Workaround for a new bug in dovecot.
This should allow postfixadmin to work again. The bug is described on the Dovecot ML: https://dovecot.org/pipermail/dovecot/2020-August/119642.html
This commit is contained in:
parent
5ba4461803
commit
706b74e27f
29
dovecot.nix
29
dovecot.nix
|
@ -7,18 +7,28 @@ let
|
||||||
password_query = SELECT username AS user, password FROM mailbox WHERE username = '%Lu' AND active='1'
|
password_query = SELECT username AS user, password FROM mailbox WHERE username = '%Lu' AND active='1'
|
||||||
user_query = SELECT username AS user FROM mailbox WHERE username = '%Lu' AND active='1'
|
user_query = SELECT username AS user FROM mailbox WHERE username = '%Lu' AND active='1'
|
||||||
'';
|
'';
|
||||||
dovecotConf = pkgs.writeText "dovecot.conf" ''
|
dovecotConfSSL = pkgs.writeText "dovecot.conf" ''
|
||||||
sendmail_path = /run/wrappers/bin/sendmail
|
|
||||||
default_internal_user = dovecot2
|
|
||||||
default_internal_group = dovecot2
|
|
||||||
protocols = imap lmtp pop3 sieve
|
|
||||||
|
|
||||||
${lib.optionalString (config.variables.useSSL) ''
|
${lib.optionalString (config.variables.useSSL) ''
|
||||||
ssl = yes
|
ssl = yes
|
||||||
ssl_cert = </var/lib/acme/dovecot2.${config.variables.myFQDN}/fullchain.pem
|
ssl_cert = </var/lib/acme/dovecot2.${config.variables.myFQDN}/fullchain.pem
|
||||||
ssl_key = </var/lib/acme/dovecot2.${config.variables.myFQDN}/key.pem
|
ssl_key = </var/lib/acme/dovecot2.${config.variables.myFQDN}/key.pem
|
||||||
''
|
''
|
||||||
}
|
}
|
||||||
|
'';
|
||||||
|
dovecotConf = pkgs.writeText "dovecot.conf" ''
|
||||||
|
sendmail_path = /run/wrappers/bin/sendmail
|
||||||
|
default_internal_user = dovecot2
|
||||||
|
default_internal_group = dovecot2
|
||||||
|
protocols = imap lmtp pop3 sieve
|
||||||
|
|
||||||
|
# commented out due to a dovecot but in the most recent release
|
||||||
|
#$ {lib.optionalString (config.variables.useSSL) '#'
|
||||||
|
# ssl = yes
|
||||||
|
# ssl_cert = </var/lib/acme/dovecot2.${config.variables.myFQDN}/fullchain.pem
|
||||||
|
# ssl_key = </var/lib/acme/dovecot2.${config.variables.myFQDN}/key.pem
|
||||||
|
# '#'
|
||||||
|
#}
|
||||||
|
!include_try /var/lib/dovecot/ssl-keys.conf
|
||||||
|
|
||||||
disable_plaintext_auth = yes
|
disable_plaintext_auth = yes
|
||||||
auth_mechanisms = plain login
|
auth_mechanisms = plain login
|
||||||
|
@ -118,7 +128,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# Make sure at least the self-signed certs are available before trying to start postfix
|
# Make sure at least the self-signed certs are available before trying to start postfix
|
||||||
systemd.services.dovecot2.after = lib.mkIf config.variables.useSSL [ "acme-selfsigned-certificates.target" ];
|
systemd.services.dovecot2.after = [ (lib.mkIf config.variables.useSSL "acme-selfsigned-certificates.target") "vmail-setup.service" ];
|
||||||
# Setup dovecot
|
# Setup dovecot
|
||||||
networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
|
networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
|
||||||
services.dovecot2 = {
|
services.dovecot2 = {
|
||||||
|
@ -133,6 +143,11 @@ in
|
||||||
mkdir -p ${config.variables.vmailBaseDir}
|
mkdir -p ${config.variables.vmailBaseDir}
|
||||||
chown -c ${config.variables.vmailUser}:${config.variables.vmailGroup} ${config.variables.vmailBaseDir}
|
chown -c ${config.variables.vmailUser}:${config.variables.vmailGroup} ${config.variables.vmailBaseDir}
|
||||||
chmod -c 0700 ${config.variables.vmailBaseDir}
|
chmod -c 0700 ${config.variables.vmailBaseDir}
|
||||||
|
# SSL workaround for dovecot...
|
||||||
|
mkdir -p /var/lib/dovecot
|
||||||
|
cat ${dovecotConfSSL} > /var/lib/dovecot/ssl-keys.conf
|
||||||
|
chown root:root /var/lib/dovecot/ssl-keys.conf
|
||||||
|
chmod 400 /var/lib/dovecot/ssl-keys.conf
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue