1 files changed, 21 insertions, 21 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 2879c4a6..fa7ddac6 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -261,7 +261,7 @@ in {
        virtual_transport = "dvlmtp:unix:/run/dovecot-lmtp";
        smtputf8_enable = false;
-        authorized_submit_users = "inline:{ root= postfwd= dovecot2= }";
+        authorized_submit_users = "inline:{ root= postfwd= ${config.services.dovecot2.user}= }";
        authorized_flush_users = "inline:{ root= }";
        authorized_mailq_users = "inline:{ root= }";
@@ -503,7 +503,7 @@ in {
      };
    };
-    users.groups.${config.services.rspamd.group}.members = [ config.services.postfix.user "dovecot2" ];
+    users.groups.${config.services.rspamd.group}.members = [ config.services.postfix.user config.services.dovecot2.user ];
    services.redis.servers.rspamd.enable = true;
@@ -513,8 +513,8 @@ in {
    services.dovecot2 = {
      enable = true;
      enablePAM = false;
-      sslServerCert = "/run/credentials/dovecot2.service/surtr.yggdrasil.li.pem";
+      sslServerCert = "/run/credentials/dovecot.service/surtr.yggdrasil.li.pem";
-      sslServerKey = "/run/credentials/dovecot2.service/surtr.yggdrasil.li.key.pem";
+      sslServerKey = "/run/credentials/dovecot.service/surtr.yggdrasil.li.key.pem";
      sslCACert = toString ./ca/ca.crt;
      mailLocation = "maildir:/var/lib/mail/%u/maildir:UTF-8:INDEX=/var/lib/dovecot/indices/%u";
      mailPlugins.globally.enable = [ "fts" "fts_xapian" ];
@@ -527,8 +527,8 @@ in {
        dovecotSqlConf = pkgs.writeText "dovecot-sql.conf" ''
          driver = pgsql
          connect = dbname=email
-          password_query = SELECT (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN NULL ELSE "password" END) as password, (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN true WHEN password IS NULL THEN true ELSE NULL END) as nopassword, "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'
+          password_query = SELECT (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN NULL ELSE "password" END) as password, (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN true WHEN password IS NULL THEN true ELSE NULL END) as nopassword, "user", quota_rule, '${config.services.dovecot2.user}' as uid, '${config.services.dovecot2.group}' as gid FROM imap_user WHERE "user" = '%n'
-          user_query = SELECT "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'
+          user_query = SELECT "user", quota_rule, '${config.services.dovecot2.user}' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'
          iterate_query = SELECT "user" FROM imap_user
        '';
      in ''
@@ -536,16 +536,16 @@ in {
        mail_plugins = $mail_plugins quota
-        first_valid_uid = ${toString config.users.users.dovecot2.uid}
+        first_valid_uid = ${toString config.users.users.${config.services.dovecot2.user}.uid}
-        last_valid_uid = ${toString config.users.users.dovecot2.uid}
+        last_valid_uid = ${toString config.users.users.${config.services.dovecot2.user}.uid}
-        first_valid_gid = ${toString config.users.groups.dovecot2.gid}
+        first_valid_gid = ${toString config.users.groups.${config.services.dovecot2.group}.gid}
-        last_valid_gid = ${toString config.users.groups.dovecot2.gid}
+        last_valid_gid = ${toString config.users.groups.${config.services.dovecot2.group}.gid}
        ${concatMapStringsSep "\n\n" (domain:
          concatMapStringsSep "\n" (subdomain: ''
            local_name ${subdomain} {
-              ssl_cert = </run/credentials/dovecot2.service/${subdomain}.pem
+              ssl_cert = </run/credentials/dovecot.service/${subdomain}.pem
-              ssl_key = </run/credentials/dovecot2.service/${subdomain}.key.pem
+              ssl_key = </run/credentials/dovecot.service/${subdomain}.key.pem
            }
