# nixos-mailserver: a simple mail server
# Copyright (C) 2016-2018 Robin Raymond
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
{
config,
options,
pkgs,
lib,
...
}:
with (import ./common.nix {
inherit
config
options
lib
pkgs
;
});
let
cfg = config.mailserver;
certificateDeps = lib.optionals withACME [
"acme-order-renew-${cfg.x509.useACMEHost}.service"
];
in
{
config = lib.mkIf cfg.enable {
systemd.services.dovecot = {
wants = certificateDeps;
after = certificateDeps;
preStart =
let
directories = lib.strings.escapeShellArgs (
[ cfg.storage.path ] ++ lib.optional (cfg.indexDir != null) cfg.indexDir
);
in
''
# Create mail directory and set permissions. See
# .
# Prevent world-readable paths, even temporarily.
umask 007
mkdir -p ${directories}
chgrp "${cfg.storage.group}" ${directories}
chmod 02770 ${directories}
'';
};
# Postfix requires dovecot lmtp socket, dovecot auth socket and certificate to work
systemd.services.postfix = {
wants = certificateDeps;
after = [
"dovecot.service"
]
++ lib.optional cfg.dkim.enable "rspamd.service"
++ certificateDeps;
requires = [ "dovecot.service" ] ++ lib.optional cfg.dkim.enable "rspamd.service";
};
};
}