diff options
author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-08-28 17:21:20 +0200 |
---|---|---|
committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-09-11 11:50:29 +0200 |
commit | 22a1808a77b91537d05dcd7cd43657a32acf546f (patch) | |
tree | d4c4224008adc486d3f2804d452ec2282664e7d4 | |
parent | cfd138216dc17093bb3744595b0d79b6f6bba765 (diff) |
refactor(id1000): implement dovecot in user module
-rw-r--r-- | systems/ayase.scm | 6 | ||||
-rw-r--r-- | systems/izumi/izumi.org | 128 | ||||
-rw-r--r-- | systems/izumi/system-configuration.scm | 128 | ||||
-rw-r--r-- | users/id1000.scm | 131 |
4 files changed, 172 insertions, 221 deletions
diff --git a/systems/ayase.scm b/systems/ayase.scm index 85142ea..aef4771 100644 --- a/systems/ayase.scm +++ b/systems/ayase.scm @@ -72,8 +72,6 @@ "-swap" number))) -;;; - ;; #<service> (define home-services (service guix-home-service-type @@ -109,7 +107,9 @@ ;; (list #<service>) (define services (append %distribution-services - (list home-services) + (list ;; (@ (users id1000) + ;; dovecot) + home-services) system-services)) ;; (list #<swap-space>) diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org index 779e899..5048634 100644 --- a/systems/izumi/izumi.org +++ b/systems/izumi/izumi.org @@ -390,92 +390,6 @@ ( method "mofws" ) ( type 'domainkeys ) ) ) ) ) ) ) ) ) - ( define ( wip-imap-service domain ) - ( service dovecot-service-type - ( dovecot-configuration - ( disable-plaintext-auth? #t ) - ( mail-location "maildir:~/Maildir" ) - ( namespaces - ( list - ( namespace-configuration - ( name "inbox" ) - ( inbox? #t ) - ( mailboxes - ( list - ( mailbox-configuration - ( name "Archive" ) - ( auto "subscribe" ) - ( special-use ( list "\\Archive" ) ) ) - ( mailbox-configuration - ( name "Drafts" ) - ( auto "subscribe" ) - ( special-use ( list "\\Drafts" ) ) ) - ( mailbox-configuration - ( name "Junk" ) - ( auto "subscribe" ) - ( special-use ( list "\\Junk" ) ) ) - ( mailbox-configuration - ( name "Sent" ) - ( auto "subscribe" ) - ( special-use ( list "\\Sent" ) ) ) - ( mailbox-configuration - ( name "Trash" ) - ( auto "subscribe" ) - ( special-use ( list "\\Trash" ) ) ) ) ) ) ) ) - ( passdbs - ( list - ( passdb-configuration - ( args ( list "username_format=%n" "/secrets/dovecot" ) ) - ( driver "passwd-file" ) ) ) ) - ( protocols - ( list - ( protocol-configuration ( name "imap" ) ) - ( protocol-configuration ( name "lmtp" ) ) ) ) - ( services - ( list - ( service-configuration - ( kind "lmtp" ) - ( listeners - ( list - ( inet-listener-configuration - ( address "192.168.10.2 127.0.0.1" ) - ( port 24 ) - ( protocol "lmtp" ) ) - ( unix-listener-configuration - ( group "vmail" ) - ( mode "0666" ) - ( path "lmtp" ) - ( user "vmail" ) ) ) ) ) - ( service-configuration - ( kind "imap-login" ) - ( listeners - ( list - ( inet-listener-configuration - ( address "192.168.10.2" ) - ( port 993 ) - ( protocol "imaps" ) - ;; How does the boolean type map to - ;; the three configuration options? - ;; ( ssl? "required" ) - ) ) ) ) ) ) - ( ssl? "required" ) - ( ssl-cert - ( string-append - "</etc/letsencrypt/live/" - domain - "/fullchain.pem" ) ) - ( ssl-key - ( string-append - "</etc/letsencrypt/live/" - domain - "/privkey.pem" ) ) - ( ssl-min-protocol "TLSv1.2" ) - ( userdbs - ( list - ( userdb-configuration - ( args ( list "gid=vmail" "home=/home/vmail/%n" "uid=vmail" ) ) - ( driver "static" ) ) ) ) ) ) ) - ( define ( wip-smtp-service interface domain ) ( service opensmtpd-service-type ( opensmtpd-configuration @@ -484,7 +398,6 @@ ( define* ( wip-mail-services #:key interface domain ) ( list ( wip-dkim-service domain ) - ( wip-imap-service domain ) ( wip-smtp-service interface domain ) ) ) ( operating-system @@ -569,7 +482,8 @@ #:interface "enp1s0" #:domain "marekpasnikowski.pl" ) ( list - (service (service-type (inherit certbot-service-type) + (@ (users