From 2c6a733adaaa5c24c089b94f99fa1b1d59e9b2e2 Mon Sep 17 00:00:00 2001
From: Marek Paśnikowski <marek@marekpasnikowski.pl>
Date: Wed, 28 Aug 2024 17:21:20 +0200
Subject: refactor(id1000): implement dovecot in user module

---
 systems/ayase.scm                      |   6 +-
 systems/izumi/izumi.org                |  41 ++++-----
 systems/izumi/system-configuration.scm |  41 ++++-----
 users/id1000.scm                       | 148 ++++++++++++++++++++++++++++++++-
 4 files changed, 189 insertions(+), 47 deletions(-)

diff --git a/systems/ayase.scm b/systems/ayase.scm
index 85142ea..aef4771 100644
--- a/systems/ayase.scm
+++ b/systems/ayase.scm
@@ -72,8 +72,6 @@
 				    "-swap"
 				    number)))
 
-;;;
-
 ;; #<service>
 (define home-services
   (service guix-home-service-type
@@ -109,7 +107,9 @@
 ;; (list #<service>)
 (define services
   (append %distribution-services
-	  (list home-services)
+	  (list ;; (@ (users id1000)
+		;;    dovecot)
+		home-services)
 	  system-services))
 
 ;; (list #<swap-space>)
diff --git a/systems/izumi/izumi.org b/systems/izumi/izumi.org
index 779e899..3fd6542 100644
--- a/systems/izumi/izumi.org
+++ b/systems/izumi/izumi.org
@@ -484,7 +484,7 @@
   ( define* ( wip-mail-services #:key interface domain )
     ( list
       ( wip-dkim-service domain )
-      ( wip-imap-service domain )
+      ;; ( wip-imap-service domain )
       ( wip-smtp-service interface domain ) ) )
 
   ( operating-system
@@ -569,6 +569,7 @@
           #:interface "enp1s0"
           #:domain "marekpasnikowski.pl" )
         ( list
+  	(@ (users id1000) dovecot-service)
           (service (service-type (inherit certbot-service-type)
                                  (extensions (map (lambda (extension)
                                                     (if (eq? (service-extension-target extension)
@@ -578,24 +579,24 @@
                                                                                certbot-nginx-server-configurations))
                                                         extension))
                                                   (service-type-extensions certbot-service-type))))
-            ( certbot-configuration
-              ( certificates
-                ( list
-                  ( certificate-configuration
-                    ( deploy-hook
-                      ( program-file
-                        "nginx-deploy-hook"
-                        #~
-                        ( let
-                            ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) )
-                          ( kill pid SIGHUP ) ) ) )
-                    ( domains
-                      ( list
-                        "marekpasnikowski.pl"
-                        "git.marekpasnikowski.pl"
-                        "radicale.marekpasnikowski.pl" ) ) ) ) )
-              ( email "marek@marekpasnikowski.pl" )
-              ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) )
+  		 ( certbot-configuration
+  		   ( certificates
+  		     ( list
+                         ( certificate-configuration
+  			 ( deploy-hook
+  			   ( program-file
+  			     "nginx-deploy-hook"
+  			     #~
+  			     ( let
+  				 ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) )
+                                 ( kill pid SIGHUP ) ) ) )
+  			 ( domains
+  			   ( list
+  			     "marekpasnikowski.pl"
+  			     "git.marekpasnikowski.pl"
+  			     "radicale.marekpasnikowski.pl" ) ) ) ) )
+  		   ( email "marek@marekpasnikowski.pl" )
+  		   ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) )
           (service (service-type (inherit cgit-service-type)
                                  (extensions (map (lambda (extension)
                                                     (if (eq? (service-extension-target extension)
@@ -647,7 +648,7 @@
             ( gitolite-configuration
               ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) )
               ( admin-pubkey ( plain-file  "gitolite-admin.pub"
-                                           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) )
+                               "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) )
           ( service gnome-desktop-service-type )
   	( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) )
           (service nginx-service-type*
diff --git a/systems/izumi/system-configuration.scm b/systems/izumi/system-configuration.scm
index a031235..ba46806 100644
--- a/systems/izumi/system-configuration.scm
+++ b/systems/izumi/system-configuration.scm
@@ -474,7 +474,7 @@
 ( define* ( wip-mail-services #:key interface domain )
   ( list
     ( wip-dkim-service domain )
-    ( wip-imap-service domain )
+    ;; ( wip-imap-service domain )
     ( wip-smtp-service interface domain ) ) )
 
