m s g = y e s " } dovecot2
2011-10-27 19:43:20 +00:00
}
2015-12-09 09:27:44 +00:00
'' )
2011-10-27 19:43:20 +00:00
2016-01-10 04:05:12 +00:00
( optionalString ( cfg . sieveScripts != { } ) ''
plugin {
$ { concatStringsSep " \n " ( mapAttrsToList ( to : from : " s i e v e _ ${ to } = ${ stateDir } / s i e v e / ${ to } " ) cfg . sieveScripts ) }
}
'' )
2017-11-14 15:49:00 +00:00
( optionalString ( cfg . mailboxes != [ ] ) ''
2017-08-15 10:14:29 +00:00
protocol imap {
namespace inbox {
inbox = yes
$ { concatStringsSep " \n " ( map mailboxConfig cfg . mailboxes ) }
}
}
2017-11-14 15:49:00 +00:00
'' )
2017-08-15 10:14:29 +00:00
( optionalString cfg . enableQuota ''
service quota-status {
executable = $ { dovecotPkg } /libexec/dovecot/quota-status - p postfix
inet_listener {
port = $ { cfg . quotaPort }
}
client_limit = 1
}
plugin {
2019-12-10 01:51:19 +00:00
quota_rule = * : storage = $ { cfg . quotaGlobalPerUser }
2017-08-15 10:14:29 +00:00
quota = maildir:User quota # per virtual mail user quota # BUG/FIXME broken, we couldn't get this working
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = " 5 5 2 5 . 2 . 2 M a i l b o x i s f u l l "
quota_grace = 10 % %
}
'' )
2015-12-09 09:27:44 +00:00
cfg . extraConfig
] ;
2011-10-27 19:43:20 +00:00
2016-04-26 12:10:42 +00:00
modulesDir = pkgs . symlinkJoin {
name = " d o v e c o t - m o d u l e s " ;
paths = map ( pkg : " ${ pkg } / l i b / d o v e c o t " ) ( [ dovecotPkg ] ++ map ( module : module . override { dovecot = dovecotPkg ; } ) cfg . modules ) ;
} ;
2011-10-27 19:43:20 +00:00
2017-08-15 10:14:29 +00:00
mailboxConfig = mailbox : ''
2018-02-05 16:06:49 +00:00
mailbox " ${ mailbox . name } " {
2017-08-15 10:14:29 +00:00
auto = $ { toString mailbox . auto }
'' + o p t i o n a l S t r i n g ( m a i l b o x . s p e c i a l U s e ! = n u l l ) ''
special_use = \ $ { toString mailbox . specialUse }
'' + " } " ;
2018-07-20 20:56:59 +00:00
mailboxes = { . . . }: {
2017-08-15 10:14:29 +00:00
options = {
name = mkOption {
2018-02-09 11:20:55 +00:00
type = types . strMatching '' [ ^ " ] + '' ;
2017-08-15 10:14:29 +00:00
example = " S p a m " ;
description = " T h e n a m e o f t h e m a i l b o x . " ;
} ;
auto = mkOption {
type = types . enum [ " n o " " c r e a t e " " s u b s c r i b e " ] ;
default = " n o " ;
example = " s u b s c r i b e " ;
description = " W h e t h e r t o a u t o m a t i c a l l y c r e a t e o r c r e a t e a n d s u b s c r i b e t o t h e m a i l b o x o r n o t . " ;
} ;
specialUse = mkOption {
type = types . nullOr ( types . enum [ " A l l " " A r c h i v e " " D r a f t s " " F l a g g e d " " J u n k " " S e n t " " T r a s h " ] ) ;
default = null ;
example = " J u n k " ;
description = " N u l l i f n o s p e c i a l u s e f l a g i s s e t . O t h e r t h a n t h a t e v e r y u s e f l a g m e n t i o n e d i n t h e R F C i s v a l i d . " ;
} ;
} ;
} ;
2015-12-09 09:27:44 +00:00
in
2011-10-27 19:43:20 +00:00
{
2019-12-10 01:51:19 +00:00
imports = [
( mkRemovedOptionModule [ " s e r v i c e s " " d o v e c o t 2 " " p a c k a g e " ] " " )
] ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
options . services . dovecot2 = {
enable = mkEnableOption " D o v e c o t 2 . x P O P 3 / I M A P s e r v e r " ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
enablePop3 = mkOption {
type = types . bool ;
2017-08-15 10:14:29 +00:00
default = false ;
2015-12-09 09:27:44 +00:00
