nixpkgs/nixos/modules/services/mail/dovecot.nix

240 lines
6.4 KiB
Nix
Raw Normal View History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.dovecot2;
2015-12-09 09:27:44 +00:00
dovecotPkg = cfg.package;
2015-12-09 09:27:44 +00:00
baseDir = "/run/dovecot2";
stateDir = "/var/lib/dovecot";
2015-12-09 09:27:44 +00:00
dovecotConf = concatStrings [
''
2015-12-09 09:27:44 +00:00
base_dir = ${baseDir}
2016-01-10 03:54:07 +00:00
protocols = ${concatStringsSep " " cfg.protocols}
''
2015-12-09 09:27:44 +00:00
(if isNull cfg.sslServerCert then ''
ssl = no
disable_plaintext_auth = no
'' else ''
ssl_cert = <${cfg.sslServerCert}
ssl_key = <${cfg.sslServerKey}
2015-12-09 09:27:44 +00:00
${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
disable_plaintext_auth = yes
'')
2015-12-09 09:27:44 +00:00
''
default_internal_user = ${cfg.user}
mail_location = ${cfg.mailLocation}
maildir_copy_with_hardlinks = yes
2015-12-09 09:27:44 +00:00
pop3_uidl_format = %08Xv%08Xu
auth_mechanisms = plain login
2015-12-09 09:27:44 +00:00
service auth {
user = root
}
2015-12-09 09:27:44 +00:00
''
(optionalString cfg.enablePAM ''
userdb {
driver = passwd
}
2015-12-09 09:27:44 +00:00
passdb {
driver = pam
args = ${optionalString cfg.showPAMFailure "failure_show_msg=yes"} dovecot2
}
2015-12-09 09:27:44 +00:00
'')
2015-12-09 09:27:44 +00:00
cfg.extraConfig
];
2015-12-09 09:27:44 +00:00
modulesDir = pkgs.symlinkJoin "dovecot-modules"
(map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules));
2015-12-09 09:27:44 +00:00
in
{
2015-12-09 09:27:44 +00:00
options.services.dovecot2 = {
enable = mkEnableOption "Dovecot 2.x POP3/IMAP server";
2015-12-09 09:27:44 +00:00
enablePop3 = mkOption {
type = types.bool;
default = true;
description = "Start the POP3 listener (when Dovecot is enabled).";
};
2015-12-09 09:27:44 +00:00
enableImap = mkOption {
type = types.bool;
default = true;
description = "Start the IMAP listener (when Dovecot is enabled).";
};
2015-12-09 09:27:44 +00:00
enableLmtp = mkOption {
type = types.bool;
default = false;
description = "Start the LMTP listener (when Dovecot is enabled).";
};
2016-01-10 03:54:07 +00:00
protocols = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Additional listeners to start when Dovecot is enabled.";
};
2015-12-09 09:27:44 +00:00
package = mkOption {
type = types.package;
default = pkgs.dovecot22;
defaultText = "pkgs.dovecot22";
2015-12-09 09:27:44 +00:00
description = "Dovecot package to use.";
};
2015-12-09 09:27:44 +00:00
user = mkOption {
type = types.str;
default = "dovecot2";
description = "Dovecot user name.";
};
2015-07-02 22:26:49 +01:00
2015-12-09 09:27:44 +00:00
group = mkOption {
type = types.str;
default = "dovecot2";
description = "Dovecot group name.";
};
2015-12-09 09:27:44 +00:00
extraConfig = mkOption {
type = types.str;
default = "";
example = "mail_debug = yes";
description = "Additional entries to put verbatim into Dovecot's config file.";
};
2015-12-09 09:27:44 +00:00
configFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Config file used for the whole dovecot configuration.";
apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf;
};
2015-12-09 09:27:44 +00:00
mailLocation = mkOption {
type = types.str;
default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */
example = "maildir:~/mail:INBOX=/var/spool/mail/%u";
description = ''
Location that dovecot will use for mail folders. Dovecot mail_location option.
'';
};
2015-12-09 09:27:44 +00:00
modules = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "[ pkgs.dovecot_pigeonhole ]";
2015-12-09 09:27:44 +00:00
description = ''
Symlinks the contents of lib/dovecot of every given package into
/etc/dovecot/modules. This will make the given modules available
2015-12-09 09:27:44 +00:00
if a dovecot package with the module_dir patch applied (like
pkgs.dovecot22, the default) is being used.
'';
};
2015-12-09 09:27:44 +00:00
sslCACert = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to the server's CA certificate key.";
};
2015-12-09 09:27:44 +00:00
sslServerCert = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to the server's public key.";
};
2015-12-09 09:27:44 +00:00
sslServerKey = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to the server's private key.";
};
2015-12-09 09:27:44 +00:00
enablePAM = mkOption {
type = types.bool;
default = true;
2016-01-06 20:09:06 +00:00
description = "Whether to create a own Dovecot PAM service and configure PAM user logins.";
};
2015-12-09 09:27:44 +00:00
showPAMFailure = mkOption {
type = types.bool;
default = false;
description = "Show the PAM failure message on authentication error (useful for OTPW).";
};
};
2015-12-09 09:27:44 +00:00
config = mkIf cfg.enable {
2015-12-09 09:27:44 +00:00
security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
2016-01-10 03:54:07 +00:00
services.dovecot2.protocols =
optional cfg.enableImap "imap"
++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp";
users.extraUsers = [
{ name = "dovenull";
uid = config.ids.uids.dovenull2;
description = "Dovecot user for untrusted logins";
group = cfg.group;
}
] ++ optional (cfg.user == "dovecot2")
{ name = "dovecot2";
uid = config.ids.uids.dovecot2;
description = "Dovecot user";
group = cfg.group;
};
users.extraGroups = optional (cfg.group == "dovecot2")
{ name = "dovecot2";
gid = config.ids.gids.dovecot2;
};
environment.etc."dovecot/modules".source = modulesDir;
2015-12-09 09:27:44 +00:00
systemd.services.dovecot2 = {
description = "Dovecot IMAP/POP3 server";
after = [ "keys.target" "network.target" ];
wants = [ "keys.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${dovecotPkg}/sbin/dovecot -F -c ${cfg.configFile}";
2016-01-06 20:09:06 +00:00
ExecReload = "${dovecotPkg}/sbin/doveadm reload -c ${cfg.configFile}";
2015-12-09 09:27:44 +00:00
Restart = "on-failure";
RestartSec = "1s";
StartLimitInterval = "1min";
RuntimeDirectory = [ "dovecot2" ];
};
2015-12-09 09:27:44 +00:00
};
2015-12-09 09:27:44 +00:00
environment.systemPackages = [ dovecotPkg ];
2015-12-09 09:27:44 +00:00
assertions = [
2016-01-10 03:54:07 +00:00
{ assertion = intersectLists cfg.protocols [ "pop3" "imap" ] != [];
2015-12-09 09:27:44 +00:00
message = "dovecot needs at least one of the IMAP or POP3 listeners enabled";
}
{ assertion = isNull cfg.sslServerCert == isNull cfg.sslServerKey
&& (!(isNull cfg.sslCACert) -> !(isNull cfg.sslServerCert || isNull cfg.sslServerKey));
message = "dovecot needs both sslServerCert and sslServerKey defined for working crypto";
}
{ assertion = cfg.showPAMFailure -> cfg.enablePAM;
message = "dovecot is configured with showPAMFailure while enablePAM is disabled";
}
];
};
}