# https://doc.dovecot.org/settings/core/
auth_mechanisms = plain scram-sha-256
protocols = imap
listen = {{ imap_bind_address }}

# /usr/share/doc/dovecot/example-config/conf.d/10-master.conf
# disable plaintext imap
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

# authenticate using a hash in a password file
# https://doc.dovecot.org/configuration_manual/authentication/passwd_file/#authentication-passwd-file
# Generate a password:
# doveadm pw -s BLF-CRYPT
passdb {
  driver = passwd-file
  args = username_format=%n scheme=blf-crypt {{ dovecot_passwd_file }}
  auth_verbose=yes
}

# after authentication, use the system user account details
# https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb/#authentication-user-database
userdb {
  driver = passwd-file

  args = username_format=%n {{ dovecot_passwd_file }}

  default_fields = uid={{ postfix_maildir_user }} gid={{ postfix_maildir_user }}
# override_fields =

# skip = never
# result_failure = continue
# result_internalfail = continue
# result_success = return-ok

# auth_verbose = default
}

# IMAP
ssl=yes
ssl_cert=<{{ postfix_smtpd_tls_cert_file }}
ssl_key=<{{ postfix_smtpd_tls_key_file }}
ssl_dh=<{{ postfix_smtpd_tls_dh1024_param_file }}
#verbose_ssl=yes

# SASL
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }

}

# https://doc.dovecot.org/configuration_manual/home_directories_for_virtual_users/#ways-to-set-up-home-directory
# https://doc.dovecot.org/admin_manual/filesystem_permission/
mail_location = maildir:{{ postfix_virtual_mailbox_base }}/{{ postfix_domain }}/%n
mail_home=/srv/mail/%Lu

# https://doc.dovecot.org/admin_manual/logging/#dovecot-logging
#mail_debug=yes