description = " S t a r t t h e P O P 3 l i s t e n e r ( w h e n D o v e c o t i s e n a b l e d ) . " ;
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
enableImap = mkOption {
type = types . bool ;
default = true ;
description = " S t a r t t h e I M A P l i s t e n e r ( w h e n D o v e c o t i s e n a b l e d ) . " ;
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
enableLmtp = mkOption {
type = types . bool ;
default = false ;
description = " S t a r t t h e L M T P l i s t e n e r ( w h e n D o v e c o t i s e n a b l e d ) . " ;
} ;
2012-09-29 22:53:50 +00:00
2016-01-10 03:54:07 +00:00
protocols = mkOption {
type = types . listOf types . str ;
default = [ ] ;
description = " A d d i t i o n a l l i s t e n e r s t o s t a r t w h e n D o v e c o t i s e n a b l e d . " ;
} ;
2015-12-09 09:27:44 +00:00
user = mkOption {
type = types . str ;
default = " d o v e c o t 2 " ;
description = " D o v e c o t u s e r n a m e . " ;
} ;
2015-07-02 21:26:49 +00:00
2015-12-09 09:27:44 +00:00
group = mkOption {
type = types . str ;
default = " d o v e c o t 2 " ;
description = " D o v e c o t g r o u p n a m e . " ;
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
extraConfig = mkOption {
2016-10-23 17:33:41 +00:00
type = types . lines ;
2015-12-09 09:27:44 +00:00
default = " " ;
example = " m a i l _ d e b u g = y e s " ;
description = " A d d i t i o n a l e n t r i e s t o p u t v e r b a t i m i n t o D o v e c o t ' s c o n f i g f i l e . " ;
} ;
2011-10-27 19:43:20 +00:00
2019-12-31 12:00:00 +00:00
mailPlugins =
let plugins = hint : types . submodule {
options = {
enable = mkOption {
type = types . listOf types . str ;
default = [ ] ;
description = " m a i l p l u g i n s t o e n a b l e a s a l i s t o f s t r i n g s t o a p p e n d t o t h e ${ hint } < l i t e r a l > $ m a i l _ p l u g i n s < / l i t e r a l > c o n f i g u r a t i o n v a r i a b l e " ;
} ;
} ;
} ;
in
mkOption {
type = with types ; submodule {
options = {
globally = mkOption {
type = plugins " t o p - l e v e l " ;
2020-01-28 19:21:38 +00:00
example = { enable = [ " v i r t u a l " ] ; } ;
2019-12-31 12:00:00 +00:00
default = { enable = [ ] ; } ;
} ;
perProtocol = mkOption {
type = attrsOf ( plugins " c o r r e s p o n d i n g p e r - p r o t o c o l " ) ;
default = { } ;
example = { imap = [ " i m a p _ a c l " ] ; } ;
} ;
} ;
} ;
description = " A d d i t i o n a l e n t r i e s t o a d d t o t h e m a i l _ p l u g i n s v a r i a b l e , g l o b a l l y a n d p e r p r o t o c o l " ;
example = {
globally . enable = [ " a c l " ] ;
perProtocol . imap . enable = [ " i m a p _ a c l " ] ;
} ;
default = { globally . enable = [ ] ; perProtocol = { } ; } ;
} ;
2015-12-09 09:27:44 +00:00
configFile = mkOption {
2019-10-04 07:57:06 +00:00
type = types . nullOr types . path ;
2015-12-09 09:27:44 +00:00
default = null ;
description = " C o n f i g f i l e u s e d f o r t h e w h o l e d o v e c o t c o n f i g u r a t i o n . " ;
apply = v : if v != null then v else pkgs . writeText " d o v e c o t . c o n f " dovecotConf ;
} ;
2012-09-21 14:04:46 +00:00
2015-12-09 09:27:44 +00:00
mailLocation = mkOption {
type = types . str ;
default = " m a i l d i r : / v a r / s p o o l / m a i l / % u " ; /* S a m e a s i n b o x , a s p o s t f i x */
example = " m a i l d i r : ~ / m a i l : I N B O X = / v a r / s p o o l / m a i l / % u " ;
description = ''
Location that dovecot will use for mail folders . Dovecot mail_location option .
