nix/os,CFB4ED74: add mailserver container

2019-01-28 15:50:31 +01:00 · 2019-01-28 15:50:31 +01:00 · 8f0b7550aa
commit 8f0b7550aa
parent 9f807aa838
3 changed files with 154 additions and 0 deletions
--- a/nix/os/containers/mailserver.nix
+++ b/nix/os/containers/mailserver.nix
@ -0,0 +1,141 @@
+{ ... } @ args:
+
+let
+  passwords = import ../../variables/passwords.crypt.nix;
+
+in args // {
+  config = { pkgs, ... }: {
+    imports = [
+      ../profiles/common/user.nix
+    ];
+
+    networking.firewall.enable = false;
+
+    services.dovecot2 = {
+      enable = true;
+
+      modules = [ pkgs.dovecot_pigeonhole ];
+      protocols = [ "sieve" ];
+
+      enableImap = true;
+      enableLmtp = true;
+      enablePAM = true;
+      showPAMFailure = true;
+      mailLocation = "maildir:~/.maildir";
+      sslServerCert = "/etc/secrets/server.pem";
+      sslServerKey = "/etc/secrets/server.key";
+
+      #configFile = "/etc/dovecot/dovecot2_manual.conf";
+      extraConfig = ''
+        auth_mechanisms = cram-md5 digest-md5
+        auth_verbose = yes
+        
+        passdb {
+          driver = passwd-file
+          args = scheme=CRYPT username_format=%u /etc/dovecot/users
+        }
+
+      '';
+
+    };
+
+    environment.etc."dovecot/users".text = ''
+      steveej:${passwords.email.steveej}
+    '';
+
+    systemd.services.steveej-getmail-stefanjunker = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.User = "steveej";
+      serviceConfig.Group = "users";
+      description = "Getmail service";
+      path = [ pkgs.getmail ];
+      script = let
+          rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
+            [options]
+            verbose = 1
+            read_all = 0
+            delete_after = 30
+
+            [retriever]
+            type = SimpleIMAPSSLRetriever
+            server = ssl0.ovh.net
+            port = 993
+            username = mail@stefanjunker.de
+            password = ${passwords.email.mailStefanjunkerDe}
+            mailboxes = ('INBOX',)
+
+            [destination]
+            type = Maildir
+            path = ~/.maildir/
+          '';
+        in ''
+          getmail --rcfile=${rc} --idle=INBOX
+      '';
+    };
+
+    systemd.services.steveej-getmail-webde = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.User = "steveej";
+      serviceConfig.Group = "users";
+      description = "Getmail service";
+      path = [ pkgs.getmail ];
+      serviceConfig.RestartSec = 900;
+      serviceConfig.Restart = "always";
+      script = let
+          rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
+            [options]
+            verbose = 1
+            read_all = 0
+            delete_after = 30
+
+            [retriever]
+            type = SimpleIMAPSSLRetriever
+            server = imap.web.de
+            port = 993
+            username = schtif
+            password = ${passwords.email.schtifATwebDe}
+            mailboxes = ('INBOX',)
+
+            [destination]
+            type = Maildir
+            path = ~/.maildir/
+          '';
+        in ''
+          getmail --rcfile=${rc}
+      '';
+      };
+    };
+
+  autoStart = true;
+
+  bindMounts = {
+    "/etc/secrets/" = { 
+      hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
+      isReadOnly = false;
+    };
+
+    "/home" = { 
+      hostPath = "/var/lib/container-volumes/mailserver/home";
+      isReadOnly = false;
+    };
+  };
+
+  privateNetwork = true ;
+  forwardPorts = [
+    {
+      # imaps
+      containerPort = 993;
+      hostPort = 993;
+      protocol = "tcp";
+    }
+
+    {
+      # sieve
+      containerPort = 4190;
+      hostPort = 4190;
+      protocol = "tcp";
+    }
+  ];
+}