summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2025-07-15 10:35:35 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2025-07-15 10:35:35 +0200
commit979e49fb31d5cf1bc528bdbad4884eeb7b67decd (patch)
tree3dea6d9ed02e9d78d1b598ea243132b7151b77ce /hosts
parent34dce9d5258e9ded19020420532f30e732106d66 (diff)
downloadnixos-979e49fb31d5cf1bc528bdbad4884eeb7b67decd.tar
nixos-979e49fb31d5cf1bc528bdbad4884eeb7b67decd.tar.gz
nixos-979e49fb31d5cf1bc528bdbad4884eeb7b67decd.tar.bz2
nixos-979e49fb31d5cf1bc528bdbad4884eeb7b67decd.tar.xz
nixos-979e49fb31d5cf1bc528bdbad4884eeb7b67decd.zip
...flakes-bumpflakes
Diffstat (limited to 'hosts')
-rw-r--r--hosts/surtr/email/default.nix42
1 files changed, 21 insertions, 21 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 2879c4a6..fa7ddac6 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -261,7 +261,7 @@ in {
261 virtual_transport = "dvlmtp:unix:/run/dovecot-lmtp"; 261 virtual_transport = "dvlmtp:unix:/run/dovecot-lmtp";
262 smtputf8_enable = false; 262 smtputf8_enable = false;
263 263
264 authorized_submit_users = "inline:{ root= postfwd= dovecot2= }"; 264 authorized_submit_users = "inline:{ root= postfwd= ${config.services.dovecot2.user}= }";
265 authorized_flush_users = "inline:{ root= }"; 265 authorized_flush_users = "inline:{ root= }";
266 authorized_mailq_users = "inline:{ root= }"; 266 authorized_mailq_users = "inline:{ root= }";
267 267
@@ -503,7 +503,7 @@ in {
503 }; 503 };
504 }; 504 };
505 505
506 users.groups.${config.services.rspamd.group}.members = [ config.services.postfix.user "dovecot2" ]; 506 users.groups.${config.services.rspamd.group}.members = [ config.services.postfix.user config.services.dovecot2.user ];
507 507
508 services.redis.servers.rspamd.enable = true; 508 services.redis.servers.rspamd.enable = true;
509 509
@@ -513,8 +513,8 @@ in {
513 services.dovecot2 = { 513 services.dovecot2 = {
514 enable = true; 514 enable = true;
515 enablePAM = false; 515 enablePAM = false;
516 sslServerCert = "/run/credentials/dovecot2.service/surtr.yggdrasil.li.pem"; 516 sslServerCert = "/run/credentials/dovecot.service/surtr.yggdrasil.li.pem";
517 sslServerKey = "/run/credentials/dovecot2.service/surtr.yggdrasil.li.key.pem"; 517 sslServerKey = "/run/credentials/dovecot.service/surtr.yggdrasil.li.key.pem";
518 sslCACert = toString ./ca/ca.crt; 518 sslCACert = toString ./ca/ca.crt;
519 mailLocation = "maildir:/var/lib/mail/%u/maildir:UTF-8:INDEX=/var/lib/dovecot/indices/%u"; 519 mailLocation = "maildir:/var/lib/mail/%u/maildir:UTF-8:INDEX=/var/lib/dovecot/indices/%u";
520 mailPlugins.globally.enable = [ "fts" "fts_xapian" ]; 520 mailPlugins.globally.enable = [ "fts" "fts_xapian" ];
@@ -527,8 +527,8 @@ in {
527 dovecotSqlConf = pkgs.writeText "dovecot-sql.conf" '' 527 dovecotSqlConf = pkgs.writeText "dovecot-sql.conf" ''
528 driver = pgsql 528 driver = pgsql
529 connect = dbname=email 529 connect = dbname=email
530 password_query = SELECT (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN NULL ELSE "password" END) as password, (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN true WHEN password IS NULL THEN true ELSE NULL END) as nopassword, "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n' 530 password_query = SELECT (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN NULL ELSE "password" END) as password, (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN true WHEN password IS NULL THEN true ELSE NULL END) as nopassword, "user", quota_rule, '${config.services.dovecot2.user}' as uid, '${config.services.dovecot2.group}' as gid FROM imap_user WHERE "user" = '%n'
531 user_query = SELECT "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n' 531 user_query = SELECT "user", quota_rule, '${config.services.dovecot2.user}' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'
532 iterate_query = SELECT "user" FROM imap_user 532 iterate_query = SELECT "user" FROM imap_user
533 ''; 533 '';
534 in '' 534 in ''
@@ -536,16 +536,16 @@ in {
536 536
537 mail_plugins = $mail_plugins quota 537 mail_plugins = $mail_plugins quota
538 538
539 first_valid_uid = ${toString config.users.users.dovecot2.uid} 539 first_valid_uid = ${toString config.users.users.${config.services.dovecot2.user}.uid}
540 last_valid_uid = ${toString config.users.users.dovecot2.uid} 540 last_valid_uid = ${toString config.users.users.${config.services.dovecot2.user}.uid}
541 first_valid_gid = ${toString config.users.groups.dovecot2.gid} 541 first_valid_gid = ${toString config.users.groups.${config.services.dovecot2.group}.gid}
