nixos/modules/services/mail/dovecot.nix at 15.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / dovecot.nix
at 15.09-beta 4.5 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.dovecot2;
  8
  9  dovecotConf =
 10    ''
 11      base_dir = /var/run/dovecot2/
 12
 13      protocols = ${optionalString cfg.enableImap "imap"} ${optionalString cfg.enablePop3 "pop3"} ${optionalString cfg.enableLmtp "lmtp"}
 14    ''
 15    + (if cfg.sslServerCert!="" then
 16    ''
 17      ssl_cert = <${cfg.sslServerCert}
 18      ssl_key = <${cfg.sslServerKey}
 19      ssl_ca = <${cfg.sslCACert}
 20      disable_plaintext_auth = yes
 21    '' else ''
 22      ssl = no
 23      disable_plaintext_auth = no
 24    '')
 25
 26    + ''
 27      default_internal_user = ${cfg.user}
 28
 29      mail_location = ${cfg.mailLocation}
 30
 31      maildir_copy_with_hardlinks = yes
 32
 33      auth_mechanisms = plain login
 34      service auth {
 35        user = root
 36      }
 37      userdb {
 38        driver = passwd
 39      }
 40      passdb {
 41        driver = pam
 42        args = ${optionalString cfg.showPAMFailure "failure_show_msg=yes"} dovecot2
 43      }
 44
 45      pop3_uidl_format = %08Xv%08Xu
 46    '' + cfg.extraConfig;
 47
 48in
 49
 50{
 51
 52  ###### interface
 53
 54  options = {
 55
 56    services.dovecot2 = {
 57
 58      enable = mkOption {
 59        default = false;
 60        description = "Whether to enable the Dovecot 2.x POP3/IMAP server.";
 61      };
 62
 63      enablePop3 = mkOption {
 64        default = true;
 65        description = "Start the POP3 listener (when Dovecot is enabled).";
 66      };
 67
 68      enableImap = mkOption {
 69        default = true;
 70        description = "Start the IMAP listener (when Dovecot is enabled).";
 71      };
 72
 73      enableLmtp = mkOption {
 74        default = false;
 75        description = "Start the LMTP listener (when Dovecot is enabled).";
 76      };
 77
 78      user = mkOption {
 79        default = "dovecot2";
 80        description = "Dovecot user name.";
 81      };
 82
 83      group = mkOption {
 84        default = "dovecot2";
 85        description = "Dovecot group name.";
 86      };
 87
 88      extraConfig = mkOption {
 89        default = "";
 90        example = "mail_debug = yes";
 91        description = "Additional entries to put verbatim into Dovecot's config file.";
 92      };
 93
 94      configFile = mkOption {
 95        default = null;
 96        description = "Config file used for the whole dovecot configuration.";
 97        apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf;
 98      };
 99
100      mailLocation = mkOption {
101        default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */
102        example = "maildir:~/mail:INBOX=/var/spool/mail/%u";
103        description = ''
104          Location that dovecot will use for mail folders. Dovecot mail_location option.
105        '';
106      };
107
108      sslServerCert = mkOption {
109        default = "";
110        description = "Server certificate";
111      };
112
113      sslCACert = mkOption {
114        default = "";
115        description = "CA certificate used by the server certificate.";
116      };
117
118      sslServerKey = mkOption {
119        default = "";
120        description = "Server key.";
121      };
122
123      showPAMFailure = mkOption {
124        default = false;
125        description = "Show the PAM failure message on authentication error (useful for OTPW).";
126      };
127    };
128
129  };
130
131
132  ###### implementation
133
134  config = mkIf config.services.dovecot2.enable {
135
136    security.pam.services.dovecot2 = {};
137
138    users.extraUsers = [
139      { name = cfg.user;
140        uid = config.ids.uids.dovecot2;
141        description = "Dovecot user";
142        group = cfg.group;
143      }
144      { name = "dovenull";
145        uid = config.ids.uids.dovenull2;
146        description = "Dovecot user for untrusted logins";
147        group = cfg.group;
148      }
149    ];
150
151    users.extraGroups = singleton
152      { name = cfg.group;
153        gid = config.ids.gids.dovecot2;
154      };
155
156    systemd.services.dovecot2 =
157      { description = "Dovecot IMAP/POP3 server";
158
159        after = [ "network.target" ];
160        wantedBy = [ "multi-user.target" ];
161
162        preStart =
163          ''
164            ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot2 /var/run/dovecot2/login
165            ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} /var/run/dovecot2
166          '';
167
168        serviceConfig = {
169          ExecStart = "${pkgs.dovecot}/sbin/dovecot -F -c ${cfg.configFile}";
170          Restart = "on-failure";
171          RestartSec = "1s";
172          StartLimitInterval = "1min";
173        };
174
175      };
176
177    environment.systemPackages = [ pkgs.dovecot ];
178
179    assertions = [{ assertion = cfg.enablePop3 || cfg.enableImap;
180                    message = "dovecot needs at least one of the IMAP or POP3 listeners enabled";}];
181
182  };
183
184}