diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix index 7b1ef98..e52787d 100644 --- a/hosts/voyager/configuration.nix +++ b/hosts/voyager/configuration.nix @@ -10,6 +10,7 @@ ./wireguard.nix ./exports.nix + ./services/snappymail.nix #./vms.nix ./services/nginx @@ -25,6 +26,7 @@ ./services/vaultwarden.nix ./services/calibre.nix # ./services/code-server.nix + ]; networking = { @@ -84,6 +86,19 @@ exa ]; + services.snappymail = { + enable = true; + hostname = "mail.home.feal.no"; + }; + services.nginx.virtualHosts."${config.services.snappymail.hostname}" = let + certPath = "/etc/ssl-snakeoil/mail_home_feal_no"; + in { + addSSL = true; + + sslCertificate = "${certPath}.crt"; + sslCertificateKey = "${certPath}.key"; + }; + /* virtualisation.podman = { */ /* enable = true; */ /* dockerCompat = true; # Make `docker` shell alias */ diff --git a/hosts/voyager/services/snappymail.nix b/hosts/voyager/services/snappymail.nix new file mode 100644 index 0000000..a7b266f --- /dev/null +++ b/hosts/voyager/services/snappymail.nix @@ -0,0 +1,108 @@ +{ config, pkgs, lib, ... }: + +let +inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption mkPackageOption generators types; + +cfg = config.services.snappymail; +maxUploadSize = "256M"; +in { + options.services.snappymail = { + enable = mkEnableOption (lib.mdDoc "Snappymail"); + + package = mkOption { + type = types.package; + default = pkgs.snappymail; + defaultText = lib.mdDoc "pkgs.snappymail"; + description = lib.mdDoc "Which snappymail package to use."; + }; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/snappymail"; + description = "State directory for snappymail"; + }; + + hostname = mkOption { + type = types.str; + /* default = null; */ + example = "mail.example.com"; + description = "Enable nginx with this hostname, null disables nginx"; + }; + + user = mkOption { + type = types.str; + default = "snappymail"; + description = lib.mdDoc "System user under which snappymail runs"; + }; + + group = mkOption { + type = types.str; + default = "snappymail"; + description = lib.mdDoc "System group under which snappymail runs"; + }; + }; + + config = mkIf cfg.enable { + users.users = mkIf (cfg.user == "snappymail") { + snappymail = { + description = "Snappymail service"; + group = cfg.group; + home = cfg.dataDir; + useDefaultShell = true; + createHome = true; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "snappymail") { + snappymail = {}; + }; + + services.phpfpm.pools.snappymail = { + user = cfg.user; + group = cfg.group; + phpOptions = generators.toKeyValue {} { + upload_max_filesize = maxUploadSize; + post_max_size = maxUploadSize; + memory_limit = maxUploadSize; + }; + + settings = { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + "pm" = "ondemand"; + "pm.max_children" = 32; + "pm.process_idle_timeout" = "10s"; + "pm.max_requests" = 500; + }; + }; + + services.nginx = mkIf (cfg.hostname != null) { + virtualHosts."${cfg.hostname}" = { + locations."/".extraConfig = '' + index index.php; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + ''; + locations."^~ /data".extraConfig = '' + deny all; + ''; + locations."~ \.php$".extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket}; + ''; + extraConfig = '' + client_max_body_size ${maxUploadSize}; + ''; + + root = if (cfg.package == pkgs.snappymail) then + pkgs.snappymail.override { + dataPath = cfg.dataDir; + } + else cfg.package; + }; + }; + }; +}