fix Dovecot's home directory

Dovecot's home directory is a user-specific state directory, see https://doc.dovecot.org/2.3/configuration_manual/home_directories_for_virtual_users/. It is recommendated 1. to never configure a userdb to return the same home directory for multiple users 2. to store the mailbox under the home directory, e.g. home = /var/vmail/domain/user and mail = /var/vmail/domain/user/mail This change implements these recommendations. The mailboxes are now stored at <mailDirectory>/<domain>/<user>/mail. Existing mailboxes are moved automatically to the new location as part of the ExecStartPre hook of dovecot's systemd unit.
2024-11-05 23:53:52 +01:00 · 2024-11-05 23:53:52 +01:00 · 93e2e9395c
parent 85c7a13692
commit 93e2e9395c
1 changed files with 21 additions and 3 deletions
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -33,7 +33,7 @@ let
  # maildir in format "/${domain}/${user}"
  dovecotMaildir =
-    "maildir:${cfg.mailDirectory}/%d/%n${maildirLayoutAppendix}${maildirUTF8FolderNames}"
+    "maildir:${cfg.mailDirectory}/%d/%n/mail${maildirLayoutAppendix}${maildirUTF8FolderNames}"
    + (lib.optionalString (cfg.indexDir != null)
       ":INDEX=${cfg.indexDir}/%d/%n"
      );
@ -87,6 +87,23 @@ let
    '';
  };
  # Move all mailboxes from the old location <mailDirectory>/<domain>/<user>
  # to the new location <mailDirectory>/<domain>/<user>/mail.
  moveMailDirsScript = pkgs.writeScript "move-mail-dirs" ''
    #!${pkgs.stdenv.shell}
    set -euo pipefail
    shopt -s dotglob extglob
    for mailbox in $(find "${cfg.mailDirectory}" -mindepth 2 -maxdepth 2 -type d); do
      if [ ! -d "$mailbox/mail" ]; then
        mkdir "$mailbox/mail"
        mv "$mailbox"/!(mail) "$mailbox/mail/"
        chown -R ${cfg.vmailUserName}:${cfg.vmailGroupName} "$mailbox/mail"
      fi
    done
  '';
  setPwdInLdapConfFile = appendLdapBindPwd {
    name = "ldap-conf-file";
    file = ldapConfig;
@ -308,7 +325,7 @@ in
        userdb {
          driver = passwd-file
          args = ${userdbFile}
-          default_fields = uid=${builtins.toString cfg.vmailUID} gid=${builtins.toString cfg.vmailUID} home=${cfg.mailDirectory}
+          default_fields = home=${cfg.mailDirectory}/%d/%n uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
        }
        ${lib.optionalString cfg.ldap.enable ''
@ -320,7 +337,7 @@ in
        userdb {
          driver = ldap
          args = ${ldapConfFile}
-          default_fields = home=/var/vmail/ldap/%u uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
+          default_fields = home=${cfg.mailDirectory}/%d/%n uid=${toString cfg.vmailUID} gid=${toString cfg.vmailUID}
        }
        ''}
@ -374,6 +391,7 @@ in
    systemd.services.dovecot2 = {
      preStart = ''
        ${moveMailDirsScript}
        ${genPasswdScript}
      '' + (lib.optionalString cfg.ldap.enable setPwdInLdapConfFile);
    };