diff options
| author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-08-28 17:21:20 +0200 |
|---|---|---|
| committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2024-09-01 16:27:52 +0200 |
| commit | 2c6a733adaaa5c24c089b94f99fa1b1d59e9b2e2 (patch) | |
| tree | 04ee98c2719f6659ba420096a4cf6e287cf2b5f2 | |
| parent | cfd138216dc17093bb3744595b0d79b6f6bba765 (diff) | |
refactor(id1000): implement dovecot in user module
| -rw-r--r-- | systems/ayase.scm | 6 | ||||
| -rw-r--r-- | systems/izumi/izumi.org | 41 | ||||
| -rw-r--r-- | systems/izumi/system-configuration.scm | 41 | ||||
| -rw-r--r-- | users/id1000.scm | 148 |
4 files changed, 189 insertions, 47 deletions
diff --git a/systems/ayase.scm b/systems/ayase.scm index 85142ea..aef4771 100644 --- a/systems/ayase.scm +++ b/systems/ayase.scm @@ -72,8 +72,6 @@ "-swap" number))) -;;; - ;; #<service> (define home-services (service guix-home-service-type @@ -109,7 +107,9 @@ ;; (list #<service>) (define services (append %distribution-services - (list home-services) + (list ;; (@ (users id1000) + ;; dovecot) + home-services) system-services)) ;; (list #<swap-space>) diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org index 779e899..3fd6542 100644 --- a/systems/izumi/izumi.org +++ b/systems/izumi/izumi.org @@ -484,7 +484,7 @@ ( define* ( wip-mail-services #:key interface domain ) ( list ( wip-dkim-service domain ) - ( wip-imap-service domain ) + ;; ( wip-imap-service domain ) ( wip-smtp-service interface domain ) ) ) ( operating-system @@ -569,6 +569,7 @@ #:interface "enp1s0" #:domain "marekpasnikowski.pl" ) ( list + (@ (users id1000) dovecot-service) (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) @@ -578,24 +579,24 @@ certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) + ( email "marek@marekpasnikowski.pl" ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) @@ -647,7 +648,7 @@ ( gitolite-configuration ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service gnome-desktop-service-type ) ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) (service nginx-service-type* diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm index a031235..ba46806 100644 --- a/systems/izumi/system-configuration.scm +++ b/systems/izumi/system-configuration.scm @@ -474,7 +474,7 @@ ( define* ( wip-mail-services #:key interface domain ) ( list ( wip-dkim-service domain ) - ( wip-imap-service domain ) + ;; ( wip-imap-service domain ) ( wip-smtp-service interface domain ) ) ) ( operating-system @@ -559,6 +559,7 @@ #:interface "enp1s0" #:domain "marekpasnikowski.pl" ) ( list + (@ (users id1000) dovecot-service) (service (service-type (inherit certbot-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) @@ -568,24 +569,24 @@ certbot-nginx-server-configurations)) extension)) (service-type-extensions certbot-service-type)))) - ( certbot-configuration - ( certificates - ( list - ( certificate-configuration - ( deploy-hook - ( program-file - "nginx-deploy-hook" - #~ - ( let - ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) - ( kill pid SIGHUP ) ) ) ) - ( domains - ( list - "marekpasnikowski.pl" - "git.marekpasnikowski.pl" - "radicale.marekpasnikowski.pl" ) ) ) ) ) - ( email "marek@marekpasnikowski.pl" ) - ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) + ( certbot-configuration + ( certificates + ( list + ( certificate-configuration + ( deploy-hook + ( program-file + "nginx-deploy-hook" + #~ + ( let + ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) ) + ( kill pid SIGHUP ) ) ) ) + ( domains + ( list + "marekpasnikowski.pl" + "git.marekpasnikowski.pl" + "radicale.marekpasnikowski.pl" ) ) ) ) ) + ( email "marek@marekpasnikowski.pl" ) + ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) ) (service (service-type (inherit cgit-service-type) (extensions (map (lambda (extension) (if (eq? (service-extension-target extension) @@ -637,7 +638,7 @@ ( gitolite-configuration ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) ) ( admin-pubkey ( plain-file "gitolite-admin.