autodiscover

modules/nixos/mail-server/autodiscover.nix

@@ -0,0 +1,110 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  mkThunderbirdAutoconfig = domain:
+    pkgs.writeText "autoconfig-${domain}.xml" ''
+      <?xml version="1.0" encoding="UTF-8"?>
+      <clientConfig version="1.1">
+        <emailProvider id="${domain}">
+          <domain>${domain}</domain>
+          <displayName>${domain}</displayName>
+          <displayShortName>${domain}</displayShortName>
+
+          <incomingServer type="imap">
+            <hostname>${config.mailserver.fqdn}</hostname>
+            <port>993</port>
+            <socketType>SSL</socketType>
+            <username>%EMAILADDRESS%</username>
+            <authentication>password-cleartext</authentication>
+          </incomingServer>
+
+          <outgoingServer type="smtp">
+            <hostname>${config.mailserver.fqdn}</hostname>
+            <port>587</port>
+            <socketType>STARTTLS</socketType>
+            <username>%EMAILADDRESS%</username>
+            <authentication>password-cleartext</authentication>
+          </outgoingServer>
+        </emailProvider>
+      </clientConfig>
+    '';
+
+  mkOutlookAutodiscover = domain:
+    pkgs.writeText "autodiscover-${domain}.xml" ''
+      <?xml version="1.0" encoding="utf-8"?>
+      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
+        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
+          <Account>
+            <AccountType>email</AccountType>
+            <Action>settings</Action>
+
+            <Protocol>
+              <Type>IMAP</Type>
+              <Server>${config.mailserver.fqdn}</Server>
+              <Port>993</Port>
+              <LoginName>%EMAILADDRESS%</LoginName>
+              <SSL>on</SSL>
+              <AuthRequired>on</AuthRequired>
+            </Protocol>
+
+            <Protocol>
+              <Type>SMTP</Type>
+              <Server>${config.mailserver.fqdn}</Server>
+              <Port>587</Port>
+              <LoginName>%EMAILADDRESS%</LoginName>
+              <SSL>on</SSL>
+              <Encryption>TLS</Encryption>
+              <AuthRequired>on</AuthRequired>
+              <UsePOPAuth>off</UsePOPAuth>
+            </Protocol>
+          </Account>
+        </Response>
+      </Autodiscover>
+    '';
+
+  mailDiscoveryVirtualHosts =
+    lib.listToAttrs (
+      lib.concatMap (
+        domain:
+        let
+          autoconfigXml = mkThunderbirdAutoconfig domain;
+          autodiscoverXml = mkOutlookAutodiscover domain;
+        in
+        [
+          {
+            name = "autoconfig.${domain}";
+            value = {
+              enableACME = true;
+              forceSSL = true;
+              locations."= /mail/config-v1.1.xml".extraConfig = ''
+                default_type application/xml;
+                alias ${autoconfigXml};
+              '';
+            };
+          }
+          {
+            name = "autodiscover.${domain}";
+            value = {
+              enableACME = true;
+              forceSSL = true;
+              locations."= /autodiscover/autodiscover.xml".extraConfig = ''
+                default_type application/xml;
+                alias ${autodiscoverXml};
+              '';
+            };
+          }
+        ]
+      ) config.mailserver.domains
+    );
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx.virtualHosts = mailDiscoveryVirtualHosts // {
+    ${config.mailserver.fqdn}.enableACME = true;
+  };
+}