infra/nix/os/containers/mailserver.nix

{ ... } @ args:

let
  passwords = import ../../variables/passwords.crypt.nix;

in args // {
  config = { pkgs, ... }: {
    imports = [
      ../profiles/containers/configuration.nix
      ../profiles/common/user.nix
    ];

    networking.firewall.enable = false;

    services.ddclientovh = {
        enable = true;
        domain = "mailserver.svc.stefanjunker.de";
    };

    services.dovecot2 = {
      enable = true;

      modules = [ pkgs.dovecot_pigeonhole ];
      protocols = [ "sieve" ];

      enableImap = true;
      enableLmtp = true;
      enablePAM = true;
      showPAMFailure = true;
      mailLocation = "maildir:~/.maildir";
      sslServerCert = "/etc/secrets/server.pem";
      sslServerKey = "/etc/secrets/server.key";

      #configFile = "/etc/dovecot/dovecot2_manual.conf";
      extraConfig = ''
        auth_mechanisms = cram-md5 digest-md5
        auth_verbose = yes
        
        passdb {
          driver = passwd-file
          args = scheme=CRYPT username_format=%u /etc/dovecot/users
        }

      '';

    };

    environment.etc."dovecot/users".text = ''
      steveej:${passwords.email.steveej}
    '';

    systemd.services.steveej-getmail-stefanjunker = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      serviceConfig.User = "steveej";
      serviceConfig.Group = "users";
      serviceConfig.RestartSec = 600;
      serviceConfig.Restart = "always";
      description = "Getmail service";
      path = [ pkgs.getmail ];
      script = let
          rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
            [options]
            verbose = 1
            read_all = 0
            delete_after = 30

            [retriever]
            type = SimpleIMAPSSLRetriever
            server = ssl0.ovh.net
            port = 993
            username = mail@stefanjunker.de
            password = ${passwords.email.mailStefanjunkerDe}
            mailboxes = ('INBOX',)

            [destination]
            type = MDA_external
            path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
          '';
        in ''
          getmail --rcfile=${rc} --idle=INBOX
      '';
    };

    systemd.services.steveej-getmail-webde = {
      enable = true;
      wantedBy = [ "multi-user.target" ];
      serviceConfig.User = "steveej";
      serviceConfig.Group = "users";
      description = "Getmail service";
      path = [ pkgs.getmail ];
      serviceConfig.RestartSec = 1000;
      serviceConfig.Restart = "always";
      script = let
          rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
            [options]
            verbose = 1
            read_all = 0
            delete_after = 30

            [retriever]
            type = SimpleIMAPSSLRetriever
            server = imap.web.de
            port = 993
            username = schtif
            password = ${passwords.email.schtifATwebDe}
            mailboxes = ('INBOX',)

            [destination]
            type = Maildir
            path = ~/.maildir/
          '';
        in ''
          getmail --rcfile=${rc}
      '';
      };
    };

  autoStart = true;

  bindMounts = {
    "/etc/secrets/" = { 
      hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
      isReadOnly = false;
    };

    "/home" = { 
      hostPath = "/var/lib/container-volumes/mailserver/home";
      isReadOnly = false;
    };
  };

  privateNetwork = true ;
  forwardPorts = [
    {
      # imaps
      containerPort = 993;
      hostPort = 993;
      protocol = "tcp";
    }

    {
      # sieve
      containerPort = 4190;
      hostPort = 4190;
      protocol = "tcp";
    }
  ];
}
nix/os,CFB4ED74: add mailserver container 2019-01-28 15:50:31 +01:00			`{ ... } @ args:`

			`let`
			`passwords = import ../../variables/passwords.crypt.nix;`

			`in args // {`
			`config = { pkgs, ... }: {`
			`imports = [`
nix/os/containers: add new profile 2019-02-03 14:31:21 +01:00			`../profiles/containers/configuration.nix`
nix/os,CFB4ED74: add mailserver container 2019-01-28 15:50:31 +01:00			`../profiles/common/user.nix`
			`];`

			`networking.firewall.enable = false;`

nix/os/containers: configure ddclient-ovh respectively 2019-02-03 11:58:07 +01:00			`services.ddclientovh = {`
			`enable = true;`
			`domain = "mailserver.svc.stefanjunker.de";`
			`};`

nix/os,CFB4ED74: add mailserver container 2019-01-28 15:50:31 +01:00			`services.dovecot2 = {`
			`enable = true;`

