diff --git a/default.nix b/default.nix index d5cb669..4de34f5 100644 --- a/default.nix +++ b/default.nix @@ -184,7 +184,7 @@ in default = true; description = '' Whether to enable imap / pop3. Both variants are only supported in the - (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are + (sane) startTLS configuration. The ports are 110 - Pop3 143 - IMAP @@ -192,12 +192,21 @@ in ''; }; + enableImapSsl = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable IMAPS, setting this option to true will open port 993 + in the firewall. + ''; + }; + enablePop3 = mkOption { type = types.bool; default = false; description = '' - Whether to enable POP3. Both variants are only supported in the - (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are + Whether to enable POP3. Both variants are only supported in the (sane) + startTLS configuration. The ports are 110 - Pop3 143 - IMAP @@ -205,8 +214,14 @@ in ''; }; - # imapSsl = mkOption {} #< TODO - # pop3Ssl = mkOption {} #< TODO + enablePop3Ssl = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable POP3S, setting this option to true will open port 995 + in the firewall. + ''; + }; virusScanning = mkOption { type = types.bool; diff --git a/mail-server/networking.nix b/mail-server/networking.nix index 4a685f5..f9b3336 100644 --- a/mail-server/networking.nix +++ b/mail-server/networking.nix @@ -24,8 +24,10 @@ in networking.firewall = { allowedTCPPorts = [ 25 587 ] - ++ (if enableImap then [ 143 ] else []) - ++ (if enablePop3 then [ 110 ] else []); + ++ lib.optional enableImap 143 + ++ lib.optional enableImapSsl 993 + ++ lib.optional enablePop3 110 + ++ lib.optional enablePop3Ssl 995; }; }; }