At least dovecot and postfix work together and with Thunderbird

svn path=/nixos/trunk/; revision=12223
2024-09-23 13:48:21 +03:00 · 2008-06-30 21:12:02 +00:00 · 2008-06-30 21:12:02 +00:00 · 2025d58c2a
commit 2025d58c2a
parent eb79938997
5 changed files with 172 additions and 3 deletions
--- a/system/ids.nix
+++ b/system/ids.nix
@ -16,6 +16,7 @@
    atd = 12;
    zabbix = 13;
    postfix = 14;
+    dovecot = 15;

    nixbld = 30000; # start of range of uids
    nobody = 65534;
@ -33,6 +34,7 @@
    atd = 12;
    postfix = 13;
    postdrop = 14;
+    dovecot = 15;

    audio = 17;

--- a/system/options.nix
+++ b/system/options.nix
@ -2189,6 +2189,63 @@
 	  Additional entries to put verbatim into aliases file.
 	";
      };
+
+      sslCert = mkOption {
+        default = "";
+	description = "
+	  SSL certificate to use.
+	";
+      };
+      sslCACert = mkOption {
+        default = "";
+	description = "
+	  SSL certificate of CA.
+	";
+      };
+      sslKey = mkOption {
+        default = "";
+	description ="
+	  SSL key to use.
+	";
+      };
+
+      recipientDelimiter = mkOption {
+        default = "";
+	example = "+";
+	description = "
+          Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
+	";
+      };
+
+    };
+
+    dovecot = {
+      enable = mkOption {
+        default = false;
+	description = "Whether to enable dovecot POP3/IMAP server.";
+      };
+
+      user = mkOption {
+        default = "dovecot";
+	description = "dovecot user name";
+      };
+      group = mkOption {
+        default = "dovecot";
+	description = "dovecot group name";
+      };
+
+      sslServerCert = mkOption {
+        default = "";
+	description = "Server certificate";
+      };
+      sslCACert = mkOption {
+        default = "";
+	description = "CA certificate used by server certificate";
+      };
+      sslServerKey = mkOption {
+        default = "";
+	description = "Server key";
+      };
    };

  };
--- a/upstart-jobs/default.nix
+++ b/upstart-jobs/default.nix
@ -396,6 +396,12 @@ let
      inherit config pkgs;
    })

+  # Dovecot POP3/IMAP server.
+  ++ optional config.services.dovecot.enable
+    (import ../upstart-jobs/dovecot.nix {
+      inherit config pkgs;
+    })
+
  # Handles the reboot/halt events.
  ++ (map
    (event: makeJob (import ../upstart-jobs/halt.nix {
--- a/upstart-jobs/dovecot.nix
+++ b/upstart-jobs/dovecot.nix
@ -0,0 +1,87 @@
+{config, pkgs}:
+let 
+  startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
+
+  cfg = config.services.dovecot;
+  idList = import ../system/ids.nix;
+
+  dovecotConf = 
+  ''
+    base_dir = /var/run/dovecot/ 
+
+    protocols = imap imaps pop3 pop3s
+  ''
+  + (if cfg.sslServerCert!="" then
+  ''
+    ssl_cert_file = ${cfg.sslServerCert}
+    ssl_key_file = ${cfg.sslServerKey}
+    ssl_ca_file = ${cfg.sslCACert}
+  '' else ''
+    ssl_disable = yes
+    disable_plaintext_auth = no
+  '')
+
+
+  + ''
+    login_user = ${cfg.user}
+    login_chroot = no
+
+    mail_location = maildir:/var/spool/mail/%u
+
+    maildir_copy_with_hardlinks = yes
+
+    auth default {
+      mechanisms = plain login 
+      userdb passwd {
+      }
+      passdb pam {
+      }
+      user = root 
+    }
+    auth_debug = yes
+    auth_verbose = yes
+
+    pop3_uidl_format = %08Xv%08Xu
+  ''
+  ;
+  confFile = pkgs.writeText "dovecot.conf" dovecotConf;
+
+  pamdFile = pkgs.writeText "dovecot.pam" ''
+    auth	include	common
+    account	include common
+  '';
+
+in
+{
+  name = "dovecot";
+  users = [{
+    name = cfg.user;
+    uid = idList.uids.dovecot;
+    description = "Dovecot user";
+    group = cfg.group;
+  }];
+  groups = [{
+    name = cfg.group;
+    gid = idList.gids.dovecot;
+  }];
+
+  job = ''
+    description "Dovecot IMAP/POP3 server"
+
+    start on ${startingDependency}/started
+    stop on never
+
+    start script
+      ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot /var/run/dovecot/login 
+      ${pkgs.coreutils}/bin/chown -R ${cfg.user}.${cfg.group} /var/run/dovecot
+    end script 
+
+    respawn ${pkgs.dovecot}/sbin/dovecot -F -c ${confFile}
+  '';
+
+  extraEtc = [{ 
+    source = pamdFile;
+    target = "pam.d/dovecot";
+  }];
+}
+
--- a/upstart-jobs/postfix.nix
+++ b/upstart-jobs/postfix.nix
@ -68,6 +68,23 @@ let

    setgid_group = ${setgidGroup}
  '')
+  + optionalString (cfg.sslCert != "") (''
+
+    smtp_tls_CAfile = ${cfg.sslCACert}
+    smtp_tls_cert_file = ${cfg.sslCert}
+    smtp_tls_key_file = ${cfg.sslKey}
+
+    smtp_use_tls = yes
+
+    smtpd_tls_CAfile = ${cfg.sslCACert}
+    smtpd_tls_cert_file = ${cfg.sslCert}
+    smtpd_tls_key_file = ${cfg.sslKey}
+
+    smtpd_use_tls = yes 
+
+    recipientDelimiter = ${cfg.recipientDelimiter}
+
+  '')
  ;

  aliases = 
@ -121,10 +138,10 @@ in
          ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
        fi
          
-	${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix 
-	${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue 
+	${pkgs.coreutils}/bin/chown -R ${user}.${group} /var/postfix 
+	${pkgs.coreutils}/bin/chown -R ${user}.${setgidGroup} /var/postfix/queue 
 	${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue 
-	${pkgs.coreutils}/bin/chown -R root:root /var/spool/mail
+	${pkgs.coreutils}/bin/chown -R root.root /var/spool/mail
 	${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
        
 	ln -sf ${pkgs.postfix}/share/postfix/conf/* /var/postfix/conf