implement OAuth support

2024-10-31 16:58:53 +01:00 · 2024-10-31 16:58:53 +01:00 · 85c7a13692
parent af7d3bf5da
commit 85c7a13692
2 changed files with 24 additions and 1 deletions
--- a/default.nix
+++ b/default.nix
@ -358,6 +358,21 @@ in
      };
    };

+    oauth = {
+      enable = mkEnableOption "OAuth 2.0 support";
+
+      backendConfigFile = mkOption {
+        type = types.path;
+        default = null;
+        description = ''
+          Path to the dovecot backend configuration file. See
+          https://doc.dovecot.org/2.3/configuration_manual/authentication/oauth2/
+          for more information.
+        '';
+        example = "/var/lib/dovecot/dovecot-oauth2.conf.ext";
+      };
+    };
+
    indexDir = mkOption {
      type = types.nullOr types.str;
      default = null;
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -324,6 +324,14 @@ in
        }
        ''}

+        ${lib.optionalString cfg.oauth.enable ''
+        passdb {
+          driver = oauth2
+          mechanisms = xoauth2 oauthbearer
+          args = ${cfg.oauth.backendConfigFile}
+        }
+        ''}
+
        service auth {
          unix_listener auth {
            mode = 0660
@ -332,7 +340,7 @@ in
          }
        }

-        auth_mechanisms = plain login
+        auth_mechanisms = plain login${lib.optionalString cfg.oauth.enable " oauthbearer xoauth2"}

        namespace inbox {
          separator = ${cfg.hierarchySeparator}