          '') ["imap.${domain}" domain]
        ) emailDomains}
@@ -566,10 +566,10 @@ in {
        auth_debug = yes
        service auth {
-          user = dovecot2
+          user = ${config.services.dovecot2.user}
        }
        service auth-worker {
-          user = dovecot2
+          user = ${config.services.dovecot2.user}
        }
        userdb {
@@ -590,7 +590,7 @@ in {
            args = ${pkgs.writeText "dovecot-sql.conf" ''
              driver = pgsql
              connect = dbname=email
-              user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local || '+' || extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local || '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' || extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC
+              user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, '${config.services.dovecot2.user}' as uid, '${config.services.dovecot2.group}' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local || '+' || extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local || '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' || extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC
            ''}
            skip = never
@@ -713,8 +713,8 @@ in {
    systemd.services.dovecot-fts-xapian-optimize = {
      description = "Optimize dovecot indices for fts_xapian";
-      requisite = [ "dovecot2.service" ];
+      requisite = [ "dovecot.service" ];
-      after = [ "dovecot2.service" ];
+      after = [ "dovecot.service" ];
      startAt = "*-*-* 22:00:00 Europe/Berlin";
      serviceConfig = {
        Type = "oneshot";
@@ -779,14 +779,14 @@ in {
    security.acme.rfc2136Domains = {
      "surtr.yggdrasil.li" = {
-        restartUnits = [ "postfix.service" "dovecot2.service" ];
+        restartUnits = [ "postfix.service" "dovecot.service" ];
      };
    } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)
    // listToAttrs (concatMap (domain: [
-      (nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; })
+      (nameValuePair domain { restartUnits = ["postfix.service" "dovecot.service"]; })
      (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })
      (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })
-      (nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; })
+      (nameValuePair "imap.${domain}" { restartUnits = ["dovecot.service"]; })
      (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })
    ]) emailDomains);
@@ -798,7 +798,7 @@ in {
      ] ++ concatMap (domain: map tlsCredential [domain "mailin.${domain}" "mailsub.${domain}"]) emailDomains;
    };
-    systemd.services.dovecot2 = {
+    systemd.services.dovecot = {
      preStart = ''
        for f in /etc/dovecot/sieve_flag.d/*.sieve /etc/dovecot/sieve_before.d/*.sieve; do
          ${getExe' pkgs.dovecot_pigeonhole "sievec"} $f

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 2879c4a6..fa7ddac6 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix
@@ -261,7 +261,7 @@ in {
261	virtual_transport = "dvlmtp:unix:/run/dovecot-lmtp";	261	virtual_transport = "dvlmtp:unix:/run/dovecot-lmtp";
262	smtputf8_enable = false;	262	smtputf8_enable = false;
263		263
264	authorized_submit_users = "inline:{ root= postfwd= dovecot2= }";	264	authorized_submit_users = "inline:{ root= postfwd= ${config.services.dovecot2.user}= }";
265	authorized_flush_users = "inline:{ root= }";	265	authorized_flush_users = "inline:{ root= }";
266	authorized_mailq_users = "inline:{ root= }";	266	authorized_mailq_users = "inline:{ root= }";
267		267
@@ -503,7 +503,7 @@ in {
503	};	503	};
504	};	504	};
505		505
506	users.groups.${config.services.rspamd.group}.members = [ config.services.postfix.user "dovecot2" ];	506	users.groups.${config.services.rspamd.group}.members = [ config.services.postfix.user config.services.dovecot2.user ];
507		507
