From 93e2e9395c282ebfff6f35c66e026f78c5a6bdae Mon Sep 17 00:00:00 2001
From: Christian Ulrich <christian@ulrich.earth>
Date: Tue, 5 Nov 2024 23:53:52 +0100
Subject: [PATCH] fix Dovecot's home directory

Dovecot's home directory is a user-specific state
directory, see https://doc.dovecot.org/2.3/configuration_manual/home_directories_for_virtual_users/.

It is recommendated
1. to never configure a userdb to return the same
   home directory for multiple users
2. to store the mailbox under the home directory,
   e.g. home = /var/vmail/domain/user and
   mail = /var/vmail/domain/user/mail

This change implements these recommendations. The
mailboxes are now stored at
<mailDirectory>/<domain>/<user>/mail. Existing
mailboxes are moved automatically to the new
location as part of the ExecStartPre hook of
dovecot's systemd unit.
---
 mail-server/dovecot.nix | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 59ec2bc..b67a1a4 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -33,7 +33,7 @@ let
 
   # maildir in format "/${domain}/${user}"
   dovecotMaildir =
-    "maildir:${cfg.mailDirectory}/%d/%n${maildirLayoutAppendix}${maildirUTF8FolderNames}"
+    "maildir:${cfg.mailDirectory}/%d/%n/mail${maildirLayoutAppendix}${maildirUTF8FolderNames}"
     + (lib.optionalString (cfg.indexDir != null)
        ":INDEX=${cfg.indexDir}/%d/%n"
       );
@@ -87,6 +87,23 @@ let
     '';
   };
 
+  # Move all mailboxes from the old location <mailDirectory>/<domain>/<user>
+  # to the new location <mailDirectory>/<domain>/<user>/mail.
+  moveMailDirsScript = pkgs.writeScript "move-mail-dirs" ''
+    #!${pkgs.stdenv.shell}
+
+    set -euo pipefail
+    shopt -s dotglob extglob
+
+    for mailbox in $(find "${cfg.mailDirectory}" -mindepth 2 -maxdepth 2 -type d); do
+      if [ ! -d "$mailbox/mail" ]; then
+        mkdir "$mailbox/mail"
+        mv "$mailbox"/!(mail) "$mailbox/mail/"
+        chown -R ${cfg.vmailUserName}:${cfg.vmailGroupName} "$mailbox/mail"
+      fi
+    done
+  '';
+
   setPwdInLdapConfFile = appendLdapBindPwd {
     name = "ldap-conf-file";
     file = ldapConfig;
@@ -308,7 +325,7 @@ in
         userdb {
           driver = passwd-file
           args = ${userdbFile}
-          default_fields = uid=${builtins.toString cfg.vmailUID} gid=${builtins.toString cfg.vmailUID} home=${cfg.mailDirectory}
+          default_fields = home=${cfg.mailDirectory}/%d/%n uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
         }
 
         ${lib.optionalString cfg.ldap.enable ''
@@ -320,7 +337,7 @@ in
         userdb {
           driver = ldap
           args = ${ldapConfFile}
-          default_fields = home=/var/vmail/ldap/%u uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
+          default_fields = home=${cfg.mailDirectory}/%d/%n uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
         }
         ''}
 
@@ -374,6 +391,7 @@ in
 
     systemd.services.dovecot2 = {
       preStart = ''
+        ${moveMailDirsScript}
         ${genPasswdScript}
       '' + (lib.optionalString cfg.ldap.enable setPwdInLdapConfFile);
     };