My wife is a nail technician, we just finished getting a nail salon set up for her at home. At the salon she works at right now, she uses a scheduling / crm software called Rosy, I'm trying to see if I can find a self hosted software that can do the same thing for her. I took a look at using Odoo community figuring they'd probably have something that could do it, but it's locked behind the enterprise license (also way too heavy for how small this operation will be). I've looked at maybe using Monica CRM plus just using a calendar, cal.com, I looked at nextcloud plugins, I even tried making my own kind of solution with base-row+n8n+a simple calendar. I thought I found a good option with Savspot, a relatively recent project, but it didn't really work quite right and apparently the entire codebase is ai generated. I'm probably overcomplicating this honestly, does anyone here have any suggestions for software that can do this?

I host an openVPN server, from an IPv4 network/public IP. I also have a domain that points to that public IPv4 address and nothing else. (there's some subdomains behind cloudflare, but the base domain just has an A record pointed at my public ipv4, no AAAA records.)

Lately, I've noticed my connection dramatically slows down while on mobile data and the server IP address displayed in the VPN client is NOT the address my domain points to. It is instead, an IPv6 address that I do not recognize.... I do still have a connection, which gives me access to my private services, so I am successfully reaching my server.

What could be causing this? Would this be something to do with IPv6 (my phone) -> IPv4 (my server)?

I can manually specify my IPv4 address in the openvpn client and get a connection, so why would it retrieve and use an IPv6 address? Where is that address even comming from, it's not in my DNS...?

/edit:

openvpn-status.log shows the remote client as connected from an ipv4 address which matches what comes up at whatismyipaddress.com viewed from the client while disconnected from the VPN. (it displays both an IPv6 and an IPv4 for the phones mobile data connection, openvpn sees the ipv4 when connected)

So the server sees the phones IPv4 as the source of the connection, but the phone is using an IPv6 address I don't recognize to reach the server...

=> There are 90 zombie processes.

On one of my Homelab servers running Ubuntu Jammy, I always seem to get zombie processes. A quick check with ps -eo pid,ppid,stat,cmd | grep -w Z shows them all . It just bugs me. I shut down the server in the most nicest of ways I know how with sudo shutdown -h now but I always get zombie processes shown on start up.

Am I missing something? Do these show up on your servers? How do you deal with them besides just ignoring them if they are ?

I believe it's a way away from consumerism if you don't own everything yourself and share things with people nearby.

I'm looking for a selfhostable (docker-compose) project where everybody can easily add items (maybe with a link to a manual) and the borrowing stuff is manged.

OIDC is a plus because it's to great with pocket-id.

Hi everyone

I posted here awhile ago about something similar but wanted to ask a follow up question.

If I got a 1.111b class xyz domain for my NAS, would that have any issues?

Its mainly just going to be so family and friends can access my jellyfin.

I saw its ten bucks for ten years on their site so its a great price. I'd rather than than 20 bucks a year.

Thank you

I am looking for expences splitting software that I can host myself, similar to Spliit. Spliit seems to unmaintained at the moment.

What I like about Spliit is that the users aren't required to have accounts, making it easy to use the software with various people. And also, it allows marking down negative currency entries, making it easy to split up one persons debt to multiple people.

If you have any recommendations, please share them. Thanks!

I've been thinking about this stuff for a few years now but never actually put any effort into looking it up until now, I wanted to know what is out there in terms of self hosting services for kids, not necessarily just parental control but rather stuff for kids to do that aren't just device isolated apps.

To get the conversation started, I've had the idea floating around my head for a few years of making some local "youtube" for my kid to upload their own videos at some point, maybe throw in some family edits and stuff like that to get the feeling of YouTube without the exposure, same with some sort of social network like a basic blog (wouldn't have much interaction, I know, but at least have the option)

Then, I just found this video on youtube (vertical video warning for anyone who cares) which seems to do a few things of that nature, doesn't seem like it will be foss, personally that's not a requisite for me to use stuff but given its for children focused stuff it doesn't sound great to me at first glance.

What else is out there? What do people piece together out of general projects? Do people even go anywhere beyond hosting their kids dvds on jellyfin/plex and calling it a day?

ONYX 1.3-beta — reactions, blocking, and notification privacy

A follow-up to my previous post. The last post got a decent amount of feedback — some might call it small, but every response genuinely matters and it was great to see people's reactions to the project.

New beta is out today. I would like to share some changes.