508	services.redis.servers.rspamd.enable = true;	508	services.redis.servers.rspamd.enable = true;
509		509
@@ -513,8 +513,8 @@ in {
513	services.dovecot2 = {	513	services.dovecot2 = {
514	enable = true;	514	enable = true;
515	enablePAM = false;	515	enablePAM = false;
516	sslServerCert = "/run/credentials/dovecot2.service/surtr.yggdrasil.li.pem";	516	sslServerCert = "/run/credentials/dovecot.service/surtr.yggdrasil.li.pem";
517	sslServerKey = "/run/credentials/dovecot2.service/surtr.yggdrasil.li.key.pem";	517	sslServerKey = "/run/credentials/dovecot.service/surtr.yggdrasil.li.key.pem";
518	sslCACert = toString ./ca/ca.crt;	518	sslCACert = toString ./ca/ca.crt;
519	mailLocation = "maildir:/var/lib/mail/%u/maildir:UTF-8:INDEX=/var/lib/dovecot/indices/%u";	519	mailLocation = "maildir:/var/lib/mail/%u/maildir:UTF-8:INDEX=/var/lib/dovecot/indices/%u";
520	mailPlugins.globally.enable = [ "fts" "fts_xapian" ];	520	mailPlugins.globally.enable = [ "fts" "fts_xapian" ];
@@ -527,8 +527,8 @@ in {
527	dovecotSqlConf = pkgs.writeText "dovecot-sql.conf" ''	527	dovecotSqlConf = pkgs.writeText "dovecot-sql.conf" ''
528	driver = pgsql	528	driver = pgsql
529	connect = dbname=email	529	connect = dbname=email
530	password_query = SELECT (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN NULL ELSE "password" END) as password, (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN true WHEN password IS NULL THEN true ELSE NULL END) as nopassword, "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'	530	password_query = SELECT (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN NULL ELSE "password" END) as password, (CASE WHEN '%k' = 'valid' AND '%m' = 'EXTERNAL' THEN true WHEN password IS NULL THEN true ELSE NULL END) as nopassword, "user", quota_rule, '${config.services.dovecot2.user}' as uid, '${config.services.dovecot2.group}' as gid FROM imap_user WHERE "user" = '%n'
531	user_query = SELECT "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'	531	user_query = SELECT "user", quota_rule, '${config.services.dovecot2.user}' as uid, 'dovecot2' as gid FROM imap_user WHERE "user" = '%n'
532	iterate_query = SELECT "user" FROM imap_user	532	iterate_query = SELECT "user" FROM imap_user
533	'';	533	'';
534	in ''	534	in ''
@@ -536,16 +536,16 @@ in {
536		536
537	mail_plugins = $mail_plugins quota	537	mail_plugins = $mail_plugins quota
538		538
539	first_valid_uid = ${toString config.users.users.dovecot2.uid}	539	first_valid_uid = ${toString config.users.users.${config.services.dovecot2.user}.uid}
540	last_valid_uid = ${toString config.users.users.dovecot2.uid}	540	last_valid_uid = ${toString config.users.users.${config.services.dovecot2.user}.uid}
541	first_valid_gid = ${toString config.users.groups.dovecot2.gid}	541	first_valid_gid = ${toString config.users.groups.${config.services.dovecot2.group}.gid}
542	last_valid_gid = ${toString config.users.groups.dovecot2.gid}	542	last_valid_gid = ${toString config.users.groups.${config.services.dovecot2.group}.gid}
543		543
544	${concatMapStringsSep "\n\n" (domain:	544	${concatMapStringsSep "\n\n" (domain:
545	concatMapStringsSep "\n" (subdomain: ''	545	concatMapStringsSep "\n" (subdomain: ''
546	local_name ${subdomain} {	546	local_name ${subdomain} {
547	ssl_cert = </run/credentials/dovecot2.service/${subdomain}.pem	547	ssl_cert = </run/credentials/dovecot.service/${subdomain}.pem
548	ssl_key = </run/credentials/dovecot2.service/${subdomain}.key.pem	548	ssl_key = </run/credentials/dovecot.service/${subdomain}.key.pem
549	}	549	}
550	'') ["imap.${domain}" domain]	550	'') ["imap.${domain}" domain]
551	) emailDomains}	551	) emailDomains}
@@ -566,10 +566,10 @@ in {
566	auth_debug = yes	566	auth_debug = yes
567		567
568	service auth {	568	service auth {
569	user = dovecot2	569	user = ${config.services.dovecot2.user}
570	}	570	}
571	service auth-worker {	571	service auth-worker {