 ( operating-system
@@ -559,6 +559,7 @@
         #:interface "enp1s0"
         #:domain "marekpasnikowski.pl" )
       ( list
+	(@ (users id1000) dovecot-service)
         (service (service-type (inherit certbot-service-type)
                                (extensions (map (lambda (extension)
                                                   (if (eq? (service-extension-target extension)
@@ -568,24 +569,24 @@
                                                                              certbot-nginx-server-configurations))
                                                       extension))
                                                 (service-type-extensions certbot-service-type))))
-          ( certbot-configuration
-            ( certificates
-              ( list
-                ( certificate-configuration
-                  ( deploy-hook
-                    ( program-file
-                      "nginx-deploy-hook"
-                      #~
-                      ( let
-                          ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) )
-                        ( kill pid SIGHUP ) ) ) )
-                  ( domains
-                    ( list
-                      "marekpasnikowski.pl"
-                      "git.marekpasnikowski.pl"
-                      "radicale.marekpasnikowski.pl" ) ) ) ) )
-            ( email "marek@marekpasnikowski.pl" )
-            ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) )
+		 ( certbot-configuration
+		   ( certificates
+		     ( list
+                       ( certificate-configuration
+			 ( deploy-hook
+			   ( program-file
+			     "nginx-deploy-hook"
+			     #~
+			     ( let
+				 ( ( pid ( call-with-input-file "/var/run/nginx/pid" read ) ) )
+                               ( kill pid SIGHUP ) ) ) )
+			 ( domains
+			   ( list
+			     "marekpasnikowski.pl"
+			     "git.marekpasnikowski.pl"
+			     "radicale.marekpasnikowski.pl" ) ) ) ) )
+		   ( email "marek@marekpasnikowski.pl" )
+		   ( webroot "/srv/www/marek/marekpasnikowski.pl" ) ) )
         (service (service-type (inherit cgit-service-type)
                                (extensions (map (lambda (extension)
                                                   (if (eq? (service-extension-target extension)
@@ -637,7 +638,7 @@
           ( gitolite-configuration
             ( rc-file ( gitolite-rc-file ( umask #o0027 ) ) )
             ( admin-pubkey ( plain-file  "gitolite-admin.pub"
-                                         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) )
+                             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4THTYnHCc/ihCJNKJtGTNu1zCnLndbMHnxnrxzJk+N marek@izumi\n") ) ) )
         ( service gnome-desktop-service-type )
 	( service syncthing-service-type ( syncthing-configuration ( user "marek" ) ) )
         (service nginx-service-type*
diff --git a/users/id1000.scm b/users/id1000.scm
index 1f173cf..c4d0cea 100644
--- a/users/id1000.scm
+++ b/users/id1000.scm
@@ -31,16 +31,157 @@
   ;; %suweren-home-services
   #:use-module (suweren home))
 
