nixos-config/config/services/dovecot.nix

157 lines
3.7 KiB
Nix
Raw Normal View History

2022-06-12 16:39:15 +01:00
{
pkgs,
config,
...
}: let
2022-01-20 17:02:42 +01:00
sieves = import ../../packages/sieves.nix pkgs;
2022-06-12 16:39:15 +01:00
in {
nixpkgs.overlays = [
(curr: prev: {
dovecot = prev.dovecot.override {
withPgSQL = true;
};
})
];
2022-01-20 17:02:42 +01:00
services.dovecot2 = {
enable = true;
enableImap = true;
enableLmtp = true;
enablePop3 = true;
enableQuota = true;
2022-06-12 16:39:15 +01:00
modules = [pkgs.dovecot_pigeonhole];
2022-01-20 17:14:13 +01:00
mailGroup = "dovecot";
mailUser = "dovecot";
2022-02-09 11:03:51 +01:00
mailLocation = "maildir:/var/vmail/%d/%n";
2022-01-20 17:02:42 +01:00
mailPlugins = {
globally.enable = [
"old_stats"
];
perProtocol = {
imap.enable = [
"imap_sieve"
];
lda.enable = [
"sieve"
];
lmtp.enable = [
2022-01-20 17:33:44 +01:00
"sieve"
2022-01-20 17:02:42 +01:00
];
};
};
mailboxes = {
Drafts = {
specialUse = "Drafts";
auto = "subscribe";
};
Junk = {
specialUse = "Junk";
auto = "subscribe";
};
Trash = {
specialUse = "Trash";
auto = "subscribe";
};
Sent = {
specialUse = "Sent";
auto = "subscribe";
};
"Sent Messages" = {
specialUse = "Sent";
};
"virtual/All" = {
specialUse = "All";
auto = "subscribe";
};
};
sslServerCert = "/var/lib/acme/chir.rs/cert.pem";
sslServerKey = "/var/lib/acme/chir.rs/key.pem";
extraConfig = ''
service old-stats {
unix_listener old-stats {
user = dovecot-exporter
group = dovecot-exporter
mode = 0660
}
fifo_listener old-stats-mail {
mode = 0660
user = dovecot
group = dovecot
}
fifo_listener old-stats-user {
mode = 0660
user = dovecot
group = dovecot
}
}
plugin {
old_stats_refresh = 30 secs
old_stats_track_cmds = yes
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder or flag changed in Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY FLAG
imapsieve_mailbox1_before = file:${sieves.report-spam}/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${sieves.report-ham}/report-ham.sieve
sieve_pipe_bin_dir = /nix/store
sieve_global_extensions = +vnd.dovecot.pipe
sieve = ${sieves.default}/default.sieve
}
disable_plaintext_auth = yes
auth_mechanisms = plain login
2022-01-20 17:27:20 +01:00
passdb {
driver = sql
2022-01-22 15:17:32 +01:00
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
2022-01-20 17:27:20 +01:00
}
userdb {
driver = prefetch
}
userdb {
driver = sql
2022-01-22 15:17:32 +01:00
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
2022-01-20 17:27:20 +01:00
}
2022-01-23 12:09:30 +01:00
service auth {
unix_listener /run/dovecot2/auth {
mode = 0660
user = postfix
group = postfix
}
}
2022-02-09 11:22:21 +01:00
first_valid_uid = 76
2022-02-09 11:23:39 +01:00
last_valid_uid = 987
2022-01-20 17:02:42 +01:00
'';
user = "dovecot";
2022-01-20 17:06:10 +01:00
group = "dovecot";
2022-01-20 17:02:42 +01:00
};
services.prometheus.exporters.dovecot = {
enable = true;
2023-02-02 21:34:19 +01:00
listenAddress = "0.0.0.0";
2022-01-20 17:02:42 +01:00
};
2022-06-12 16:39:15 +01:00
sops.secrets."services/dovecot/rspamd_password" = {owner = "dovecot";};
sops.secrets."services/dovecot/dovecot-sql.conf.ext" = {owner = "dovecot";};
services.postgresql.ensureUsers = [
{
name = "dovecot";
ensurePermissions = {
"DATABASE \"postfix\"" = "CONNECT";
};
}
];
2022-01-22 16:03:19 +01:00
networking.firewall.allowedTCPPorts = [
110 # POP3
143 # IMAP
993 # IMAPS
995 # POP3S
];
2022-06-12 16:39:15 +01:00
security.acme.certs."chir.rs".reloadServices = ["dovecot2.service"];
2022-01-20 17:02:42 +01:00
}