mailcow: add

flake.nix

@@ -43,6 +43,7 @@
           defaults
           ethtool-setringmax
           prometheus-exporter-gateway
+          mailcow
         ];
         ansible_default = default ++ [
           nix-unify.nixosModules.ansible

modules/mailcow.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, inputs, ... }:
+
+with lib;
+let
+  cfg = config.services.mailcow;
+in
+{
+  options.services.mailcow = {
+    enable = mkEnableOption "mailcow";
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.docker.enable = true;
+    networking.firewall.trustedInterfaces = [ "br-mailcow" "docker*" ];
+    environment.systemPackages = with pkgs; [
+      mailcow
+    ];
+
+    # mailcow docker native ipv6 nat
+    virtualisation.docker.daemon.settings = {
+      ipv6 = true;
+      fixed-cidr-v6 = "fd00:dead:beef:c0::/80";
+      experimental = true;
+      ip6tables = true;
+    };
+    # convince the mailcow script we have enabled ipv6nat
+    environment.etc."docker/daemon.json".text = ''
+      {"ipv6":true,"fixed-cidr-v6":"fd00:dead:beef:c0::/80","experimental":true,"ip6tables":true}
+    '';
+  };
+}

pkgs/mailcow/default.nix

@@ -0,0 +1,48 @@
+{ stdenv
+, which
+, openssl
+, bash
+, coreutils
+, curl
+, wget
+, docker
+, git
+, gawk
+, gnugrep
+, gnused
+, iptables-nftables-compat
+, lib
+}:
+
+let
+  pathPkgs = [
+    which
+    openssl
+    bash
+    coreutils
+    curl
+    wget
+    docker # config.virtualisation.docker.package
+    git
+    gawk
+    gnugrep
+    gnused
+    iptables-nftables-compat
+  ];
+  path = lib.makeBinPath pathPkgs;
+in
+stdenv.mkDerivation {
+  name = "mailcow";
+
+  src = ./src;
+
+  buildPhase = ''
+    substituteInPlace bin.sh \
+      --subst-var-by path "${path}"
+  '';
+
+  installPhase = ''
+    install -m 755 -D bin.sh $out/bin/mailcow
+    ln -s $out/bin/mailcow $out/bin/mailcow-shell
+  '';
+}

pkgs/mailcow/src/bin.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+export PATH=@path@
+
+MAILCOW_DIR="/root/mailcow"
+
+die() {
+  echo "ERROR: $*" >&2
+  exit 2
+}
+
+if [ "$(id -u)" -gt 0 ]; then
+  die "must be root"
+fi
+
+if [ ! -e "$MAILCOW_DIR" ]; then
+  git clone https://github.com/mailcow/mailcow-dockerized "$MAILCOW_DIR"
+fi
+
+pushd "$MAILCOW_DIR"
+
+if [ "$(basename "$0")" = "mailcow-shell" ]; then
+  echo "opening shell..."
+  exec $SHELL
+  exit $?
+fi
+
+if [ ! -e mailcow.conf ]; then
+  ./generate_config.sh
+fi
+
+./update.sh

tests/mailcow.nix

@@ -0,0 +1,18 @@
+inputs: mod: { pkgs, lib, ... }:
+{
+  name = "mailcow";
+
+  node.specialArgs.inputs = inputs;
+
+  nodes = {
+    server = { lib, pkgs, ... }: {
+      imports = mod.default;
+      services.mailcow.enable = true;
+    };
+  };
+
+  testScript = ''
+    start_all()
+    server.wait_for_unit("docker")
+  '';
+}