'' ;
} ;
2015-01-19 09:45:20 +00:00
2016-01-10 04:07:26 +00:00
mailUser = mkOption {
type = types . nullOr types . str ;
default = null ;
description = " D e f a u l t u s e r t o s t o r e m a i l f o r v i r t u a l u s e r s . " ;
} ;
mailGroup = mkOption {
type = types . nullOr types . str ;
default = null ;
description = " D e f a u l t g r o u p t o s t o r e m a i l f o r v i r t u a l u s e r s . " ;
} ;
2017-08-15 10:14:29 +00:00
createMailUser = mkOption {
type = types . bool ;
default = true ;
description = '' W h e t h e r t o a u t o m a t i c a l l y c r e a t e t h e u s e r
given in <option> services . dovecot . user < /option > and the group
given in <option> services . dovecot . group < /option > . '' ;
} ;
2015-12-09 09:27:44 +00:00
modules = mkOption {
type = types . listOf types . package ;
default = [ ] ;
2016-01-17 18:34:55 +00:00
example = literalExample " [ p k g s . d o v e c o t _ p i g e o n h o l e ] " ;
2015-12-09 09:27:44 +00:00
description = ''
Symlinks the contents of lib/dovecot of every given package into
2016-01-10 04:00:34 +00:00
/etc/dovecot/modules. This will make the given modules available
2016-04-22 15:21:17 +00:00
if a dovecot package with the module_dir patch applied is being used .
2015-12-09 09:27:44 +00:00
'' ;
} ;
2012-06-10 15:07:25 +00:00
2015-12-09 09:27:44 +00:00
sslCACert = mkOption {
type = types . nullOr types . str ;
default = null ;
description = " P a t h t o t h e s e r v e r ' s C A c e r t i f i c a t e k e y . " ;
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
sslServerCert = mkOption {
type = types . nullOr types . str ;
default = null ;
description = " P a t h t o t h e s e r v e r ' s p u b l i c k e y . " ;
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
sslServerKey = mkOption {
type = types . nullOr types . str ;
default = null ;
description = " P a t h t o t h e s e r v e r ' s p r i v a t e k e y . " ;
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
enablePAM = mkOption {
type = types . bool ;
default = true ;
2016-01-06 20:09:06 +00:00
description = " W h e t h e r t o c r e a t e a o w n D o v e c o t P A M s e r v i c e a n d c o n f i g u r e P A M u s e r l o g i n s . " ;
2011-10-27 19:43:20 +00:00
} ;
2016-01-10 04:05:12 +00:00
sieveScripts = mkOption {
type = types . attrsOf types . path ;
default = { } ;
description = " S i e v e s c r i p t s t o b e e x e c u t e d . K e y i s a s e q u e n c e , e . g . ' b e f o r e 2 ' , ' a f t e r ' e t c . " ;
} ;
2015-12-09 09:27:44 +00:00
showPAMFailure = mkOption {
type = types . bool ;
default = false ;
description = " S h o w t h e P A M f a i l u r e m e s s a g e o n a u t h e n t i c a t i o n e r r o r ( u s e f u l f o r O T P W ) . " ;
} ;
2017-08-15 10:14:29 +00:00
mailboxes = mkOption {
type = types . listOf ( types . submodule mailboxes ) ;
default = [ ] ;
example = [ { name = " S p a m " ; specialUse = " J u n k " ; auto = " c r e a t e " ; } ] ;
description = " C o n f i g u r e m a i l b o x e s a n d a u t o c r e a t e o r s u b s c r i b e t h e m . " ;
} ;
enableQuota = mkOption {
type = types . bool ;
default = false ;
example = true ;
description = " W h e t h e r t o e n a b l e t h e d o v e c o t q u o t a s e r v i c e . " ;
} ;
quotaPort = mkOption {
type = types . str ;
default = " 1 2 3 4 0 " ;
description = ''
The Port the dovecot quota service binds to .
