Roundcube testing on bekkalokk now working. #14

Merged
oysteikt merged 2 commits from roundcube into main 2023-11-26 05:17:29 +01:00
2 changed files with 73 additions and 24 deletions
Showing only changes of commit 2a1e649eed - Show all commits
hosts/bekkalokk/services/webmail

View File

@ -1,6 +1,15 @@
{ config, values, pkgs, ... }:
{ config, values, pkgs, lib, ... }:
{
imports = [
./roundcube.nix
];
services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = {
forceSSL = true;
enableACME = true;
#locations."/" = lib.mkForce { };
locations."= /" = {
return = "301 https://www.pvv.ntnu.no/mail/";
};
};
}

View File

@ -3,32 +3,72 @@
with lib;
let
cfg = config.services.roundcube;
domain = "roundcube.pvv.ntnu.no";
domain = "webmail2.pvv.ntnu.no";
danio marked this conversation as resolved Outdated
Outdated
Review

webmail is currently a directory of multiple email clients, but the roundcube module in nixos listens on / path on this host so this should probably be a service domain like roundcube.pvv.ntnu.no

We can set up a redirect on webmail.pvv.ntnu.no/roundcube later to keep old links/bookmarks working

Alternatively you could override the nginx config to listen on the subdirectory

`webmail` is currently a directory of multiple email clients, but the roundcube module in nixos listens on `/` path on this host so this should probably be a service domain like `roundcube.pvv.ntnu.no` We can set up a redirect on `webmail.pvv.ntnu.no/roundcube` later to keep old links/bookmarks working Alternatively you could override the nginx config to listen on the subdirectory
in
{
services.roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login plugins.thunderbird_labels plugins.contextmenu plugins.custom_from]);
dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it];
maxAttachmentSize = 20;
# this is the url of the vhost, not necessarily the same as the fqdn of the mailserver
hostName = domain;
enable = true;
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
$config['enable_installer'] = false;
$config['default_host'] = "ssl://imap.pvv.ntnu.no";
$config['default_port'] = 993;
#$config['smtp_server'] = "tls://smtp.pvv.ntnu.no";
#$config['smtp_port'] = 25;
$config['smtp_server'] = "ssl://smtp.pvv.ntnu.no";
$config['smtp_port'] = 465;
# $config['smtp_user'] = "%u@pvv.ntnu.no";
$config['mail_domain'] = "pvv.ntnu.no";
$config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
$config['support_url'] = "";
package = pkgs.roundcube.withPlugins (plugins: with plugins; [
persistent_login
thunderbird_labels
contextmenu
custom_from
]);
dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it ];
Outdated
Review

We are no longer using starttls

We are no longer using starttls
maxAttachmentSize = 20;
hostName = "roundcubeplaceholder.example.com";
extraConfig = ''
$config['enable_installer'] = false;
Outdated
Review

nit: comments should be dropped

nit: comments should be dropped
$config['default_host'] = "ssl://imap.pvv.ntnu.no";
danio marked this conversation as resolved Outdated
Outdated
Review

We have SSL smtp which we should probably use over STARTTLS on 25

We have SSL smtp which we should probably use over STARTTLS on 25

Sure. I only copied our current roundcube config and worked a bit on it to work.

Sure. I only copied our current roundcube config and worked a bit on it to work.
$config['default_port'] = 993;
$config['smtp_server'] = "ssl://smtp.pvv.ntnu.no";
$config['smtp_port'] = 465;
$config['mail_domain'] = "pvv.ntnu.no";
$config['smtp_user'] = "%u";
$config['support_url'] = "";
'';
};
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
danio marked this conversation as resolved Outdated
Outdated
Review

nginx is what listens on these ports, and that is managed somewhere else so this should be removed

nginx is what listens on these ports, and that is managed somewhere else so this should be removed
services.nginx.virtualHosts.${domain} = {
locations."/roundcube" = {
tryFiles = "$uri $uri/ =404";
index = "index.php";
root = pkgs.runCommandLocal "roundcube-dir" { } ''
mkdir -p $out
ln -s ${cfg.package} $out/roundcube
'';
};
extraConfig = ''
location ~ ^/roundcube/(${builtins.concatStringsSep "|" [
# https://wiki.archlinux.org/title/Roundcube
"README"
"INSTALL"
"LICENSE"
"CHANGELOG"
"UPGRADING"
"bin"
"SQL"
".+\\.md"
"\\."
"config"
"temp"
"logs"
]})/? {
deny all;
}
location ~ ^/roundcube/(.+\.php)(/?.*)$ {
fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_index index.php;
fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
}
'';
};
};
}