thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(mailserver): less hardcode

Browse Source
This commit is contained in:
Alexander Tomokhov
2024-12-30 05:44:47 +04:00
parent 041479a48b
commit bf8fb31065
3 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
sp-modules/simple-nixos-mailserver/auth-dovecot.nix
View File

@@ -7,7 +7,9 @@ let
auth-passthru auth-passthru
; ;
ldapConfFile = "/run/dovecot2/dovecot-ldap.conf.ext"; # FIXME get "dovecot2" from `config` runtime-directory = "dovecot2";
ldapConfFile = "/run/${runtime-directory}/dovecot-ldap.conf.ext";
mkLdapSearchScope = scope: ( mkLdapSearchScope = scope: (
if scope == "sub" then "subtree" if scope == "sub" then "subtree"
else if scope == "one" then "onelevel" else if scope == "one" then "onelevel"
@@ -92,7 +94,7 @@ lib.mkIf config.selfprivacy.modules.auth.enable {
service auth { service auth {
unix_listener auth-userdb { unix_listener auth-userdb {
mode = 0660 mode = 0660
user = dovecot2 user = ${config.services.dovecot2.user}
} }
unix_listener dovecot-auth { unix_listener dovecot-auth {
mode = 0660 mode = 0660
@@ -107,12 +109,6 @@ lib.mkIf config.selfprivacy.modules.auth.enable {
args = ${ldapConfFile} args = ${ldapConfFile}
default_fields = home=/var/vmail/${domain}/%u uid=${toString config.mailserver.vmailUID} gid=${toString config.mailserver.vmailUID} default_fields = home=/var/vmail/${domain}/%u uid=${toString config.mailserver.vmailUID} gid=${toString config.mailserver.vmailUID}
} }
# with debugging OAuth2 token gets printed in logs
# auth_debug = yes
# auth_debug_passwords = yes
# auth_verbose = yes
# mail_debug = yes
''; '';
services.dovecot2.enablePAM = false; services.dovecot2.enablePAM = false;
systemd.services.dovecot2 = { systemd.services.dovecot2 = {
@@ -121,6 +117,7 @@ lib.mkIf config.selfprivacy.modules.auth.enable {
# FIXME pass dependant services to auth module option instead? # FIXME pass dependant services to auth module option instead?
wants = [ auth-passthru.oauth2-systemd-service ]; wants = [ auth-passthru.oauth2-systemd-service ];
after = [ auth-passthru.oauth2-systemd-service ]; after = [ auth-passthru.oauth2-systemd-service ];
serviceConfig.RuntimeDirectory = lib.mkForce [ runtime-directory ];
}; };
# does it merge with existing restartTriggers? # does it merge with existing restartTriggers?

2
sp-modules/simple-nixos-mailserver/config-paths-needed.json
View File

@@ -9,7 +9,7 @@
[ "selfprivacy", "useBinds" ], [ "selfprivacy", "useBinds" ],
[ "selfprivacy", "username" ], [ "selfprivacy", "username" ],
[ "selfprivacy", "users" ], [ "selfprivacy", "users" ],
[ "services", "dovecot2" ], [ "services", "dovecot2", "user" ],
[ "services", "opendkim" ], [ "services", "opendkim" ],
[ "services", "postfix", "group" ], [ "services", "postfix", "group" ],
[ "services", "postfix", "user" ], [ "services", "postfix", "user" ],

2
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -167,7 +167,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable
# bind.dn = "uid=mail,ou=persons," + ldap_base_dn; # bind.dn = "uid=mail,ou=persons," + ldap_base_dn;
bind.dn = "dn=token"; bind.dn = "dn=token";
# TODO change in this file should trigger system restart dovecot # TODO change in this file should trigger system restart dovecot
bind.passwordFile = "/run/keys/mailserver/kanidm-service-account-token"; # FIXME bind.passwordFile = mailserver-service-account-token-fp;
# searchBase = "ou=persons," + ldap_base_dn; # searchBase = "ou=persons," + ldap_base_dn;
searchBase = auth-passthru.ldap-base-dn; # TODO refine this searchBase = auth-passthru.ldap-base-dn; # TODO refine this