diff --git a/hosts/bekkalokk/services/webmail/default.nix b/hosts/bekkalokk/services/webmail/default.nix index b37d061..97bc502 100644 --- a/hosts/bekkalokk/services/webmail/default.nix +++ b/hosts/bekkalokk/services/webmail/default.nix @@ -2,6 +2,7 @@ { imports = [ ./roundcube.nix + ./snappymail.nix ]; services.nginx.virtualHosts."webmail.pvv.ntnu.no" = { @@ -10,9 +11,11 @@ kTLS = true; locations = { "= /".return = "302 https://webmail.pvv.ntnu.no/roundcube"; + "/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube"; "/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube"; - "/rainloop".return = "302 https://webmail.pvv.ntnu.no/roundcube"; + "/rainloop".return = "302 https://snappymail.pvv.ntnu.no/"; + "/snappymail".return = "302 https://snappymail.pvv.ntnu.no/"; }; }; } diff --git a/hosts/bekkalokk/services/webmail/snappymail.nix b/hosts/bekkalokk/services/webmail/snappymail.nix new file mode 100644 index 0000000..3d51f9e --- /dev/null +++ b/hosts/bekkalokk/services/webmail/snappymail.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.services.snappymail; +in { + imports = [ ../../../../modules/snappymail.nix ]; + + services.snappymail = { + enable = true; + hostname = "snappymail.pvv.ntnu.no"; + }; + + services.nginx.virtualHosts.${cfg.hostname} = { + forceSSL = true; + enableACME = true; + kTLS = true; + }; +} + diff --git a/modules/snappymail.nix b/modules/snappymail.nix new file mode 100644 index 0000000..33a8107 --- /dev/null +++ b/modules/snappymail.nix @@ -0,0 +1,103 @@ +{ config, pkgs, lib, ... }: + +let + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption mkPackageOption generators types; + + cfg = config.services.snappymail; + maxUploadSize = "256M"; +in { + options.services.snappymail = { + enable = mkEnableOption "Snappymail"; + + package = mkPackageOption pkgs "snappymail" { }; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/snappymail"; + description = "State directory for snappymail"; + }; + + hostname = mkOption { + type = types.nullOr types.str; + default = null; + example = "mail.example.com"; + description = "Enable nginx with this hostname, null disables nginx"; + }; + + user = mkOption { + type = types.str; + default = "snappymail"; + description = "System user under which snappymail runs"; + }; + + group = mkOption { + type = types.str; + default = "snappymail"; + description = "System group under which snappymail runs"; + }; + }; + + config = mkIf cfg.enable { + users.users = mkIf (cfg.user == "snappymail") { + snappymail = { + description = "Snappymail service"; + group = cfg.group; + home = cfg.dataDir; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "snappymail") { + snappymail = {}; + }; + + services.phpfpm.pools.snappymail = { + user = cfg.user; + group = cfg.group; + phpOptions = generators.toKeyValue {} { + upload_max_filesize = maxUploadSize; + post_max_size = maxUploadSize; + memory_limit = maxUploadSize; + }; + + settings = { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + "pm" = "ondemand"; + "pm.max_children" = 32; + "pm.process_idle_timeout" = "10s"; + "pm.max_requests" = 500; + }; + }; + + services.nginx = mkIf (cfg.hostname != null) { + virtualHosts."${cfg.hostname}" = { + locations."/".extraConfig = '' + index index.php; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + ''; + locations."^~ /data".extraConfig = '' + deny all; + ''; + locations."~ \\.php$".extraConfig = '' + include ${config.services.nginx.package}/conf/fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket}; + ''; + extraConfig = '' + client_max_body_size ${maxUploadSize}; + ''; + + root = if (cfg.package == pkgs.snappymail) then + pkgs.snappymail.override { + dataPath = cfg.dataDir; + } + else cfg.package; + }; + }; + }; +} +