mailsystem: Add minimal dovecot configuration

mailsystem/default.nix

@@ -37,9 +37,56 @@
       default = "/var/vmail";
       description = "Storage location for all mail.";
     };
+
+    accounts = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
+        options = {
+          name = lib.mkOption {
+            type = lib.types.str;
+            example = "user1@example.com";
+            description = "Username";
+          };
+
+          hashedPasswordFile = lib.mkOption {
+            type = with lib.types; nullOr str;
+            default = null;
+            example = "/run/secrets/user1-passwordhash";
+            description = ''
+              A file containing the user's hashed password. Use `mkpasswd` as follows
+
+              ```
+              nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+              ```
+            '';
+          };
+
+          isSystemUser = lib.mkOption {
+            type = lib.types.bool;
+            default = false;
+            description = ''
+              System users are not allowed to change their password and are
+              cannot receive any mails (-> send-only). Mails sent to such an
+              account will be rejected.
+            '';
+          };
+        };
+        config.name = lib.mkDefault name;
+      }));
+      example = {
+        user1 = {
+          hashedPassword = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";
+        };
+        user2 = {
+          hashedPassword = "$6$oE0ZNv2n7Vk9gOf$9xcZWCCLGdMflIfuA0vR1Q1Xblw6RZqPrP94mEit2/81/7AKj2bqUai5yPyWE.QYPyv6wLMHZvjw3Rlg7yTCD/";
+        };
+      };
+      description = "All available login account for the mailsystem.";
+      default = {};
+    };
   };
 
   imports = [
+    ./dovecot.nix
     ./nginx.nix
     ./user.nix
   ];