ONYX — what's new

Message reactions — you can now react to messages. Basic, but frequently requested.

User blocking — block list and the ability to block users. Should have been there from the start, honestly.

Hide content in notifications — notifications now show "New message" instead of the actual content. Relevant if you do not want your decrypted messages to be stored in the device cache.

PIN and biometric prompt when switching accounts — switching between accounts now requires authentication. Prevents someone with physical access to your phone from jumping between accounts freely. This only works if you have PIN or biometric unlocking enabled in settings.

Relog notification — the app now notifies you when your session token is about to expire.

Video download progress — progress indicator when receiving videos from the server.

ONYX Server

The self-hosted server software also got an update — reaction support has been added, along with a handful of bug fixes.

Bugs and issues — reach out to @support directly in ONYX.

If you're like me, you probably need to update your image tag to this new major version. I'll probably wait for a minor release first.

cross-posted from: https://lemmy.ca/post/63642187

Hey everyone! I've spent the last several months building "Dorsal", an iOS-native music player for Jellyfin with the features that I felt I personally wanted. Designed for those who like to see and listen to their music as an album-focused experience.

I'm interested in getting it in your hands to see what you all think. I have my Jellyfin server set up in a pretty basic way so I'm curious to see if it works well for others too! The code is open-source (MIT-licensed), I have a TestFlight open beta, and it is available on the App Store (it does have a price to support development, developer program fees, etc), so you can get it for free or use and support the production release, up to you! Here are the links:

• GitHub: https://github.com/jaredreich/dorsal
• TestFlight: https://testflight.apple.com/join/p3cMepSH
• App Store: https://apps.apple.com/us/app/dorsal-music/id6762251157 (happy to offer promo codes for early users as well!)

I'm the solo dev, so I'm happy to try and answer any questions! Thanks everyone!

Hey everyone, I’m Daniel.

It's been 103 days since I last posted about Reitti, and what a journey it's been! What started as a personal project on June 5, 2025, has grown immensely. In that time, Reitti has seen exactly 52 releases, culminating last week in the biggest and most ambitious update yet: Reitti 4.0! Today, I want to recap everything that's happened since my last post.

The past few months have been dedicated to transforming how I interact with my movement data, and the community's support has been incredible:

• 1,979 Stars on GitHub.
• 467 Commits to main with 419 PRs merged.
• 374 Issues closed.
• 25 Contributors on GitHub.
• 13 Languages supported.

What is Reitti?

"Reitti" is Finnish for "route" or "path." It’s a personal location tracking and analysis application. It is fully local and private, and no data ever leaves your server. You own the database, and you own the memories.

Reitti 4.0: A New Map Experience

This release focuses on taking your map experience to the next level. I've completely rebuilt the map from the ground up, switching to a foundation powered by MapLibre GL JS and deck.gl. This enables a new level of visualization for your movements, even with millions of data points from years of tracking, it remains blazingly fast and responsive!

• Rewind & Replay Your Journeys: You can now watch your past movements unfold. This allows you to see how you moved through a specific day or trip.
• New Map Layers: I've added new map layers that enhance your data visualization:
  • Terrain Layer: See the elevation changes along your paths. This adds a new dimension to your movement data.
  • Globe Projection: Zoom out and view your entire journey across a 3D globe.
  • Satellite View: Get a real-world perspective with high-resolution satellite imagery.
  • 3D Buildings: In supported areas, watch your paths weave through 3D building models.
• The Aggregate View: This feature helps understand your routine. The new aggregate view condenses all your movement data into a 24-hour window, allowing you to visualize your typical movements. Ever wondered where you usually are at 8 PM, or what your most common morning commute looks like?
• Fast Performance for Years of Data: Displaying multiple years of movement data used to be a challenge. Not anymore! Reitti 4.0 has been heavily optimized to handle vast amounts of historical data without breaking a sweat, ensuring a smooth and responsive experience even for the most avid trackers. The timeline will also see improvements in an upcoming release, as simply displaying all trips and visits for a given time range doesn't always yield meaningful information.
• Flexible Path Visualizations: Now you can choose between:
  • Raw Paths: See every single point as recorded.
  • Default Paths: My improved, cleaned-up path rendering.
  • Edge Bundling: A new option that reduces visual clutter by bundling nearby paths together, making trends and frequent routes easier to spot.

