Merge pull request 'add roundcube service' (#65) from def/selfprivacy-nixos-config:def/add_roundcube into flakes

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/65

sp-modules/roundcube/config-paths-needed.json

@@ -0,0 +1,5 @@
+[
+  ["selfprivacy", "domain"],
+  ["selfprivacy", "modules", "roundcube"],
+  ["mailserver", "fqdn"]
+]

sp-modules/roundcube/flake.nix

@@ -0,0 +1,9 @@
+{
+  description = "Roundcube is a web-based email client.";
+
+  outputs = { self }: {
+    nixosModules.default = import ./module.nix;
+    configPathsNeeded =
+      builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+  };
+}

sp-modules/roundcube/module.nix

@@ -0,0 +1,39 @@
+{ config, lib, ... }:
+let
+  domain = config.selfprivacy.domain;
+  cfg = config.selfprivacy.modules.roundcube;
+in
+{
+  options.selfprivacy.modules.roundcube = {
+    enable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+    };
+    subdomain = lib.mkOption {
+      default = "roundcube";
+      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.roundcube = {
+      enable = true;
+      # this is the url of the vhost, not necessarily the same as the fqdn of
+      # the mailserver
+      hostName = "${cfg.subdomain}.${config.selfprivacy.domain}";
+      extraConfig = ''
+        # starttls needed for authentication, so the fqdn required to match
+        # the certificate
+        $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
+        $config['smtp_user'] = "%u";
+        $config['smtp_pass'] = "%p";
+      '';
+    };
+    services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {
+      forceSSL = true;
+      useACMEHost = domain;
+    };
+  };
+}
+