sieve: move cfg.sieveDirectory into home directory of virtual users

2026-04-12 04:07:05 +02:00
parent 260f38128e
commit e4aa2d1517
4 changed files with 7 additions and 44 deletions
@@ -1056,14 +1056,6 @@ in
      '';
    };

-    sieveDirectory = mkOption {
-      type = types.path;
-      default = "/var/sieve";
-      description = ''
-        Where to store the sieve scripts.
-      '';
-    };
-
    virusScanning = mkOption {
      type = types.bool;
      default = false;
@@ -1795,5 +1787,8 @@ in
    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "autoIndexExclude" ] ''
      Configure `fts_autoindex` on mail directories in `mailserver.mailboxes` instead.
    '')
+    (mkRemovedOptionModule [ "mailserver" "sieveDirectory" ] ''
+      The Sieve directory has been moved into the virtual Dovecot home directory of each user and can longer be configured.
+    '')
  ];
 }
@@ -13,11 +13,6 @@ solution does not preserve the owner of the files don’t forget to ``chown`` th
 to ``virtualMail:virtualMail`` if you copy them back (or whatever you specified
 as :option:`mailserver.storage.owner`, and :option:`mailserver.storage.group`).

-If you enabled ``enableManageSieve`` then you also may want to backup
-``/var/sieve`` or whatever you have specified as ``sieveDirectory``.
-The same considerations regarding file ownership apply as for the
-Maildir.
-
 To backup spam and ham training data, backup ``/var/lib/redis-rspamd``.

 Finally you can (optionally) make a backup of ``/var/dkim`` (or whatever you
@@ -364,8 +364,10 @@ in
          "sieve_script personal" = {
            # managesieve
            type = "personal";
-            active_path = "${cfg.sieveDirectory}/%{user}/active.sieve";
-            path = "${cfg.sieveDirectory}/%{user}/scripts";
+            # Upstream default, but we want to be explicit about it
+            # https://doc.dovecot.org/main/core/plugins/sieve.html#script-storage-type-personal
+            active_path = "~/.dovecot.sieve";
+            path = "~/sieve";
          };

          sieve_extensions = {
@@ -16,32 +16,12 @@

 {
  config,
-  pkgs,
  lib,
  ...
 }:

 let
  cfg = config.mailserver;
-
-  virtualMailUsersActivationScript =
-    pkgs.writeScript "activate-virtual-mail-users"
-      # bash
-      ''
-        #!${pkgs.stdenv.shell}
-
-        set -euo pipefail
-
-        # Prevent world-readable paths, even temporarily.
-        umask 007
-
-        # Create directory to store user sieve scripts if it doesn't exist
-        if (! test -d "${cfg.sieveDirectory}"); then
-          mkdir "${cfg.sieveDirectory}"
-          chown "${cfg.storage.owner}:${cfg.storage.group}" "${cfg.sieveDirectory}"
-          chmod 770 "${cfg.sieveDirectory}"
-        fi
-      '';
 in
 {
  config = lib.mkIf cfg.enable {
@@ -80,14 +60,5 @@ in
      home = cfg.storage.path;
      createHome = true;
    };
-
-    systemd.services.activate-virtual-mail-users = {
-      wantedBy = [ "multi-user.target" ];
-      before = [ "dovecot.service" ];
-      serviceConfig = {
-        ExecStart = virtualMailUsersActivationScript;
-      };
-      enable = true;
-    };
  };
 }