Other New Functionality

Expanded Language Support

Thanks to the incredible dedication of the community translators, Reitti has expanded its global reach and now officially supports more languages, including:

• ¡Hola! Spanish!
• こんにちは (Konnichiwa)! Japanese! (special thanks to @GunseiKPaseri!)
• Привіт (Pryvit)! Ukrainian!
• Merhaba! Turkish!

These additions are a huge step towards making Reitti accessible to even more users worldwide.

Place Editing with Geocoding

When editing a place, you can now directly request geocoding suggestions and select the most accurate result from various available providers. This makes managing your locations much more intuitive and precise.

Faster & More Robust Visit and Trip Detection

I've completely overhauled the algorithms for detecting visits and trips. The new system is not only significantly faster but also much more robust, leading to more accurate and reliable insights into your time spent and journeys taken.

New Dedicated Open-Source Services!

As part of this update, I'm introducing two new, free-to-use services that power Reitti 4.0 and are available for everyone:

• My Own Reverse Geocoder (Paikka): I've developed my very own reverse geocoder, free for everyone to use at https://geo.dedicatedcode.com/. You can find its source on GitHub (Paikka). This provides fast, reliable reverse geocoding directly from my infrastructure.
• My Own Tile Server: To complement the new map experience, I've also launched my own tile server at https://tiles.dedicatedcode.com/, based on the fantastic OpenFreeMap data. This ensures consistent, high-performance map tiles for all Reitti users.

BREAKING CHANGES – Please Read Carefully

While Reitti 4.0 added new features, there are a couple of crucial changes you need to be aware of for a smooth upgrade:

• rabbitmq has been fully removed. This simplifies the stack and reduces dependencies.
• photon has been removed from the default docker-compose file. While it's still supported if you wish to use it, it's no longer a default component thanks to my new open-source geocoding service!

It is absolutely essential that you update your docker-compose file during the upgrade process. Please visit https://www.dedicatedcode.com/projects/reitti/4.0/upgrade/ for the necessary steps to get your Reitti instance running seamlessly on 4.0.

Full v4.0.0 Release Notes: https://github.com/dedicatedcode/reitti/releases/tag/v4.0.0

Thank You

This project thrives because of its community. Thank you to everyone who contributed this year. To the new contributors like u/Jonsen94, u/GunseiKPaseri, u/sieren, u/wjansenw, u/subha0319, and u/per_terra your code, ideas, and dedication are invaluable. Special thanks go to the translators who ensure Reitti is accessible worldwide, and to everyone who posts issues, suggests features, and supports the project indirectly.

What’s Next?

Thanks to the incredible support from my Ko-fi supporters, I've recently acquired a dedicated GPS logger! This means I'm now setting my sights on bringing multi-device support to Reitti. Imagine this: you use your phone for day-to-day tracking, while simultaneously logging a run or ride with another device, leaving your phone at home. My goal is to seamlessly bring these timelines back together into one cohesive view. Along with this, I'll be introducing more powerful editing capabilities, such as defining "no-visit" areas and the ability to remove individual GPS points.

For the Memories feature I explored local AI for natural-language travel diaries, it's still very much on my mind. However, I haven't yet managed to get decent results with a small, local LLM that supports multiple languages. Time will tell if this ever happens, as I only want to introduce massive new requirements when they can deliver a truly tremendous impact for all of you. If anyone has a tip, please drop me a message.

Development Transparency

I use AI as a development tool to accelerate certain aspects of the coding process, but all code is carefully reviewed, tested, and intentionally designed. AI helps with boilerplate generation and problem-solving, but the architecture, logic, and quality standards remain entirely human-driven.

I appreciate your feedback and support! Here are a few ways to connect:

• Support My Work: If you find this project useful, you can support my efforts by buying me a coffee on Ko-fi.
• Report Issues: Encountered a bug? Open an issue on GitHub Issues.
• Discuss on Lemmy: Join the conversation or reach out on Lemmy.
• Connect on Reddit: Find me here u/daniel_graf
• Join us on IRC: Chat with us live in my IRC channel #reitti on libera.chat.
• Github: https://github.com/dedicatedcode/reitti

I'll be in the comments to answer your questions.

https://github.com/TechSquidTV/Cliparr/releases/tag/v0.2.0

What's going on on your servers?

I had to bite the bullet and buy new drives after the old ones filled up. I went for used enterprise SSDs on eBay and eventually found some that had an okay price, even though it's been much more than last time I got some. Combined with Hetzner's hefty price increase some month ago, my hobby has become a bit more expensive again thanks to the ever growing appetite of companies building more data centers to churn more energy.

