nixos/dovecot: add an option to enable mail_plugins

Motivation:
if enableQuota is true, mail plugins cannot be enabled in extraConfig
because of the problem described here:

https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#variable-expansion

doveconf: Warning: /etc/dovecot/dovecot.conf line 8: Global setting
mail_plugins won't change the setting inside an earlier filter at
/etc/dovecot/dovecot.conf line 5 (if this is intentional, avoid this
warning by moving the global setting before /etc/dovecot/dovecot.conf
line 5)

1 files changed, 47 insertions, 5 deletions

diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index b5ed2c594f7..37ee3c8494e 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -14,8 +14,16 @@ let
       base_dir = ${baseDir}
       protocols = ${concatStringsSep " " cfg.protocols}
       sendmail_path = /run/wrappers/bin/sendmail
+      # defining mail_plugins must be done before the first protocol {} filter because of https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#variable-expansion
+      mail_plugins = $mail_plugins ${concatStringsSep " " cfg.mailPlugins.globally.enable}
     ''
 
+    (concatStringsSep "\n" (mapAttrsToList (protocol: plugins: ''
+      protocol ${protocol} {
+        mail_plugins = $mail_plugins ${concatStringsSep " " plugins.enable}
+      }
+    '') cfg.mailPlugins.perProtocol))
+
     (if cfg.sslServerCert == null then ''
       ssl = no
       disable_plaintext_auth = no
@@ -72,7 +80,6 @@ let
     '')
 
     (optionalString cfg.enableQuota ''
-      mail_plugins = $mail_plugins quota
       service quota-status {
         executable = ${dovecotPkg}/libexec/dovecot/quota-status -p postfix
         inet_listener {
@@ -81,10 +88,6 @@ let
         client_limit = 1
       }
 
-      protocol imap {
-        mail_plugins = $mail_plugins imap_quota
-      }
-
       plugin {
         quota_rule = *:storage=${cfg.quotaGlobalPerUser}
         quota = maildir:User quota # per virtual mail user quota # BUG/FIXME broken, we couldn't get this working
@@ -183,6 +186,40 @@ in
       description = "Additional entries to put verbatim into Dovecot's config file.";
     };
 
+    mailPlugins =
+    let plugins = hint: types.submodule {
+        options = {
+          enable = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = "mail plugins to enable as a list of strings to append to the ${hint} <literal>$mail_plugins</literal> configuration variable";
+          };
+        };
+      };
+    in
+    mkOption {
+      type = with types; submodule {
+        options = {
+          globally = mkOption {
+            type = plugins "top-level";
+            example = { enable =[ "virtual" ]; };
+            default = { enable = []; };
+          };
+          perProtocol = mkOption {
+            type = attrsOf (plugins "corresponding per-protocol");
+            default = {};
+            example = { imap = [ "imap_acl" ]; };
+          };
+        };
+      };
+      description = "Additional entries to add to the mail_plugins variable, globally and per protocol";
+      example = {
+        globally.enable = [ "acl" ];
+        perProtocol.imap.enable = [ "imap_acl" ];
+      };
+      default = { globally.enable = []; perProtocol = {};};
+    };
+
     configFile = mkOption {
       type = types.nullOr types.path;
       default = null;
@@ -310,6 +347,11 @@ in
      ++ optional cfg.enablePop3 "pop3"
      ++ optional cfg.enableLmtp "lmtp";
 
+    services.dovecot2.mailPlugins = mkIf cfg.enableQuota {
+      globally.enable = [ "quota" ];
+      perProtocol.imap.enable = [ "imap_quota" ];
+    };
+
     users.users = {
       dovenull =
         { uid = config.ids.uids.dovenull2;