Group storage and vmail user options at mailserver.storage

Create a nicer option structure that deals with the mail storage and its
owner, uid, group and gid. Also includes the directory layout as a
property of how mails are stored..

mail-server/assertions.nix

@@ -98,22 +98,20 @@ in
         ) config.mailserver.dkim.domains
       )
     )
-    ++
-      lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail")
-        [
-          {
-            assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 2;
-            message = ''
-              Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`.
-              Remediation:
-                - Stop the `dovecot.service`
-                - Move `/var/vmail/ldap` below your `mailserver.mailDirectory`
-                - Increase the `stateVersion` to 2.
+    ++ lib.optionals (config.mailserver.ldap.enable && config.mailserver.storage.path != "/var/vmail") [
+      {
+        assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 2;
+        message = ''
+          Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.storage.path`.
+          Remediation:
+            - Stop the `dovecot.service`
+            - Move `/var/vmail/ldap` below your `mailserver.storage.path`
+            - Increase the `stateVersion` to 2.
 
-              Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-ldap-home-directory-migration for more information.
-            '';
-          }
-        ]
+          Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-ldap-home-directory-migration for more information.
+        '';
+      }
+    ]
     ++ [
       {
         assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 3;

mail-server/dovecot.nix

@@ -50,7 +50,7 @@ let
       }) attrs
     );
 
-  maildirLayoutAppendix = lib.optionalString cfg.useFsLayout ":LAYOUT=fs";
+  maildirLayoutAppendix = lib.optionalString (cfg.storage.directoryLayout == "fs") ":LAYOUT=fs";
   maildirUTF8FolderNames = lib.optionalString cfg.useUTF8FolderNames ":UTF-8";
 
   # https://doc.dovecot.org/2.3/configuration_manual/home_directories_for_virtual_users/#ways-to-set-up-home-directory
@@ -79,7 +79,7 @@ let
       scope = ${mkLdapSearchScope cfg.ldap.scope}
       user_attrs = \
         ${ldapUuidAttribute}=${ldapUuidAttribute}, \
-        =home=${cfg.mailDirectory}/ldap/%{ldap:${ldapUuidAttribute}}, \
+        =home=${cfg.storage.path}/ldap/%{ldap:${ldapUuidAttribute}}, \
         =mail=maildir:~/mail${maildirLayoutAppendix}${maildirUTF8FolderNames}${
           lib.optionalString (cfg.indexDir != null) ":INDEX=${cfg.indexDir}/ldap/%{ldap:${ldapUuidAttribute}}"
         }
@@ -228,8 +228,8 @@ in
       enablePop3 = cfg.enablePop3 || cfg.enablePop3Ssl;
       enablePAM = false;
       enableQuota = true;
-      mailGroup = cfg.vmailGroupName;
-      mailUser = cfg.vmailUserName;
+      mailGroup = cfg.storage.group;
+      mailUser = cfg.storage.owner;
       mailLocation = dovecotMaildir;
       sslServerCert = x509CertificateFile;
       sslServerKey = x509PrivateKeyFile;
@@ -371,7 +371,7 @@ in
           mail_max_userip_connections = ${toString cfg.maxConnectionsPerUser}
         }
 
-        mail_access_groups = ${cfg.vmailGroupName}
+        mail_access_groups = ${cfg.storage.group}
 
         # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.21&config=intermediate&openssl=3.4.1&guideline=5.7
         ssl = required
@@ -431,9 +431,9 @@ in
           driver = passwd-file
           args = ${userdbFile}
           default_fields = \
-            home=${cfg.mailDirectory}/%{domain}/%{username} \
-            uid=${builtins.toString cfg.vmailUID} \
-            gid=${builtins.toString cfg.vmailUID}
+            home=${cfg.storage.path}/%{domain}/%{username} \
+            uid=${builtins.toString cfg.storage.uid} \
+            gid=${builtins.toString cfg.storage.uid}
         }
 