			`modules = [ pkgs.dovecot_pigeonhole ];`
			`protocols = [ "sieve" ];`

			`enableImap = true;`
			`enableLmtp = true;`
			`enablePAM = true;`
			`showPAMFailure = true;`
			`mailLocation = "maildir:~/.maildir";`
			`sslServerCert = "/etc/secrets/server.pem";`
			`sslServerKey = "/etc/secrets/server.key";`

			`#configFile = "/etc/dovecot/dovecot2_manual.conf";`
			`extraConfig = ''`
			`auth_mechanisms = cram-md5 digest-md5`
			`auth_verbose = yes`

			`passdb {`
			`driver = passwd-file`
			`args = scheme=CRYPT username_format=%u /etc/dovecot/users`
			`}`

			`'';`

			`};`

			`environment.etc."dovecot/users".text = ''`
			`steveej:${passwords.email.steveej}`
			`'';`

			`systemd.services.steveej-getmail-stefanjunker = {`
			`enable = true;`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig.User = "steveej";`
			`serviceConfig.Group = "users";`
nix/os/containers/mailserver: use LDA delivery and fix restart times 2019-02-17 10:02:16 +01:00			`serviceConfig.RestartSec = 600;`
			`serviceConfig.Restart = "always";`
nix/os,CFB4ED74: add mailserver container 2019-01-28 15:50:31 +01:00			`description = "Getmail service";`
			`path = [ pkgs.getmail ];`
			`script = let`
			`rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''`
			`[options]`
			`verbose = 1`
			`read_all = 0`
			`delete_after = 30`

			`[retriever]`
			`type = SimpleIMAPSSLRetriever`
			`server = ssl0.ovh.net`
			`port = 993`
			`username = mail@stefanjunker.de`
			`password = ${passwords.email.mailStefanjunkerDe}`
			`mailboxes = ('INBOX',)`

			`[destination]`
nix/os/containers/mailserver: use LDA delivery and fix restart times 2019-02-17 10:02:16 +01:00			`type = MDA_external`
			`path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda`
nix/os,CFB4ED74: add mailserver container 2019-01-28 15:50:31 +01:00			`'';`
			`in ''`
			`getmail --rcfile=${rc} --idle=INBOX`
			`'';`
			`};`

			`systemd.services.steveej-getmail-webde = {`
			`enable = true;`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig.User = "steveej";`
			`serviceConfig.Group = "users";`
			`description = "Getmail service";`
			`path = [ pkgs.getmail ];`
nix/os/containers/mailserver: use LDA delivery and fix restart times 2019-02-17 10:02:16 +01:00			`serviceConfig.RestartSec = 1000;`
nix/os,CFB4ED74: add mailserver container 2019-01-28 15:50:31 +01:00			`serviceConfig.Restart = "always";`
			`script = let`
			`rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''`
			`[options]`
			`verbose = 1`
			`read_all = 0`
			`delete_after = 30`

			`[retriever]`
			`type = SimpleIMAPSSLRetriever`
			`server = imap.web.de`
			`port = 993`
			`username = schtif`
			`password = ${passwords.email.schtifATwebDe}`
			`mailboxes = ('INBOX',)`

			`[destination]`
			`type = Maildir`
			`path = ~/.maildir/`
			`'';`
			`in ''`
			`getmail --rcfile=${rc}`
			`'';`
			`};`
			`};`

			`autoStart = true;`

			`bindMounts = {`
			`"/etc/secrets/" = {`
			`hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";`
			`isReadOnly = false;`
			`};`

			`"/home" = {`
			`hostPath = "/var/lib/container-volumes/mailserver/home";`
			`isReadOnly = false;`
			`};`
			`};`

			`privateNetwork = true ;`
			`forwardPorts = [`
			`{`
			`# imaps`
			`containerPort = 993;`
			`hostPort = 993;`
			`protocol = "tcp";`
			`}`

			`{`
			`# sieve`
			`containerPort = 4190;`
			`hostPort = 4190;`
			`protocol = "tcp";`
			`}`
			`];`
			`}`