{ config, pkgs, ... }@all: with all; { sops.secrets = { "nx2site/dovecot" = { owner = "dovecot2"; group = "dovecot2"; mode = "600"; }; }; services.dovecot2 = { enable = true; enablePAM = false; # independen from linux users enableImap = true; enableLmtp = true; extraConfig = '' # force to use full user name plus domain name # for disambiguation auth_username_format = %Lu # Authentication configuration: auth_mechanisms = plain passdb { driver = passwd-file args = ${config.sops.secrets."nx2site/dovecot".path} } # for vitual users: userdb { driver = static # the full e-mail address inside passwd-file is the username (%u) # user@example.com # %d for domain_name %n for user_name args = uid=vmail gid=vmail username_format=%u home=/var/spool/mail/vmail/%d/%n } # for connecting with postfix service lmtp { unix_listener /var/spool/postfix/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } service auth { unix_listener /var/spool/postfix/auth { mode = 0600 user = postfix group = postfix } } ''; createMailUser = true; mailUser = "vmail"; mailGroup = "vmail"; mailLocation = "maildir:~/Maildir"; mailboxes = { # RFC standart All = { auto = "create"; autoexpunge = null; specialUse = "All"; }; Archive = { auto = "create"; autoexpunge = null; specialUse = "Archive"; }; Drafts = { auto = "create"; autoexpunge = null; specialUse = "Drafts"; }; Flagged = { auto = "create"; autoexpunge = null; specialUse = "Flagged"; }; Junk = { auto = "create"; autoexpunge = "60d"; specialUse = "Junk"; }; Sent = { auto = "create"; autoexpunge = null; specialUse = "Sent"; }; Trash = { auto = "create"; autoexpunge = "60d"; specialUse = "Trash"; }; }; sslServerCert = "/var/lib/acme/${hyper.domain}/fullchain.pem"; sslServerKey = "/var/lib/acme/${hyper.domain}/key.pem"; sslCACert = "/var/lib/acme/${hyper.domain}/chain.pem"; }; }