         ${lib.optionalString cfg.ldap.enable ''
@@ -446,8 +446,8 @@ in
             driver = ldap
             args = ${ldapConfFile}
             override_fields = \
-              uid=${toString cfg.vmailUID} \
-              gid=${toString cfg.vmailUID}
+              uid=${toString cfg.storage.uid} \
+              gid=${toString cfg.storage.uid}
           }
         ''}
 

mail-server/rsnapshot.nix

@@ -61,7 +61,7 @@ in
         retain	hourly	${toString cfg.backup.retain.hourly}
         retain	daily	${toString cfg.backup.retain.daily}
         retain	weekly	${toString cfg.backup.retain.weekly}
-        backup	${cfg.mailDirectory}/	localhost/
+        backup	${cfg.storage.path}/	localhost/
       '';
     };
   };

mail-server/systemd.nix

@@ -46,7 +46,7 @@ in
       preStart =
         let
           directories = lib.strings.escapeShellArgs (
-            [ cfg.mailDirectory ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
+            [ cfg.storage.path ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
           );
         in
         ''
@@ -55,7 +55,7 @@ in
           # Prevent world-readable paths, even temporarily.
           umask 007
           mkdir -p ${directories}
-          chgrp "${cfg.vmailGroupName}" ${directories}
+          chgrp "${cfg.storage.group}" ${directories}
           chmod 02770 ${directories}
         '';
     };

mail-server/users.nix

@@ -34,15 +34,6 @@ with (import ./common.nix {
 let
   cfg = config.mailserver;
 
-  vmail_user = {
-    name = cfg.vmailUserName;
-    isSystemUser = true;
-    uid = cfg.vmailUID;
-    home = cfg.mailDirectory;
-    createHome = true;
-    group = cfg.vmailGroupName;
-  };
-
   virtualMailUsersActivationScript =
     pkgs.writeScript "activate-virtual-mail-users"
       # bash
@@ -57,7 +48,7 @@ let
         # Create directory to store user sieve scripts if it doesn't exist
         if (! test -d "${cfg.sieveDirectory}"); then
           mkdir "${cfg.sieveDirectory}"
-          chown "${cfg.vmailUserName}:${cfg.vmailGroupName}" "${cfg.sieveDirectory}"
+          chown "${cfg.storage.owner}:${cfg.storage.group}" "${cfg.sieveDirectory}"
           chmod 770 "${cfg.sieveDirectory}"
         fi
 
@@ -69,13 +60,13 @@ let
             ''
               if (! test -d "${cfg.sieveDirectory}/${name}"); then
                 mkdir -p "${cfg.sieveDirectory}/${name}"
-                chown "${cfg.vmailUserName}:${cfg.vmailGroupName}" "${cfg.sieveDirectory}/${name}"
+                chown "${cfg.storage.owner}:${cfg.storage.group}" "${cfg.sieveDirectory}/${name}"
                 chmod 770 "${cfg.sieveDirectory}/${name}"
               fi
               cat << 'EOF' > "${cfg.sieveDirectory}/${name}/default.sieve"
               ${sieveScript}
               EOF
-              chown "${cfg.vmailUserName}:${cfg.vmailGroupName}" "${cfg.sieveDirectory}/${name}/default.sieve"
+              chown "${cfg.storage.owner}:${cfg.storage.group}" "${cfg.sieveDirectory}/${name}/default.sieve"
             ''
           else
             ''
@@ -113,16 +104,18 @@ in
           )
         );
 
-    # set the vmail gid to a specific value
-    users.groups = {
-      "${cfg.vmailGroupName}" = {
-        gid = cfg.vmailUID;
-      };
+    users.groups.${cfg.storage.group} = {
+      inherit (cfg.storage) gid;
     };
-
-    # define all users
-    users.users = {
-      "${vmail_user.name}" = lib.mkForce vmail_user;
+    users.users.${cfg.storage.owner} = lib.mkForce {
+      inherit (cfg.storage)
+        group
+        uid
+        ;
+      name = cfg.storage.owner;
+      isSystemUser = true;
+      home = cfg.storage.path;
+      createHome = true;
     };
 
     systemd.services.activate-virtual-mail-users = {