chore dovecot&postfix: rename nix files, disable debug

sp-modules/simple-nixos-mailserver/auth-dovecot.nix

@@ -21,8 +21,8 @@ let
       ${lib.optionalString config.mailserver.ldap.startTls ''
       tls = yes
       ''}
-      # tls_require_cert = hard
-      # tls_ca_cert_file = ${config.mailserver.ldap.tlsCAFile}
+      tls_require_cert = hard
+      tls_ca_cert_file = ${config.mailserver.ldap.tlsCAFile}
       dn = ${config.mailserver.ldap.bind.dn}
       sasl_bind = no
       auth_bind = no
@@ -108,24 +108,21 @@ lib.mkIf config.selfprivacy.modules.auth.enable {
       default_fields = home=/var/vmail/${domain}/%u uid=${toString config.mailserver.vmailUID} gid=${toString config.mailserver.vmailUID}
     }
 
-    #auth_username_format = %Ln
-
-    # FIXME
-    auth_debug = yes
-    auth_debug_passwords = yes  # Be cautious with this in production as it logs passwords
-    auth_verbose = yes
-    mail_debug = yes
+    # with debugging OAuth2 token gets printed in logs
+    # auth_debug = yes
+    # auth_debug_passwords = yes
+    # auth_verbose = yes
+    # mail_debug = yes
   '';
   services.dovecot2.enablePAM = false;
   systemd.services.dovecot2 = {
     # TODO does it merge with existing preStart?
     preStart = setPwdInLdapConfFile + "\n";
-    # FIXME pass dependant services to auth module option instead
-    wants = [ "kanidm.service" ];
-    after = [ "kanidm.service" ];
+    # FIXME pass dependant services to auth module option instead?
+    wants = [ auth-passthru.oauth2-systemd-service ];
+    after = [ auth-passthru.oauth2-systemd-service ];
   };
 
   # does it merge with existing restartTriggers?
   systemd.services.postfix.restartTriggers = [ setPwdInLdapConfFile ];
-
 }

sp-modules/simple-nixos-mailserver/auth-postfix.nix

@@ -14,8 +14,8 @@ let
     server_host = ${lib.concatStringsSep " " cfg.ldap.uris}
     start_tls = ${if cfg.ldap.startTls then "yes" else "no"}
     version = 3
-    # tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
-    # tls_require_cert = yes
+    tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
+    tls_require_cert = yes
 
     search_base = ${cfg.ldap.searchBase}
     scope = ${cfg.ldap.searchScope}
@@ -63,17 +63,12 @@ lib.mkIf config.selfprivacy.modules.auth.enable {
     restartTriggers =
       [ appendPwdInVirtualMailboxMap appendPwdInSenderLoginMap ];
     wants = [ auth-passthru.oauth2-systemd-service ];
-    after = [ "kanidm.service" ];
+    after = [ auth-passthru.oauth2-systemd-service ];
   };
   services.postfix = {
     # the list should be merged with other options from nixos-mailserver
     config.virtual_mailbox_maps = [ "ldap:${ldapVirtualMailboxMapFile}" ];
     inherit submissionOptions;
     submissionsOptions = submissionOptions;
-    # extraConfig = ''
-    #   debug_peer_list =
-    #   debug_peer_level = 3
-    #   smtp_tls_security_level = encrypt
-    # '';
   };
 }

sp-modules/simple-nixos-mailserver/flake.nix

@@ -10,8 +10,8 @@
         mailserver.nixosModules.default
         ./options.nix
         ./config.nix
-        ./ldap-postfix.nix
-        ./ldap-dovecot.nix
+        ./auth-postfix.nix
+        ./auth-dovecot.nix
       ];
     };
     configPathsNeeded =