From fe1add7e9d5af880b0f221a99ef81602ced87480 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 21 Jun 2024 14:46:36 +0200 Subject: [PATCH] dovecot fixes --- flake.lock | 56 +++++++++++++--------- flake.nix | 2 +- modules/forgejo/default.nix | 18 ++++---- modules/mail/dovecot2.nix | 92 +++++++++++++++---------------------- 4 files changed, 83 insertions(+), 85 deletions(-) diff --git a/flake.lock b/flake.lock index 9c34947..5f88adf 100644 --- a/flake.lock +++ b/flake.lock @@ -3,9 +3,7 @@ "course-management": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -145,11 +143,11 @@ ] }, "locked": { - "lastModified": 1716170277, - "narHash": "sha256-fCAiox/TuzWGVaAz16PxrR4Jtf9lN5dwWL2W74DS0yI=", + "lastModified": 1718507237, + "narHash": "sha256-xBEWCxWeRpWQggFFp8ugJCDa63cOJsVvx71R9F0Eowg=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e0638db3db43b582512a7de8c0f8363a162842b9", + "rev": "6af2c5e58c20311276f59d247341cafeebfcb6f4", "type": "github" }, "original": { @@ -160,27 +158,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718208800, - "narHash": "sha256-US1tAChvPxT52RV8GksWZS415tTS7PV42KTc2PNDBmc=", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cc54fb41d13736e92229c21627ea4f22199fee6b", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1716061101, - "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", + "lastModified": 1718478900, + "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", + "rev": "c884223af91820615a6146af1ae1fea25c107005", "type": "github" }, "original": { @@ -192,11 +190,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1718714799, + "narHash": "sha256-FUZpz9rg3gL8NVPKbqU8ei1VkPLsTIfAJ2fdAf5qjak=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e", "type": "github" }, "original": { @@ -207,6 +205,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1718835956, + "narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -271,7 +285,7 @@ "ese-manual": "ese-manual", "kpp": "kpp", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "print-interface": "print-interface", "sops-nix": "sops-nix", @@ -286,11 +300,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1716400300, - "narHash": "sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb+cyGsqOKa4c=", + "lastModified": 1718506969, + "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b549832718b8946e875c016a4785d204fcfc2e53", + "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", "type": "github" }, "original": { @@ -383,7 +397,7 @@ "vscode-server": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1713958148, diff --git a/flake.nix b/flake.nix index 08eba14..729bc82 100755 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ course-management = { url = "github:fsr/course-management"; - inputs.nixpkgs.follows = "nixpkgs"; + # inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index c28f2a5..f815530 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -22,15 +22,15 @@ in services.forgejo = { enable = true; - package = pkgs.forgejo.overrideAttrs (_old: { - patches = [ - # migration fix - (pkgs.fetchpatch { - url = "https://codeberg.org/forgejo/forgejo/commit/ae463c7c559e02975ce5e758d8780def978eebee.patch"; - hash = "sha256-cOXPvkLS0n+ynSBTrmEtumZ2PYBeCZmxPpFktqkw6Fo="; - }) - ]; - }); + # package = pkgs.forgejo.overrideAttrs (_old: { + # # patches = [ + # # # migration fix + # # (pkgs.fetchpatch { + # # url = "https://codeberg.org/forgejo/forgejo/commit/ae463c7c559e02975ce5e758d8780def978eebee.patch"; + # # hash = "sha256-cOXPvkLS0n+ynSBTrmEtumZ2PYBeCZmxPpFktqkw6Fo="; + # # }) + # # ]; + # }); user = gitUser; group = gitUser; lfs.enable = true; diff --git a/modules/mail/dovecot2.nix b/modules/mail/dovecot2.nix index 02a0034..ef3bbcc 100644 --- a/modules/mail/dovecot2.nix +++ b/modules/mail/dovecot2.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: let hostname = "mail.${config.networking.domain}"; dovecot-ldap-args = pkgs.writeText "ldap-args" '' @@ -20,35 +20,6 @@ in 4190 # Managesieve ]; sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user; - environment.etc = { - "dovecot/sieve-pipe/sa-learn-spam.sh" = { - text = '' - #!/bin/sh - ${pkgs.rspamd}/bin/rspamc learn_spam - ''; - mode = "0555"; - }; - "dovecot/sieve-pipe/sa-learn-ham.sh" = { - text = '' - #!/bin/sh - ${pkgs.rspamd}/bin/rspamc learn_ham - ''; - mode = "0555"; - }; - "dovecot/sieve/report-spam.sieve" = { - source = ./report-spam.sieve; - user = "dovecot2"; - group = "dovecot2"; - mode = "0544"; - }; - "dovecot/sieve/report-ham.sieve" = { - source = ./report-ham.sieve; - user = "dovecot2"; - group = "dovecot2"; - mode = "0544"; - }; - }; - services.dovecot2 = { enable = true; enableImap = true; @@ -100,17 +71,45 @@ in # set to satisfy the sieveScripts check, will be overridden by userdb lookups anyways mailUser = "vmail"; mailGroup = "vmail"; - sieve.scripts = { - before = pkgs.writeText "spam.sieve" '' - require "fileinto"; + sieve = { + # just pot something in here to prevent empty strings + extensions = [ "notify" ]; + pipeBins = map lib.getExe [ + (pkgs.writeShellScriptBin "learn-ham.sh" "exec ${pkgs.rspamd}/bin/rspamc learn_ham") + (pkgs.writeShellScriptBin "learn-spam.sh" "exec ${pkgs.rspamd}/bin/rspamc learn_spam") + ]; + plugins = [ + "sieve_imapsieve" + "sieve_extprograms" + ]; + scripts = { + before = pkgs.writeText "spam.sieve" '' + require "fileinto"; - if anyof( - header :contains "x-spam-flag" "yes", - header :contains "X-Spam-Status" "Yes"){ - fileinto "Spam"; - } - ''; + if anyof( + header :contains "x-spam-flag" "yes", + header :contains "X-Spam-Status" "Yes"){ + fileinto "Spam"; + } + ''; + }; }; + imapsieve.mailbox = [ + { + # Spam: From elsewhere to Spam folder or flag changed in Spam folder + name = "Spam"; + causes = [ "COPY" "APPEND" "FLAG" ]; + before = ./report-spam.sieve; + + } + { + # From Junk folder to elsewhere + name = "*"; + from = "Spam"; + causes = [ "COPY" ]; + before = ./report-ham.sieve; + } + ]; extraConfig = '' auth_username_format = %Ln passdb { @@ -151,21 +150,6 @@ in plugin { - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_global_extensions = +vnd.dovecot.pipe - sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe - - # Spam: From elsewhere to Spam folder or flag changed in Spam folder - imapsieve_mailbox1_name = Spam - imapsieve_mailbox1_causes = COPY APPEND FLAG - imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve - - # Ham: From Spam folder to elsewhere - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Spam - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve - # https://doc.dovecot.org/configuration_manual/plugins/listescape_plugin/ listescape_char = "\\" }