542 last_valid_gid = ${toString config.users.groups.dovecot2.gid} 542 last_valid_gid = ${toString config.users.groups.${config.services.dovecot2.group}.gid}
543 543
544 ${concatMapStringsSep "\n\n" (domain: 544 ${concatMapStringsSep "\n\n" (domain:
545 concatMapStringsSep "\n" (subdomain: '' 545 concatMapStringsSep "\n" (subdomain: ''
546 local_name ${subdomain} { 546 local_name ${subdomain} {
547 ssl_cert = </run/credentials/dovecot2.service/${subdomain}.pem 547 ssl_cert = </run/credentials/dovecot.service/${subdomain}.pem
548 ssl_key = </run/credentials/dovecot2.service/${subdomain}.key.pem 548 ssl_key = </run/credentials/dovecot.service/${subdomain}.key.pem
549 } 549 }
550 '') ["imap.${domain}" domain] 550 '') ["imap.${domain}" domain]
551 ) emailDomains} 551 ) emailDomains}
@@ -566,10 +566,10 @@ in {
566 auth_debug = yes 566 auth_debug = yes
567 567
568 service auth { 568 service auth {
569 user = dovecot2 569 user = ${config.services.dovecot2.user}
570 } 570 }
571 service auth-worker { 571 service auth-worker {
572 user = dovecot2 572 user = ${config.services.dovecot2.user}
573 } 573 }
574 574
575 userdb { 575 userdb {
@@ -590,7 +590,7 @@ in {
590 args = ${pkgs.writeText "dovecot-sql.conf" '' 590 args = ${pkgs.writeText "dovecot-sql.conf" ''
591 driver = pgsql 591 driver = pgsql
592 connect = dbname=email 592 connect = dbname=email
593 user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local || '+' || extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local || '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' || extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC 593 user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, '${config.services.dovecot2.user}' as uid, '${config.services.dovecot2.group}' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local || '+' || extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local || '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' || extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC
594 ''} 594 ''}
595 595
596 skip = never 596 skip = never
@@ -713,8 +713,8 @@ in {
713 713
714 systemd.services.dovecot-fts-xapian-optimize = { 714 systemd.services.dovecot-fts-xapian-optimize = {
715 description = "Optimize dovecot indices for fts_xapian"; 715 description = "Optimize dovecot indices for fts_xapian";
716 requisite = [ "dovecot2.service" ]; 716 requisite = [ "dovecot.service" ];
717 after = [ "dovecot2.service" ]; 717 after = [ "dovecot.service" ];
718 startAt = "*-*-* 22:00:00 Europe/Berlin"; 718 startAt = "*-*-* 22:00:00 Europe/Berlin";
719 serviceConfig = { 719 serviceConfig = {
720 Type = "oneshot"; 720 Type = "oneshot";
@@ -779,14 +779,14 @@ in {
779 779
780 security.acme.rfc2136Domains = { 780 security.acme.rfc2136Domains = {
781 "surtr.yggdrasil.li" = { 781 "surtr.yggdrasil.li" = {
782 restartUnits = [ "postfix.service" "dovecot2.service" ]; 782 restartUnits = [ "postfix.service" "dovecot.service" ];
783 }; 783 };
784 } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains) 784 } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)
785 // listToAttrs (concatMap (domain: [ 785 // listToAttrs (concatMap (domain: [
786 (nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; }) 786 (nameValuePair domain { restartUnits = ["postfix.service" "dovecot.service"]; })
787 (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; }) 787 (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })
788 (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; }) 788 (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })
789 (nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; }) 789 (nameValuePair "imap.${domain}" { restartUnits = ["dovecot.service"]; })
790 (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; }) 790 (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })
791 ]) emailDomains); 791 ]) emailDomains);
792 792
@@ -798,7 +798,7 @@ in {
798 ] ++ concatMap (domain: map tlsCredential [domain "mailin.${domain}" "mailsub.${domain}"]) emailDomains; 798 ] ++ concatMap (domain: map tlsCredential [domain "mailin.${domain}" "mailsub.${domain}"]) emailDomains;
799 }; 799 };
800 800
801 systemd.services.dovecot2 = { 801 systemd.services.dovecot = {
802 preStart = '' 802 preStart = ''
803 for f in /etc/dovecot/sieve_flag.d/*.sieve /etc/dovecot/sieve_before.d/*.sieve; do 803 for f in /etc/dovecot/sieve_flag.d/*.sieve /etc/dovecot/sieve_before.d/*.sieve; do
804 ${getExe' pkgs.dovecot_pigeonhole "sievec"} $f 804 ${getExe' pkgs.dovecot_pigeonhole "sievec"} $f
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-16 22:09:38 +0000