If using postfix , add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config .
'' ;
} ;
quotaGlobalPerUser = mkOption {
type = types . str ;
default = " 1 0 0 G " ;
example = " 1 0 G " ;
description = " Q u o t a l i m i t f o r t h e u s e r i n b y t e s . S u p p o r t s s u f f i x e s b , k , M , G , T a n d % . " ;
} ;
2011-10-27 19:43:20 +00:00
} ;
2015-12-09 09:27:44 +00:00
config = mkIf cfg . enable {
security . pam . services . dovecot2 = mkIf cfg . enablePAM { } ;
2011-10-27 19:43:20 +00:00
2019-04-24 03:48:22 +00:00
security . dhparams = mkIf ( cfg . sslServerCert != null ) {
2018-04-25 21:18:26 +00:00
enable = true ;
2018-05-10 06:29:29 +00:00
params . dovecot2 = { } ;
2018-04-25 21:18:26 +00:00
} ;
services . dovecot2 . protocols =
2016-01-10 03:54:07 +00:00
optional cfg . enableImap " i m a p "
++ optional cfg . enablePop3 " p o p 3 "
++ optional cfg . enableLmtp " l m t p " ;
2019-12-31 12:00:00 +00:00
services . dovecot2 . mailPlugins = mkIf cfg . enableQuota {
globally . enable = [ " q u o t a " ] ;
perProtocol . imap . enable = [ " i m a p _ q u o t a " ] ;
} ;
2019-09-14 17:51:29 +00:00
users . users = {
dovenull =
{ uid = config . ids . uids . dovenull2 ;
description = " D o v e c o t u s e r f o r u n t r u s t e d l o g i n s " ;
group = " d o v e n u l l " ;
} ;
} // optionalAttrs ( cfg . user == " d o v e c o t 2 " ) {
dovecot2 =
{ uid = config . ids . uids . dovecot2 ;
2016-01-06 22:27:06 +00:00
description = " D o v e c o t u s e r " ;
group = cfg . group ;
2019-09-14 17:51:29 +00:00
} ;
} // optionalAttrs ( cfg . createMailUser && cfg . mailUser != null ) {
$ { cfg . mailUser } =
{ description = " V i r t u a l M a i l U s e r " ; } //
optionalAttrs ( cfg . mailGroup != null )
{ group = cfg . mailGroup ; } ;
} ;
users . groups = {
dovenull . gid = config . ids . gids . dovenull2 ;
} // optionalAttrs ( cfg . group == " d o v e c o t 2 " ) {
dovecot2 . gid = config . ids . gids . dovecot2 ;
} // optionalAttrs ( cfg . createMailUser && cfg . mailGroup != null ) {
2020-01-07 05:05:49 +00:00
$ { cfg . mailGroup } = { } ;
2019-09-14 17:51:29 +00:00
} ;
2015-01-19 09:45:20 +00:00
2016-01-10 04:00:34 +00:00
environment . etc . " d o v e c o t / m o d u l e s " . source = modulesDir ;
2016-01-10 04:02:24 +00:00
environment . etc . " d o v e c o t / d o v e c o t . c o n f " . source = cfg . configFile ;
2016-01-10 04:00:34 +00:00
2015-12-09 09:27:44 +00:00
systemd . services . dovecot2 = {
description = " D o v e c o t I M A P / P O P 3 s e r v e r " ;
2019-08-24 14:52:17 +00:00
after = [ " n e t w o r k . t a r g e t " ] ;
2015-12-09 09:27:44 +00:00
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
2016-01-10 04:02:24 +00:00
restartTriggers = [ cfg . configFile ] ;
2015-12-09 09:27:44 +00:00
serviceConfig = {
2016-01-10 04:02:24 +00:00
ExecStart = " ${ dovecotPkg } / s b i n / d o v e c o t - F " ;
ExecReload = " ${ dovecotPkg } / s b i n / d o v e a d m r e l o a d " ;
2015-12-09 09:27:44 +00:00
Restart = " o n - f a i l u r e " ;
RestartSec = " 1 s " ;
StartLimitInterval = " 1 m i n " ;
2016-01-09 01:15:25 +00:00
RuntimeDirectory = [ " d o v e c o t 2 " ] ;
2011-10-27 19:43:20 +00:00
} ;
