From e43797d3fbe00030f12534ec16e98855956f82d7 Mon Sep 17 00:00:00 2001
From: Love Billenius <lovebillenius@disroot.org>
Date: Tue, 14 Apr 2026 14:44:11 +0200
Subject: [PATCH] autodiscover

---
 modules/nixos/mail-server/autodiscover.nix | 110 +++++++++++++++++++++
 modules/nixos/mail-server/default.nix      |   1 +
 modules/nixos/mail-server/mail.nix         |   4 +-
 3 files changed, 112 insertions(+), 3 deletions(-)
 create mode 100644 modules/nixos/mail-server/autodiscover.nix

diff --git a/modules/nixos/mail-server/autodiscover.nix b/modules/nixos/mail-server/autodiscover.nix
new file mode 100644
index 0000000..26b30d9
--- /dev/null
+++ b/modules/nixos/mail-server/autodiscover.nix
@@ -0,0 +1,110 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  mkThunderbirdAutoconfig = domain:
+    pkgs.writeText "autoconfig-${domain}.xml" ''
+      <?xml version="1.0" encoding="UTF-8"?>
+      <clientConfig version="1.1">
+        <emailProvider id="${domain}">
+          <domain>${domain}</domain>
+          <displayName>${domain}</displayName>
+          <displayShortName>${domain}</displayShortName>
+
+          <incomingServer type="imap">
+            <hostname>${config.mailserver.fqdn}</hostname>
+            <port>993</port>
+            <socketType>SSL</socketType>
+            <username>%EMAILADDRESS%</username>
+            <authentication>password-cleartext</authentication>
+          </incomingServer>
+
+          <outgoingServer type="smtp">
+            <hostname>${config.mailserver.fqdn}</hostname>
+            <port>587</port>
+            <socketType>STARTTLS</socketType>
+            <username>%EMAILADDRESS%</username>
+            <authentication>password-cleartext</authentication>
+          </outgoingServer>
+        </emailProvider>
+      </clientConfig>
+    '';
+
+  mkOutlookAutodiscover = domain:
+    pkgs.writeText "autodiscover-${domain}.xml" ''
+      <?xml version="1.0" encoding="utf-8"?>
+      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
+        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
+          <Account>
+            <AccountType>email</AccountType>
+            <Action>settings</Action>
+
+            <Protocol>
+              <Type>IMAP</Type>
+              <Server>${config.mailserver.fqdn}</Server>
+              <Port>993</Port>
+              <LoginName>%EMAILADDRESS%</LoginName>
+              <SSL>on</SSL>
+              <AuthRequired>on</AuthRequired>
+            </Protocol>
+
+            <Protocol>
+              <Type>SMTP</Type>
+              <Server>${config.mailserver.fqdn}</Server>
+              <Port>587</Port>
+              <LoginName>%EMAILADDRESS%</LoginName>
+              <SSL>on</SSL>
+              <Encryption>TLS</Encryption>
+              <AuthRequired>on</AuthRequired>
+              <UsePOPAuth>off</UsePOPAuth>
+            </Protocol>
+          </Account>
+        </Response>
+      </Autodiscover>
+    '';
+
+  mailDiscoveryVirtualHosts =
+    lib.listToAttrs (
+      lib.concatMap (
+        domain:
+        let
+          autoconfigXml = mkThunderbirdAutoconfig domain;
+          autodiscoverXml = mkOutlookAutodiscover domain;
+        in
+        [
+          {
+            name = "autoconfig.${domain}";
+            value = {
+              enableACME = true;
+              forceSSL = true;
+              locations."= /mail/config-v1.1.xml".extraConfig = ''
+                default_type application/xml;
+                alias ${autoconfigXml};
+              '';
+            };
+          }
+          {
+            name = "autodiscover.${domain}";
+            value = {
+              enableACME = true;
+              forceSSL = true;
+              locations."= /autodiscover/autodiscover.xml".extraConfig = ''
+                default_type application/xml;
+                alias ${autodiscoverXml};
+              '';
+            };
+          }
+        ]
+      ) config.mailserver.domains
+    );
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx.virtualHosts = mailDiscoveryVirtualHosts // {
+    ${config.mailserver.fqdn}.enableACME = true;
+  };
+}
diff --git a/modules/nixos/mail-server/default.nix b/modules/nixos/mail-server/default.nix
index d433a16..b4a6492 100644
--- a/modules/nixos/mail-server/default.nix
+++ b/modules/nixos/mail-server/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./autodiscover.nix
     ./mail.nix
     ./roundcube.nix
   ];
diff --git a/modules/nixos/mail-server/mail.nix b/modules/nixos/mail-server/mail.nix
index 4b75dcc..66c8a0a 100644
--- a/modules/nixos/mail-server/mail.nix
+++ b/modules/nixos/mail-server/mail.nix
@@ -1,11 +1,9 @@
-{ config, ... }:
+{ ... }:
 {
   security.acme = {
     acceptTerms = true;
     defaults.email = "postmaster@billenius.com";
   };
-  networking.firewall.allowedTCPPorts = [ 80 ];
-  services.nginx.virtualHosts.${config.mailserver.fqdn}.enableACME = true;
 
   mailserver = {
     enable = true;