Anyways, the drives are in, my Ansible playbook to properly encrypt them and make them available in Proxmox worked, so that was smooth (ignoring the part where I disassembled the Lenovo tiny from the rack, open it, SSD out, SSD in, close it and put it back in only to realize I put in the old ssd again).

Any changes in your hardware setups? Did the price increase make you reconsider some design decisions? Let us know!

Somehow I had a database corruption and I did not know how to restore from backup. It was a bad experience until I saw that it worked. Make regular and check your backups.

My tailscale token expired again, so I had to reauthenticate. I logged in to Tailscale, I connected to selected network, the pop up showed up that token is refreshed and I can close window. And I stucked in the loop, because my nas is still not connected.

I have newest version of tailscale and dsm. What can be the issue here?

I’ve finally got tired of how bad the latency and transfer speeds are when mounting my TrueNas SMB shares on my macbook. I looked online for some solutions, but didn’t really have much success with them. I managed to get to this command that seems to be a lot better:
mount_smbfs -o soft,nobrowse "//<username>@<domain or ip>/apps" "$HOME/mnt/apps"
where /mnt/apps is a directory that I created for myself. In this case I’m mounting a share called “apps”. For now it actually seems to be pretty responsive and loads directories and files at an acceptable speed.

Hi I'm a volunteer in a youth center. Some time ago, their organization switched to OneDrive and their old server got shelved. I thought it would be a waste to just throw it out, but I'm not sure what to do with it. It runs on an outdated system (CentOS 7, I believe), but otherwise works fine.

I have dipped my toes into Linux, but I am in no ways an expert.

So I would like to ask for ideas, suggestions or maybe just some pointers. What is a fun way to use a server for a youth center? While I'm at it, any ideas what to do with this?

Use it, donate it, sell it? I'm not trying to profit, by the way. Selling would mean to reinvest it into new equipment for the kids, whatever that may be.

I also have a bunch of Lenovo ThinkCentres and old or broken Notebooks at my disposal.

I currently have the following services which I'd like to migrate elsewhere:
OneDrive
Google Drive
Google Photos (some photos doubled in OneDrive, too, but I will just delete those)
Bitwarden (potenitally)
Google Calendar (but may use the calendar at Mailbox.org)

I keep searching for solutions and I keep coming back to Nextcloud. On the one hand, it seems like it's too big and too complex (even Nextcloud's website defaults to business version and talks about collaboration), but on the other hand it seems modular and has all I need (Files + Virtual Files, Photos / Memories, Calendar and more).

I may one day want to self-host at home, but this is not the day yet, especially with the ridiculous storage prices. I think I'd rather go the cloud route first, but would like to have an option of switching to another provider or taking everything home.

I understand that with a VPS that's a no-brainer because it's essentially a rented virtualized server. But what about the Storage Share? What is easy to take out and what is difficult to take out? I guess files and photos would be as easy as downloading them to my machine (for example via SFTP, rsync, etc. -- I'm on Linux). What about Calendar, if I used that? CalDAV, I guess, and sync to another calendar?

On one hand, using the VPS is a good learning experience, but also more prone to errors on my part. But I am not limited to only Nextcloud, I can spin up other services (for example Immich or even Vaultwarden), especially if I use Docker containers. But VPS will be more expensive, especially if I keep adding services.

Managed Nextcloud is easy to set up and there's virtually no maintenance apart from installing some apps and managing my data. But I am limited to only what Hetzner offers and it may be troublesome to move away.

What am I missing?

I've been selfhosting a while. I run around 15 distinct services in docker containers, all on a single machine with a medium sized disk. It's a small form factor, and I recently had to add space, so I've attached an external USB storage device.

It feels clunky.

At what point does a performant SAN/NAS make sense more than local storage? When did you make the jump?

cross-posted from: https://programming.dev/post/49000591

TL;DR fetchmail to move all emails from email provider to local mailbox that is then served via IMAP by dovecot

Hi, I like being able to switch between email providers easily without having to change my email address (related post). For example right now people have to go through the hassle of going from mygreatusername@some.host to anotherusername@another.host. It's a big barrier because you now have to update that email address everywhere. Imagine having everything on gmail and then moving to startmail, fastmail, posteo, or whatever else.

A solution I was made aware of is to:

• pay for a domain e.g mydomain.org for 10 years (can be cheap)
• use their inbuilt email (sometimes free) or pick an email provider that allows custom domains
• pull all the email to server you host
• serve that email

That way, you will have your myname@mydomain.org and switch email providers underneath while keeping all your emails.

