From bf8fb31065f3a283947a3359f872bbcee8b7a317 Mon Sep 17 00:00:00 2001 From: Alexander Tomokhov Date: Mon, 30 Dec 2024 05:44:47 +0400 Subject: [PATCH] chore(mailserver): less hardcode --- sp-modules/simple-nixos-mailserver/auth-dovecot.nix | 13 +++++-------- .../config-paths-needed.json | 2 +- sp-modules/simple-nixos-mailserver/config.nix | 2 +- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix index 55f3197..0c2677d 100644 --- a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix +++ b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix @@ -7,7 +7,9 @@ let auth-passthru ; - ldapConfFile = "/run/dovecot2/dovecot-ldap.conf.ext"; # FIXME get "dovecot2" from `config` + runtime-directory = "dovecot2"; + + ldapConfFile = "/run/${runtime-directory}/dovecot-ldap.conf.ext"; mkLdapSearchScope = scope: ( if scope == "sub" then "subtree" else if scope == "one" then "onelevel" @@ -92,7 +94,7 @@ lib.mkIf config.selfprivacy.modules.auth.enable { service auth { unix_listener auth-userdb { mode = 0660 - user = dovecot2 + user = ${config.services.dovecot2.user} } unix_listener dovecot-auth { mode = 0660 @@ -107,12 +109,6 @@ lib.mkIf config.selfprivacy.modules.auth.enable { args = ${ldapConfFile} default_fields = home=/var/vmail/${domain}/%u uid=${toString config.mailserver.vmailUID} gid=${toString config.mailserver.vmailUID} } - - # with debugging OAuth2 token gets printed in logs - # auth_debug = yes - # auth_debug_passwords = yes - # auth_verbose = yes - # mail_debug = yes ''; services.dovecot2.enablePAM = false; systemd.services.dovecot2 = { @@ -121,6 +117,7 @@ lib.mkIf config.selfprivacy.modules.auth.enable { # FIXME pass dependant services to auth module option instead? wants = [ auth-passthru.oauth2-systemd-service ]; after = [ auth-passthru.oauth2-systemd-service ]; + serviceConfig.RuntimeDirectory = lib.mkForce [ runtime-directory ]; }; # does it merge with existing restartTriggers? diff --git a/sp-modules/simple-nixos-mailserver/config-paths-needed.json b/sp-modules/simple-nixos-mailserver/config-paths-needed.json index e717a3d..a057322 100644 --- a/sp-modules/simple-nixos-mailserver/config-paths-needed.json +++ b/sp-modules/simple-nixos-mailserver/config-paths-needed.json @@ -9,7 +9,7 @@ [ "selfprivacy", "useBinds" ], [ "selfprivacy", "username" ], [ "selfprivacy", "users" ], - [ "services", "dovecot2" ], + [ "services", "dovecot2", "user" ], [ "services", "opendkim" ], [ "services", "postfix", "group" ], [ "services", "postfix", "user" ], diff --git a/sp-modules/simple-nixos-mailserver/config.nix b/sp-modules/simple-nixos-mailserver/config.nix index c7da54d..2d830c0 100644 --- a/sp-modules/simple-nixos-mailserver/config.nix +++ b/sp-modules/simple-nixos-mailserver/config.nix @@ -167,7 +167,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable # bind.dn = "uid=mail,ou=persons," + ldap_base_dn; bind.dn = "dn=token"; # TODO change in this file should trigger system restart dovecot - bind.passwordFile = "/run/keys/mailserver/kanidm-service-account-token"; # FIXME + bind.passwordFile = mailserver-service-account-token-fp; # searchBase = "ou=persons," + ldap_base_dn; searchBase = auth-passthru.ldap-base-dn; # TODO refine this