diff --git a/hosts/bekkalokk/services/webmail/default.nix b/hosts/bekkalokk/services/webmail/default.nix index 32b178e..e61ad00 100644 --- a/hosts/bekkalokk/services/webmail/default.nix +++ b/hosts/bekkalokk/services/webmail/default.nix @@ -1,6 +1,15 @@ -{ config, values, pkgs, ... }: +{ config, values, pkgs, lib, ... }: { imports = [ ./roundcube.nix ]; + + services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = { + forceSSL = true; + enableACME = true; + #locations."/" = lib.mkForce { }; + locations."= /" = { + return = "301 https://www.pvv.ntnu.no/mail/"; + }; + }; } diff --git a/hosts/bekkalokk/services/webmail/roundcube.nix b/hosts/bekkalokk/services/webmail/roundcube.nix index bedf84f..c47caae 100644 --- a/hosts/bekkalokk/services/webmail/roundcube.nix +++ b/hosts/bekkalokk/services/webmail/roundcube.nix @@ -3,32 +3,72 @@ with lib; let cfg = config.services.roundcube; - domain = "roundcube.pvv.ntnu.no"; + domain = "webmail2.pvv.ntnu.no"; in { services.roundcube = { - enable = true; - package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login plugins.thunderbird_labels plugins.contextmenu plugins.custom_from]); - dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it]; - maxAttachmentSize = 20; - # this is the url of the vhost, not necessarily the same as the fqdn of the mailserver - hostName = domain; + enable = true; - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['enable_installer'] = false; - $config['default_host'] = "ssl://imap.pvv.ntnu.no"; - $config['default_port'] = 993; - #$config['smtp_server'] = "tls://smtp.pvv.ntnu.no"; - #$config['smtp_port'] = 25; - $config['smtp_server'] = "ssl://smtp.pvv.ntnu.no"; - $config['smtp_port'] = 465; - # $config['smtp_user'] = "%u@pvv.ntnu.no"; - $config['mail_domain'] = "pvv.ntnu.no"; - $config['smtp_user'] = "%u"; - # $config['smtp_pass'] = "%p"; - $config['support_url'] = ""; + package = pkgs.roundcube.withPlugins (plugins: with plugins; [ + persistent_login + thunderbird_labels + contextmenu + custom_from + ]); + + dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it ]; + maxAttachmentSize = 20; + hostName = "roundcubeplaceholder.example.com"; + + extraConfig = '' + $config['enable_installer'] = false; + $config['default_host'] = "ssl://imap.pvv.ntnu.no"; + $config['default_port'] = 993; + $config['smtp_server'] = "ssl://smtp.pvv.ntnu.no"; + $config['smtp_port'] = 465; + $config['mail_domain'] = "pvv.ntnu.no"; + $config['smtp_user'] = "%u"; + $config['support_url'] = ""; + ''; + }; + + services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { }; + + services.nginx.virtualHosts.${domain} = { + locations."/roundcube" = { + tryFiles = "$uri $uri/ =404"; + index = "index.php"; + root = pkgs.runCommandLocal "roundcube-dir" { } '' + mkdir -p $out + ln -s ${cfg.package} $out/roundcube ''; - }; + extraConfig = '' + location ~ ^/roundcube/(${builtins.concatStringsSep "|" [ + # https://wiki.archlinux.org/title/Roundcube + "README" + "INSTALL" + "LICENSE" + "CHANGELOG" + "UPGRADING" + "bin" + "SQL" + ".+\\.md" + "\\." + "config" + "temp" + "logs" + ]})/? { + deny all; + } + + location ~ ^/roundcube/(.+\.php)(/?.*)$ { + fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$; + include ${config.services.nginx.package}/conf/fastcgi_params; + include ${config.services.nginx.package}/conf/fastcgi.conf; + fastcgi_index index.php; + fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket}; + } + ''; + }; + }; }