Example config

This config uses the module I wrote (maybe something else exists, but I couldn't find it). It pulls emails of myaccount@my.domain from pop.remote.host to my.host and exposes them via IMAPS as myaccount@my.domain on my.host.

Notice that my.domain need not be the same as my.host. This allows me to hide my IMAP server. Somebody looking at the MX record of my.domain won't immediately find the IMAP server.

{ config, ... }:
{
  /**
    configuration to for fetchmail to retrieve from the remote host
    emails will be moved into a the **local** mailbox of a user with the same email address
  */
  environment.etc."mail/fetchmailrc" = {
    text = ''
      poll pop.remote.host protocol pop3 port 995:
            user "myaccount@my.domain" with password "passwordWithouQuotes" is vmail here
            options fetchall
            ssl
            mda "dovecot-deliver -d myaccount@my.domain"
    '';
    user = config.services.email-fetch-serve.daemonUser;
    group = config.services.email-fetch-serve.daemonGroup;
  };
  
  /**
    usernames and passwords used to log into the **self-hosted** IMAP service
    Uses same format as /etc/passwd
    https://doc.dovecot.org/2.4.3/core/config/auth/databases/passwd_file.html
  */
  environment.etc."mail/imap.passwd" = {
    text = ''
      myAccount@my.domain:{plain}password
    '';
    user = config.services.email-fetch-serve.daemonUser;
    group = config.services.email-fetch-serve.daemonGroup;
  };
  services.email-fetch-serve = {
    enable = true;
    sslCertPath = "/var/acme/certs/mydomain.crt";
    sslCertKey = "/var/acme/certs/mydomain.key";
    fetchmailRcPath = "/etc/mail/fetchmailrc";
    imap = {
      port = 993;
      openFirewall = true;
      passdb = "/etc/mail/imap.passwd";
    };
  };
}

the module

{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.services.email-fetch-serve;
  daemonUserHome = "/var/spool/${cfg.daemonUser}";
  sslEnabled = (cfg.sslCertPath != null) && (cfg.sslCertKey != null);
  /**
    Used by fetchmail to deliver mail to dovecot
  */
  dovecot-deliver-wrapper = pkgs.writeShellScriptBin "dovecot-deliver" ''${pkgs.dovecot}/libexec/dovecot/deliver "''${@}"'';
in
{
  /**
    A self-hosted "email relay" that allows fetching emails from a server and then serving it
    via IMAP.

    Emails are retrieved with fetchmail and exposed via dovecot.

    By default, dovecot used IMAP which unencrypted, but with an ssl certificate and key, it can
    be encrypted and thus turned into IMAPS.
    To generate SSL certs, the `security.acme` option is powerful, but you can also use a
    self-signed certificate.

    To store secrets, do consider using
    - agenix: https://github.com/ryantm/agenix
    - sopsnix: https://github.com/Mic92/sops-nix
  */
  options = with lib; {
    services.email-fetch-serve = {
      enable = mkEnableOption "emails from an email server and serve them via IMAP";
      sslCertPath = mkOption {
        type = types.nullOr types.externalPath;
        description = "Giving a path to an SSL cert **and** key will enable IMAPS and disable IMAP";
        default = null;
      };
      sslCertKey = mkOption {
        type = types.nullOr types.externalPath;
        description = "Giving a path to an SSL key **and** cert will enable IMAPS and disable IMAP";
        default = null;
      };
      fetchmailRcPath = mkOption {
        type = types.externalPath;
        description = "Configuration for fetchmail";
        example = ''
          poll pop.remote.host protocol pop3 port 995:
            user "accountName@remote.host" with password "passwordWithouQuotes" is vmail here
            options fetchall
            ssl
            mda "dovecot-deliver -d accountName@remote.host"
        '';
      };
      imap = {
        port = mkOption {
          type = types.int;
          description = ''
            Which port to host the IMAP service on. If sslCertPath is set this will
                        be the port of othe IMAPS service'';
          default = 143; # Default IMAP port
        };
        openFirewall = lib.mkOption {
          type = lib.types.bool;
          default = false;
          example = true;
          description = "Allow external traffic to reach the IMAP(S) port";
        };
        passdb = mkOption {
          type = types.externalPath;
          description = ''
            Where passwords for IMAP are stored. Should be secret and accessible by vmail user
                        https://doc.dovecot.org/2.4.3/core/config/auth/databases/passwd_file.html
                        https://doc.dovecot.org/2.4.3/core/config/auth/passdb.html
          '';
        };
      };
      daemonUser = mkOption {
        type = types.str;
        description = "Name of the user running the daemons";
        default = "vmail";
      };
      daemonGroup = mkOption {
        type = types.str;
        description = "Name of the user's group running the daemons";
        default = "vmail";
      };
    };
  };

