enable dovecot for IMAP

tested and working. still need to enable the submission service.
2022-05-07 02:25:18 +00:00 · 2022-05-07 02:25:18 +00:00 · 93805c6602
commit 93805c6602
parent 07c8ff12a6
3 changed files with 29 additions and 1 deletions
--- a/config/net.nix
+++ b/config/net.nix
@ -5,7 +5,7 @@

  networking.firewall.enable = false;
  # networking.firewall.enable = true;
-  # networking.firewall.allowedTCPPorts = [ 25 80 443 ];
+  # networking.firewall.allowedTCPPorts = [ 25 80 143 443 993 ];
  # # DLNA ports: https://jellyfin.org/docs/general/networking/index.html
  # networking.firewall.allowedUDPPorts = [ 1900 7359 ];

--- a/config/services/nginx.nix
+++ b/config/services/nginx.nix
@ -182,6 +182,12 @@
    };
  };

+  # exists only to manage acme for dovecot
+  services.nginx.virtualHosts."imap.uninsane.org" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+
  security.acme.acceptTerms = true;
  security.acme.email = "acme@uninsane.org";
 }
--- a/config/services/postfix.nix
+++ b/config/services/postfix.nix
@ -50,4 +50,26 @@
    # /run/opendkim/opendkim.sock needs to be rw by postfix
    UMask = lib.mkForce "0011";
  };
+
+  # inspired by https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/
+  services.dovecot2.enable = true;
+  services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem";
+  services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem";
+  services.dovecot2.enablePAM = false;
+  # passwd file looks like /etc/passwd.
+  # use nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd" to generate the password
+  services.dovecot2.extraConfig = ''
+    passdb {
+      driver = passwd-file
+      args = /etc/nixos/secrets/dovecot.passwd
+    }
+    userdb {
+      driver = passwd-file
+      args = /etc/nixos/secrets/dovecot.passwd
+    }
+
+    mail_debug = yes
+    auth_debug = yes
+    # verbose_ssl = yes
+  '';
 }