id1000) dovecot-service) + (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) @@ -578,24 +492,24 @@ certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) + ( email "marek@marekpasnikowski.pl" ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) @@ -647,7 +561,7 @@ ( gitolite-configuration ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service gnome-desktop-service-type ) ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) (service nginx-service-type* diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm index a031235..8388bf4 100644 --- a/systems/izumi/system-configuration.scm +++ b/systems/izumi/system-configuration.scm @@ -380,92 +380,6 @@ ( method "mofws" ) ( type 'domainkeys ) ) ) ) ) ) ) ) ) -( define ( wip-imap-service domain ) - ( service dovecot-service-type - ( dovecot-configuration - ( disable-plaintext-auth? #t ) - ( mail-location "maildir:~/Maildir" ) - ( namespaces - ( list - ( namespace-configuration - ( name "inbox" ) - ( inbox? #t ) - ( mailboxes - ( list - ( mailbox-configuration - ( name "Archive" ) - ( auto "subscribe" ) - ( special-use ( list "\\Archive" ) ) ) - ( mailbox-configuration - ( name "Drafts" ) - ( auto "subscribe" ) - ( special-use ( list "\\Drafts" ) ) ) - ( mailbox-configuration - ( name "Junk" ) - ( auto "subscribe" ) - ( special-use ( list "\\Junk" ) ) ) - ( mailbox-configuration - ( name "Sent" ) - ( auto "subscribe" ) - ( special-use ( list "\\Sent" ) ) ) - ( mailbox-configuration - ( name "Trash" ) - ( auto "subscribe" ) - ( special-use ( list "\\Trash" ) ) ) ) ) ) ) ) - ( passdbs - ( list - ( passdb-configuration - ( args ( list "username_format=%n" "/secrets/dovecot" ) ) - ( driver "passwd-file" ) ) ) ) - ( protocols - ( list - ( protocol-configuration ( name "imap" ) ) - ( protocol-configuration ( name "lmtp" ) ) ) ) - ( services - ( list - ( service-configuration - ( kind "lmtp" ) - ( listeners - ( list - ( inet-listener-configuration - ( address "192.168.10.2 127.0.0.1" ) - ( port 24 ) - ( protocol "lmtp" ) ) - ( unix-listener-configuration - ( group "vmail" ) - ( mode "0666" ) - ( path "lmtp" ) - ( user "vmail" ) ) ) ) ) - ( service-configuration - ( kind "imap-login" ) - ( listeners - ( list - ( inet-listener-configuration - ( address "192.168.10.2" ) - ( port 993 ) - ( protocol "imaps" ) - ;; How does the boolean type map to - ;; the three configuration options? - ;; ( ssl? "required" ) - ) ) ) ) ) ) - ( ssl? "required" ) - ( ssl-cert - ( string-append - "</etc/letsencrypt/live/" - domain - "/fullchain.pem" ) ) - ( ssl-key - ( string-append - "</etc/letsencrypt/live/" - domain - "/privkey.pem" ) ) - ( ssl-min-protocol "TLSv1.2" ) - ( userdbs - ( list - ( userdb-configuration - ( args ( list "gid=vmail" "home=/home/vmail/%n" "uid=vmail" ) ) - ( driver "static" ) ) ) ) ) ) ) - ( define ( wip-smtp-service interface domain ) ( service opensmtpd-service-type ( opensmtpd-configuration @@ -474,7 +388,6 @@ ( define* ( wip-mail-services #:key interface domain ) ( list ( wip-dkim-service domain ) - ( wip-imap-service domain ) ( wip-smtp-service interface domain ) ) ) ( operating-system @@ -559,7 +472,8 @@ #:interface "enp1s0" #:domain "marekpasnikowski.pl" ) ( list - (service (service-type (inherit certbot-service-type) + (@ (users id1000) dovecot-service) + (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) nginx-service-type) @@ -568,24 +482,24 @@ certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) + ( email "marek@marekpasnikowski.pl" ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) @@ -637,7 +551,7 @@ ( gitolite-configuration ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service gnome-desktop-service-type ) ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) (service nginx-service-type* diff --git a/users/id1000.scm b/users/id1000.scm index 1f173cf..3bc7d00 100644 --- a/users/id1000.scm +++ b/users/id1000.scm @@ -31,16 +31,140 @@ ;; %suweren-home-services #:use-module (suweren