-;; (list string)
+(define dovecot-imap-login-inet-configuration
+  ((@ (gnu services mail)
+      inet-listener-configuration)
+   (address "192.168.10.2")
+   (port 993)
+   (protocol "imaps")))
+
+(define dovecot-lmtp-inet-configuration
+  ((@ (gnu services mail)
+      inet-listener-configuration)
+   (address "192.168.10.2 127.0.0.1")
+   (port 24)
+   (protocol "lmtp")))
+
+(define dovecot-lmtp-unix-configuration
+  ((@ (gnu services mail)
+      unix-listener-configuration)
+   (group "vmail")
+   (mode "0666")
+   (path "lmtp")
+   (user "vmail")))
+
+(define mailbox-marekpasnikowski-archive
+  ((@ (gnu services mail)
+      mailbox-configuration)
+   (name "Archive")
+   (auto "subscribe")
+   (special-use (list "\\Archive"))))
+
+(define mailbox-marekpasnikowski-drafts
+  ((@ (gnu services mail)
+      mailbox-configuration)
+   (name "Drafts")
+   (auto "subscribe")
+   (special-use (list "\\Drafts"))))
+
+(define mailbox-marekpasnikowski-junk
+  ((@ (gnu services mail)
+      mailbox-configuration)
+   (name "Junk")
+   (auto "subscribe")
+   (special-use (list "\\Junk"))))
+
+(define mailbox-marekpasnikowski-sent
+  ((@ (gnu services mail)
+      mailbox-configuration)
+   (name "Sent")
+   (auto "subscribe")
+   (special-use (list "\\Sent"))))
+
+(define mailbox-marekpasnikowski-trash
+  ((@ (gnu services mail)
+      mailbox-configuration)
+   (name "Trash")
+   (auto "subscribe")
+   (special-use (list "\\Trash"))))
+
+;;;
+
+(define dovecot-imap
+  ((@ (gnu services mail)
+      protocol-configuration)
+   (name "imap")))
+
+(define dovecot-imap-login-configuration
+  ((@ (gnu services mail)
+      service-configuration)
+   (kind "imap-login")
+   (listeners (list dovecot-imap-login-inet-configuration))))
+
+(define dovecot-lmtp
+  ((@ (gnu services mail)
+      protocol-configuration)
+   (name "lmtp")))
+
+(define dovecot-lmtp-configuration
+  ((@ (gnu services mail)
+      service-configuration)
+   (kind "lmtp")
+   (listeners (list dovecot-lmtp-inet-configuration
+		    dovecot-lmtp-unix-configuration))))
+
+(define dovecot-passwd-file
+  ((@ (gnu services mail)
+      passdb-configuration)
+   (args (list "username_format=%n"
+	       "/secrets/dovecot"))
+   (driver "passwd-file")))
+
+(define dovecot-namespace-marekpasnikowski
+  ((@ (gnu services mail)
+      namespace-configuration)
+   (name "inbox")
+   (inbox? #t)
+   (mailboxes (list mailbox-marekpasnikowski-archive
+		    mailbox-marekpasnikowski-drafts
+		    mailbox-marekpasnikowski-junk
+		    mailbox-marekpasnikowski-sent
+		    mailbox-marekpasnikowski-trash))))
+
+(define dovecot-userdb-static-configuration
+  ((@ (gnu services mail)
+      userdb-configuration)
+   (args (list "gid=vmail"
+	       "home=/home/vmail/%n"
+	       "uid=vmail"))
+   (driver "static")))
+
+(define ssl-cert-path
+  (string-append "</etc/letsencrypt/live/"
+		 "marekpasnikowski.pl"
+		 "/fullchain.pem"))
+
+(define ssl-key-path
+  (string-append "</etc/letsencrypt/live/"
+		 "marekpasnikowski.pl"
+		 "privkey.pem"))
+
+;;;
+
+(define dovecot-configuration*
+  ((@ (gnu services mail)
+      dovecot-configuration)
+   (disable-plaintext-auth? #t)
+   (mail-location "maildir:~/Maildir")
+   (namespaces (list dovecot-namespace-marekpasnikowski))
+   (passdbs (list dovecot-passwd-file))
+   (protocols (list dovecot-imap
+		    dovecot-lmtp))
+   (services (list dovecot-lmtp-configuration
+		   dovecot-imap-login-configuration))
+   (ssl? "required")
+   (ssl-cert ssl-cert-path)
+   (ssl-key ssl-key-path)
+   (ssl-min-protocol "TLSv1.2")
+   (userdbs (list dovecot-userdb-static-configuration))))
+
 (define groups
   (list "kvm"
 	"wheel"))
 
-;; string
+;;;
+
+(define-public dovecot-service
+  (service (@ (gnu services mail)
+	      dovecot-service-type)
+	   dovecot-configuration*))
+
 (define-public uid1000-name
   "marek")
 
-;; record* user-account
 (define-public uid1000-account
   (user-account (name uid1000-name)
 		(group "users")
@@ -49,7 +190,6 @@
 		(comment "Marek Paśnikowski")
 		(home-directory "/home/marek")))
 
-;; record home-environment
 (define-public uid1000-home-environment
   (lambda (host-name*)
     (let* ((gitconfig-file (local-file "uid1000-gitconfig")) ; TODO modularize
-- 
cgit v1.2.3