572	user = dovecot2	572	user = ${config.services.dovecot2.user}
573	}	573	}
574		574
575	userdb {	575	userdb {
@@ -590,7 +590,7 @@ in {
590	args = ${pkgs.writeText "dovecot-sql.conf" ''	590	args = ${pkgs.writeText "dovecot-sql.conf" ''
591	driver = pgsql	591	driver = pgsql
592	connect = dbname=email	592	connect = dbname=email
593	user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, 'dovecot2' as uid, 'dovecot2' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local \|\| '+' \|\| extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local \|\| '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' \|\| extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC	593	user_query = SELECT DISTINCT ON (extension IS NULL, local IS NULL) "user", quota_rule, '${config.services.dovecot2.user}' as uid, '${config.services.dovecot2.group}' as gid FROM lmtp_mapping WHERE CASE WHEN extension IS NOT NULL AND local IS NOT NULL THEN ('%n' :: citext) = local \|\| '+' \|\| extension AND domain = ('%d' :: citext) WHEN local IS NOT NULL THEN (local = ('%n' :: citext) OR ('%n' :: citext) ILIKE local \|\| '+%%') AND domain = ('%d' :: citext) WHEN extension IS NOT NULL THEN ('%n' :: citext) ILIKE '%%+' \|\| extension AND domain = ('%d' :: citext) ELSE domain = ('%d' :: citext) END ORDER BY (extension IS NULL) ASC, (local IS NULL) ASC
594	''}	594	''}
595		595
596	skip = never	596	skip = never
@@ -713,8 +713,8 @@ in {
713		713
714	systemd.services.dovecot-fts-xapian-optimize = {	714	systemd.services.dovecot-fts-xapian-optimize = {
715	description = "Optimize dovecot indices for fts_xapian";	715	description = "Optimize dovecot indices for fts_xapian";
716	requisite = [ "dovecot2.service" ];	716	requisite = [ "dovecot.service" ];
717	after = [ "dovecot2.service" ];	717	after = [ "dovecot.service" ];
718	startAt = "--* 22:00:00 Europe/Berlin";	718	startAt = "--* 22:00:00 Europe/Berlin";
719	serviceConfig = {	719	serviceConfig = {
720	Type = "oneshot";	720	Type = "oneshot";
@@ -779,14 +779,14 @@ in {
779		779
780	security.acme.rfc2136Domains = {	780	security.acme.rfc2136Domains = {
781	"surtr.yggdrasil.li" = {	781	"surtr.yggdrasil.li" = {
782	restartUnits = [ "postfix.service" "dovecot2.service" ];	782	restartUnits = [ "postfix.service" "dovecot.service" ];
783	};	783	};
784	} // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)	784	} // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)
785	// listToAttrs (concatMap (domain: [	785	// listToAttrs (concatMap (domain: [
786	(nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; })	786	(nameValuePair domain { restartUnits = ["postfix.service" "dovecot.service"]; })
787	(nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })	787	(nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })
788	(nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })	788	(nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })
789	(nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; })	789	(nameValuePair "imap.${domain}" { restartUnits = ["dovecot.service"]; })
790	(nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })	790	(nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })
791	]) emailDomains);	791	]) emailDomains);
792		792
@@ -798,7 +798,7 @@ in {
798	] ++ concatMap (domain: map tlsCredential [domain "mailin.${domain}" "mailsub.${domain}"]) emailDomains;	798	] ++ concatMap (domain: map tlsCredential [domain "mailin.${domain}" "mailsub.${domain}"]) emailDomains;
799	};	799	};
800		800
801	systemd.services.dovecot2 = {	801	systemd.services.dovecot = {
802	preStart = ''	802	preStart = ''
803	for f in /etc/dovecot/sieve_flag.d/.sieve /etc/dovecot/sieve_before.d/.sieve; do	803	for f in /etc/dovecot/sieve_flag.d/.sieve /etc/dovecot/sieve_before.d/.sieve; do
804	${getExe' pkgs.dovecot_pigeonhole "sievec"} $f	804	${getExe' pkgs.dovecot_pigeonhole "sievec"} $f