home)) -;; (list string) +(define dovecot-imap-login-inet-configuration + ((@ (gnu services mail) inet-listener-configuration) + (address "192.168.10.2") + (port 993) + (protocol "imaps"))) + +(define dovecot-lmtp-inet-configuration + ((@ (gnu services mail) inet-listener-configuration) + (address "192.168.10.2 127.0.0.1") + (port 24) + (protocol "lmtp"))) + +(define dovecot-lmtp-unix-configuration + ((@ (gnu services mail) unix-listener-configuration) + (group "vmail") + (mode "0666") + (path "lmtp") + (user "vmail"))) + +(define mailbox-marekpasnikowski-archive + ((@ (gnu services mail) mailbox-configuration) + (name "Archive") + (auto "subscribe") + (special-use (list "\\Archive")))) + +(define mailbox-marekpasnikowski-drafts + ((@ (gnu services mail) mailbox-configuration) + (name "Drafts") + (auto "subscribe") + (special-use (list "\\Drafts")))) + +(define mailbox-marekpasnikowski-junk + ((@ (gnu services mail) mailbox-configuration) + (name "Junk") + (auto "subscribe") + (special-use (list "\\Junk")))) + +(define mailbox-marekpasnikowski-sent + ((@ (gnu services mail) mailbox-configuration) + (name "Sent") + (auto "subscribe") + (special-use (list "\\Sent")))) + +(define mailbox-marekpasnikowski-trash + ((@ (gnu services mail) mailbox-configuration) + (name "Trash") + (auto "subscribe") + (special-use (list "\\Trash")))) + +;;; + +(define dovecot-imap + ((@ (gnu services mail) protocol-configuration) + (name "imap"))) + +(define dovecot-imap-login-configuration + ((@ (gnu services mail) service-configuration) + (kind "imap-login") + (listeners (list dovecot-imap-login-inet-configuration)))) + +(define dovecot-lmtp + ((@ (gnu services mail) protocol-configuration) + (name "lmtp"))) + +(define dovecot-lmtp-configuration + ((@ (gnu services mail) service-configuration) + (kind "lmtp") + (listeners (list dovecot-lmtp-inet-configuration + dovecot-lmtp-unix-configuration)))) + +(define dovecot-passwd-file + ((@ (gnu services mail) passdb-configuration) + (args (list "username_format=%n" + "/secrets/dovecot")) + (driver "passwd-file"))) + +(define dovecot-namespace-marekpasnikowski + ((@ (gnu services mail) namespace-configuration) + (name "inbox") + (inbox? #t) + (mailboxes (list mailbox-marekpasnikowski-archive + mailbox-marekpasnikowski-drafts + mailbox-marekpasnikowski-junk + mailbox-marekpasnikowski-sent + mailbox-marekpasnikowski-trash)))) + +(define dovecot-userdb-static-configuration + ((@ (gnu services mail) userdb-configuration) + (args (list "gid=vmail" + "home=/home/vmail/%n" + "uid=vmail")) + (driver "static"))) + +(define ssl-cert-path + (string-append "</etc/letsencrypt/live/" + "marekpasnikowski.pl" + "/fullchain.pem")) + +(define ssl-key-path + (string-append "</etc/letsencrypt/live/" + "marekpasnikowski.pl" + "/privkey.pem")) + +;;; + +(define dovecot-configuration* + ((@ (gnu services mail) dovecot-configuration) + (disable-plaintext-auth? #t) + (mail-location "maildir:~/Maildir") + (namespaces (list dovecot-namespace-marekpasnikowski)) + (passdbs (list dovecot-passwd-file)) + (protocols (list dovecot-imap + dovecot-lmtp)) + (services (list dovecot-lmtp-configuration + dovecot-imap-login-configuration)) + (ssl? "required") + (ssl-cert ssl-cert-path) + (ssl-key ssl-key-path) + (ssl-min-protocol "TLSv1.2") + (userdbs (list dovecot-userdb-static-configuration)))) + (define groups (list "kvm" "wheel")) -;; string +;;; + +(define-public dovecot-service + (service (@ (gnu services mail) dovecot-service-type) + dovecot-configuration*)) + (define-public uid1000-name "marek") -;; record* user-account (define-public uid1000-account (user-account (name uid1000-name) (group "users") @@ -49,7 +173,6 @@ (comment "Marek Paśnikowski") (home-directory "/home/marek"))) -;; record home-environment (define-public uid1000-home-environment (lambda (host-name*) (let* ((gitconfig-file (local-file "uid1000-gitconfig")) ; TODO modularize |