feat: add webmail to webhost

2025-09-08 17:12:53 +02:00
parent b3a71cb9bc
commit eb40b7ff06
2 changed files with 79 additions and 0 deletions
--- a/hosts/web-arm/configuration.nix
+++ b/hosts/web-arm/configuration.nix
@@ -35,6 +35,7 @@
    ./sites/autoconfig.cloonar.com.nix
    ./sites/feeds.cloonar.com.nix
    ./sites/webmail.cloonar.com.nix
    ./sites/vcard.cloonar.dev.nix
    ./sites/vcard.cloonar.com.nix
--- a/hosts/web-arm/sites/webmail.cloonar.com.nix
+++ b/hosts/web-arm/sites/webmail.cloonar.com.nix
@@ -0,0 +1,78 @@
 { config, pkgs, lib, ... }:
 let
  domain = config.networking.domain;
  roundcubeRoot = "${config.services.roundcube.package}/public_html";
  # PHP-FPM socket created by the roundcube module (pool named "roundcube"):
  fpmSocket = config.services.phpfpm.pools.roundcube.socket;
 in
 {
  # DB for Roundcube (PostgreSQL shown; MariaDB works too)
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "roundcube" ];
    ensureUsers = [
      { name = "roundcube"; ensureDBOwnership = true; }
    ];
  };
  services.roundcube = {
    enable = true;
    configureNginx = false;        # <-- you’ll provide your own vhost
    plugins = [ "managesieve" "archive" "zipdownload" ];
    database = {
      host = "localhost";
      dbname = "roundcube";
      username = "roundcube";
    };
    extraConfig = ''
      // IMAP & SMTP
      $config['imap_host'] = 'ssl://imap.${domain}:993';
      $config['smtp_host'] = 'tls://mail.${domain}:587';
      $config['smtp_user'] = '%u';
      $config['smtp_pass'] = '%p';
      // ManageSieve (filters + vacation)
      $config['managesieve_host'] = 'tls://imap.${domain}:4190';
    '';
  };
  services.nginx = {
    enable = true;
    virtualHosts."webmail.${domain}" = {
      forceSSL = true;
      enableACME = true;
      root = roundcubeRoot;
      extraConfig = ''
        client_max_body_size 50m;
      '';
      locations = {
        # Serve static assets directly
        "~* ^/(favicon\\.ico|robots\\.txt|browserconfig\\.xml)$".tryFiles = "$uri =404";
        "~* ^/(assets|installer|public|skins|plugins)/" = {
          tryFiles = "$uri =404";
        };
        # PHP entry points
        "~ \\.php$" = {
          extraConfig = ''
            include ${pkgs.nginx}/conf/fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTPS on;
            fastcgi_pass unix:${fpmSocket};
            fastcgi_buffers 16 16k;
            fastcgi_buffer_size 32k;
          '';
        };
        # Default: let Roundcube handle routing
        "/" = {
          tryFiles = "$uri /index.php?$query_string";
        };
      };
    };
  };
 }