mailsystem: Use newly added 'mailnix' package to generate postfix/dovecot files

2025-02-23 16:31:02 +01:00 · 2025-02-23 16:31:02 +01:00 · c1b19d6e33
commit c1b19d6e33
parent 955a0ec8ba
9 changed files with 52 additions and 85 deletions
--- a/mailsystem/dovecot.nix
+++ b/mailsystem/dovecot.nix
@ -4,7 +4,7 @@
  pkgs,
  ...
 }:
-with (import ./common.nix {inherit config;}); let
+with (import ./common.nix {inherit config pkgs;}); let
  cfg = config.mailsystem;
  postfixCfg = config.services.postfix;
  dovecot2Cfg = config.services.dovecot2;
@ -39,43 +39,11 @@ with (import ./common.nix {inherit config;}); let
    # Ensure passwd files are not world-readable at any time
    umask 077

-    # Ensure we have a file for every user's (initial) password hash.
-    for f in ${builtins.toString (lib.mapAttrsToList (user: value: value.hashedPasswordFile) cfg.accounts)}; do
-      if [ ! -f "$f" ]; then
-        echo "Expected password hash file $f does not exist!"
-        exit 1
-      fi
-    done
-
    # Prepare static passwd-file for system users
-    cat <<EOF > "${staticPasswdFile}"
-    ${lib.concatStringsSep "\n" (lib.mapAttrsToList genPasswdEntry systemUsers)}
-    EOF
+    ${pkgs.mailnix}/bin/mailnix ${mailnixCfgFile} generate-static-passdb > "${staticPasswdFile}"

-    # Prepare initial passwd-file for dynamic users
-    # (used for lookup during actual passwd-file generation)
-    cat <<EOF > "${initialPasswdFile}"
-    ${lib.concatStringsSep "\n" (lib.mapAttrsToList genPasswdEntry normalUsers)}
-    EOF
-
-    # Check for existence of dynamic passwd-file
-    touch "${dovecotDynamicPasswdFile}"
-    if (! test -f "${dovecotDynamicPasswdFile}"); then
-      echo "${dovecotDynamicPasswdFile} exists and is no regular file"
-      exit 1
-    fi
-    # Ensure that only configured users are actually present and remove any others
-    truncate -s 0 "${dovecotDynamicPasswdFile}-filtered"
-    for u in ${builtins.toString (lib.mapAttrsToList (user: value: value.name) normalUsers)}; do
-      if grep -q "^$u:" "${dovecotDynamicPasswdFile}"; then
-        # User already has some password set -> Keep currently set password
-        grep "^$u:" "${dovecotDynamicPasswdFile}" >> "${dovecotDynamicPasswdFile}-filtered"
-      else
-        # User has no password set, yet -> Take password from initialPasswdFile
-        grep "^$u:" "${initialPasswdFile}" >> "${dovecotDynamicPasswdFile}-filtered"
-      fi
-    done
-    mv "${dovecotDynamicPasswdFile}-filtered" "${dovecotDynamicPasswdFile}"
+    # Prepare/Update passwd-file for dynamic users
+    ${pkgs.mailnix}/bin/mailnix ${mailnixCfgFile} update-dynamic-passdb ${dovecotDynamicPasswdFile} > "${dovecotDynamicPasswdFile}"

    ${lib.optionalString cfg.roundcube.enable ''
      # Ensure roundcube has access to dynamic passwd file
@ -83,12 +51,10 @@ with (import ./common.nix {inherit config;}); let
    ''}

    # Prepare userdb-file
-    cat <<EOF > "${userdbFile}"
-    ${lib.concatStringsSep "\n" (lib.mapAttrsToList genUserdbEntry cfg.accounts)}
-    EOF
+    ${pkgs.mailnix}/bin/mailnix ${mailnixCfgFile} generate-userdb > "${userdbFile}"
  '';

-  genMaildir = pkgs.writeScript "generate-maildir" ''
+  genMaildirScript = pkgs.writeScript "generate-maildir" ''
    #!${pkgs.stdenv.shell}

    # Create mail directory and set permissions accordingly.
@ -295,7 +261,7 @@ in {
    systemd.services.dovecot2 = {
      preStart = ''
        ${genAuthDbsScript}
-        ${genMaildir}
+        ${genMaildirScript}
      '';
      wants = sslCertService;
      after = sslCertService;