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) ) ( service gnome-desktop-service-type ) ( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) ) (service nginx-service-type* diff --git a/users/id1000.scm b/users/id1000.scm index 1f173cf..c4d0cea 100644 --- a/users/id1000.scm +++ b/users/id1000.scm @@ -31,16 +31,157 @@ ;; %suweren-home-services #:use-module (suweren home)) -;; (list string) +(define dovecot-imap-login-inet-configuration + ((@ (gnu services mail) + inet-listener-configuration) + (address "192.168.10.2") + (port 993) + (protocol "imaps"))) + +(define dovecot-lmtp-inet-configuration + ((@ (gnu services mail) + inet-listener-configuration) + (address "192.168.10.2 127.0.0.1") + (port 24) + (protocol "lmtp"))) + +(define dovecot-lmtp-unix-configuration + ((@ (gnu services mail) + unix-listener-configuration) + (group "vmail") + (mode "0666") + (path "lmtp") + (user "vmail"))) + +(define mailbox-marekpasnikowski-archive + ((@ (gnu services mail) + mailbox-configuration) + (name "Archive") + (auto "subscribe") + (special-use (list "\\Archive")))) + +(define mailbox-marekpasnikowski-drafts + ((@ (gnu services mail) + mailbox-configuration) + (name "Drafts") + (auto "subscribe") + (special-use (list "\\Drafts")))) + +(define mailbox-marekpasnikowski-junk + ((@ (gnu services mail) + mailbox-configuration) + (name "Junk") + (auto "subscribe") + (special-use (list "\\Junk")))) + +(define mailbox-marekpasnikowski-sent + ((@ (gnu services mail) + mailbox-configuration) + (name "Sent") + (auto "subscribe") + (special-use (list "\\Sent")))) + +(define mailbox-marekpasnikowski-trash + ((@ (gnu services mail) + mailbox-configuration) + (name "Trash") + (auto "subscribe") + (special-use (list "\\Trash")))) + +;;; + +(define dovecot-imap + ((@ (gnu services mail) + protocol-configuration) + (name "imap"))) + +(define dovecot-imap-login-configuration + ((@ (gnu services mail) + service-configuration) + (kind "imap-login") + (listeners (list dovecot-imap-login-inet-configuration)))) + +(define dovecot-lmtp + ((@ (gnu services mail) + protocol-configuration) + (name "lmtp"))) + +(define dovecot-lmtp-configuration + ((@ (gnu services mail) + service-configuration) + (kind "lmtp") + (listeners (list dovecot-lmtp-inet-configuration + dovecot-lmtp-unix-configuration)))) + +(define dovecot-passwd-file + ((@ (gnu services mail) + passdb-configuration) + (args (list "username_format=%n" + "/secrets/dovecot")) + (driver "passwd-file"))) + +(define dovecot-namespace-marekpasnikowski + ((@ (gnu services mail) + namespace-configuration) + (name "inbox") + (inbox? #t) + (mailboxes (list mailbox-marekpasnikowski-archive + mailbox-marekpasnikowski-drafts + mailbox-marekpasnikowski-junk + mailbox-marekpasnikowski-sent + mailbox-marekpasnikowski-trash)))) + +(define dovecot-userdb-static-configuration + ((@ (gnu services mail) + userdb-configuration) + (args (list "gid=vmail" + "home=/home/vmail/%n" + "uid=vmail")) + (driver "static"))) + +(define ssl-cert-path + (string-append "</etc/letsencrypt/live/" + "marekpasnikowski.pl" + "/fullchain.pem")) + +(define ssl-key-path + (string-append "</etc/letsencrypt/live/" + "marekpasnikowski.pl" + "privkey.pem")) + +;;; + +(define dovecot-configuration* + ((@ (gnu services mail) + dovecot-configuration) + (disable-plaintext-auth? #t) + (mail-location "maildir:~/Maildir") + (namespaces (list dovecot-namespace-marekpasnikowski)) + (passdbs (list dovecot-passwd-file)) + (protocols (list dovecot-imap + dovecot-lmtp)) + (services (list dovecot-lmtp-configuration + dovecot-imap-login-configuration)) + (ssl? "required") + (ssl-cert ssl-cert-path) + (ssl-key ssl-key-path) + (ssl-min-protocol "TLSv1.2") + (userdbs (list dovecot-userdb-static-configuration)))) + (define groups (list "kvm" "wheel")) -;; string +;;; + +(define-public dovecot-service + (service (@ (gnu services mail) + dovecot-service-type) + dovecot-configuration*)) + (define-public uid1000-name "marek") -;; record* user-account (define-public uid1000-account (user-account (name uid1000-name) (group "users") @@ -49,7 +190,6 @@ (comment "Marek Paśnikowski") (home-directory "/home/marek"))) -;; record home-environment (define-public uid1000-home-environment (lambda (host-name*) (let* ((gitconfig-file (local-file "uid1000-gitconfig")) ; TODO modularize |