diff options
Diffstat (limited to 'container.scm')
-rw-r--r-- | container.scm | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/container.scm b/container.scm index 046a8c1..a2f3cb6 100644 --- a/container.scm +++ b/container.scm @@ -560,6 +560,55 @@ exim_path = /run/setuid-programs/exim ("koszko" "urz") ("my-contribution-is-licensed-cc0" "urz")))) +(define koszko-dovecot-service-type + (service-type + (inherit dovecot-service-type) + (extensions (filter-map + (lambda (ext) + (cond + ((extension-of-type? ext account-service-type) + ;; Avoid double declaration of "dovecot" and "dovenull" + ;; users and groups. + #f) + (else + ext))) + (service-type-extensions dovecot-service-type))))) + +(define %koszko-dovecot-service + (service koszko-dovecot-service-type + (dovecot-configuration + (services (list (service-configuration + (kind "imap-login") + (listeners (list (inet-listener-configuration + (protocol "imaps") + (port 993) + (ssl? #t)))) + ;; '1' is more secure than '0' because each + ;; connection is handled in a separate process. + (service-count 1)) + (service-configuration + (kind "imap")) + (service-configuration + (kind "auth") + (listeners (list (unix-listener-configuration + (path "auth-userdb")))) + ;; Dovecot requires process-limit to be 1 here. + (service-count 0) + (process-limit 1)))) + (ssl-cert "</etc/letsencrypt/live/guixbot_koszko.org/fullchain.pem") + (ssl-key "</etc/letsencrypt/live/guixbot_koszko.org/privkey.pem") + (auth-mechanisms '("plain" "login")) + (passdbs (list (passdb-configuration + (driver "passwd-file") + (args '("scheme=CRYPT" + "username_format=%u" + "/etc/dovecot/users"))))) + (userdbs (list (userdb-configuration + (driver "passwd-file") + (args '("username_format=%u" + "/etc/dovecot/users"))))) + (mail-location "maildir:~/Maildir")))) + (operating-system (host-name "koszko") (timezone "Europe/Warsaw") @@ -572,6 +621,14 @@ exim_path = /run/setuid-programs/exim (id 113) (system? #t)) (user-group + (name "dovecot") + (id 115) + (system? #t)) + (user-group + (name "dovenull") + (id 116) + (system? #t)) + (user-group (name "httpd") (id 133) (system? #t)) @@ -601,6 +658,23 @@ exim_path = /run/setuid-programs/exim (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))) (user-account + (name "dovecot") + (group "dovecot") + (supplementary-groups '("certsaccess")) + (uid 108) + (system? #t) + (comment "Dovecot daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) + (user-account + (name "dovenull") + (group "dovenull") + (uid 109) + (system? #t) + (comment "Dovecot daemon login user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) + (user-account (name "httpd") (group "httpd") (supplementary-groups '("gitolite3" "certsaccess")) @@ -661,4 +735,5 @@ exim_path = /run/setuid-programs/exim %koszko-certbot-service %koszko-exim-service %koszko-mail-aliases-service + %koszko-dovecot-service %base-services))) |