2016-01-10 04:05:12 +00:00
2017-01-13 21:19:29 +00:00
# When copying sieve scripts preserve the original time stamp
# (should be 0) so that the compiled sieve script is newer than
# the source file and Dovecot won't try to compile it.
2016-01-10 04:05:12 +00:00
preStart = ''
rm - rf $ { stateDir } /sieve
'' + o p t i o n a l S t r i n g ( c f g . s i e v e S c r i p t s ! = { } ) ''
mkdir - p $ { stateDir } /sieve
$ { concatStringsSep " \n " ( mapAttrsToList ( to : from : ''
if [ - d ' $ { from } ' ] ; then
mkdir ' $ { stateDir } /sieve / $ { to } '
2017-01-13 21:19:29 +00:00
cp - p " ${ from } / " * . sieve ' $ { stateDir } /sieve / $ { to } '
2016-01-10 04:05:12 +00:00
else
2017-01-13 21:19:29 +00:00
cp - p ' $ { from } ' ' $ { stateDir } /sieve / $ { to } '
2016-01-10 04:05:12 +00:00
fi
2017-01-13 21:19:29 +00:00
$ { pkgs . dovecot_pigeonhole } /bin/sievec ' $ { stateDir } /sieve / $ { to } '
2016-01-10 04:05:12 +00:00
'' ) c f g . s i e v e S c r i p t s ) }
2016-01-10 04:07:26 +00:00
chown - R ' $ { cfg . mailUser }: $ { cfg . mailGroup } ' ' $ { stateDir } /sieve '
2016-01-10 04:05:12 +00:00
'' ;
2015-12-09 09:27:44 +00:00
} ;
2011-10-27 19:43:20 +00:00
2015-12-09 09:27:44 +00:00
environment . systemPackages = [ dovecotPkg ] ;
2011-10-27 22:04:08 +00:00
2015-12-09 09:27:44 +00:00
assertions = [
2016-01-10 03:54:07 +00:00
{ assertion = intersectLists cfg . protocols [ " p o p 3 " " i m a p " ] != [ ] ;
2015-12-09 09:27:44 +00:00
message = " d o v e c o t n e e d s a t l e a s t o n e o f t h e I M A P o r P O P 3 l i s t e n e r s e n a b l e d " ;
}
2019-04-24 03:48:22 +00:00
{ assertion = ( cfg . sslServerCert == null ) == ( cfg . sslServerKey == null )
&& ( cfg . sslCACert != null -> ! ( cfg . sslServerCert == null || cfg . sslServerKey == null ) ) ;
2015-12-09 09:27:44 +00:00
message = " d o v e c o t n e e d s b o t h s s l S e r v e r C e r t a n d s s l S e r v e r K e y d e f i n e d f o r w o r k i n g c r y p t o " ;
}
{ assertion = cfg . showPAMFailure -> cfg . enablePAM ;
message = " d o v e c o t i s c o n f i g u r e d w i t h s h o w P A M F a i l u r e w h i l e e n a b l e P A M i s d i s a b l e d " ;
}
2019-04-24 03:48:22 +00:00
{ assertion = cfg . sieveScripts != { } -> ( cfg . mailUser != null && cfg . mailGroup != null ) ;
2016-09-07 01:39:18 +00:00
message = " d o v e c o t r e q u i r e s m a i l U s e r a n d m a i l G r o u p t o b e s e t w h e n s i e v e S c r i p t s i s s e t " ;
}
2015-12-09 09:27:44 +00:00
] ;
2012-09-29 22:53:50 +00:00
2011-10-27 19:43:20 +00:00
} ;
}