  config = lib.mkIf cfg.enable {
    assertions = [
      {
        # Either both SSL vars are set or none are set
        assertion =
          (cfg.sslCertPath == null && cfg.sslCertKey == null)
          || (cfg.sslCertPath != null && cfg.sslCertKey != null);
        message = "email-fetch-serve service must have sslCertPath AND sslCertKey to have functional SSL";
      }
    ];
    # How electronic email works
    # https://tldp.org/HOWTO/Mail-Administrator-HOWTO-3.html

    # ${daemonUserHome} needs to be created and owned by vmail
    users.users."${cfg.daemonUser}" = {
      createHome = true;
      home = daemonUserHome;
      group = cfg.daemonGroup;
      isSystemUser = true;
    };
    users.groups."${cfg.daemonGroup}" = { };

    services.dovecot2 = lib.mkMerge [
      ({
        # Taken and adapted from https://wiki.nixos.org/wiki/Dovecot
        enable = cfg.enable;
        createMailUser = true;

        enableImap = true;

        mailUser = cfg.daemonUser;
        mailGroup = cfg.daemonGroup;

        # implement virtual users
        # https://doc.dovecot.org/2.3/configuration_manual/howto/simple_virtual_install/
        # store virtual mail under
        # /var/spool/mail/vmail/<DOMAIN>/<USER>/Maildir/
        mailLocation = "maildir:~/Maildir";

        mailboxes = {
          # use rfc standard https://apple.stackexchange.com/a/201346
          All = {
            auto = "create";
            autoexpunge = null;
            specialUse = "All";
          };
          Archive = {
            auto = "create";
            autoexpunge = null;
            specialUse = "Archive";
          };
          Drafts = {
            auto = "create";
            autoexpunge = null;
            specialUse = "Drafts";
          };
          Flagged = {
            auto = "create";
            autoexpunge = null;
            specialUse = "Flagged";
          };
          Junk = {
            auto = "create";
            autoexpunge = "60d";
            specialUse = "Junk";
          };
          Sent = {
            auto = "create";
            autoexpunge = null;
            specialUse = "Sent";
          };
          Trash = {
            auto = "create";
            autoexpunge = "60d";
            specialUse = "Trash";
          };
        };

        extraConfig = lib.concatStrings [
          ''
            # force to use full user name plus domain name
            # for disambiguation
            auth_username_format = %Lu

            # Authentication configuration:
            auth_mechanisms = plain
            passdb {
              driver = passwd-file
              args = ${cfg.imap.passdb}
            }

            userdb {
              driver = static
              # the full e-mail address inside passwd-file is the username (%u)
              # user@example.com
              # %d for domain_name %n for user_name
              args = uid=${cfg.daemonUser} gid=${cfg.daemonGroup} username_format=%u home=${daemonUserHome}/%d/%n
            }
          ''

          (lib.optionalString (!sslEnabled) ''
            service imap-login {
              inet_listener imap {
                port = ${builtins.toString cfg.imap.port}
              }
              inet_listener imaps {
                port = 0
              }
          '')
          (lib.optionalString (sslEnabled) ''
            service imap-login {
              inet_listener imap {
                port = 0
              }
              inet_listener imaps {
                port = ${builtins.toString cfg.imap.port}
              }
            }'')
        ];
      })
      (lib.mkIf sslEnabled {
        sslServerCert = cfg.sslCertPath;
        sslServerKey = cfg.sslCertKey;
      })
    ];

    # Open the firewall port to be able to be contacted
    networking.firewall.allowedTCPPorts = [ cfg.imap.port ];
    networking.firewall.allowedUDPPorts = [ cfg.imap.port ];

    #####################
    # To fetch the emails
    systemd.services.fetchmail = {
      enable = cfg.enable;
      after = [ "dovecot2.service" ];
      wantedBy = [ "dovecot2.service" ];
      path = [ dovecot-deliver-wrapper ];
      serviceConfig = {
        User = cfg.daemonUser;
        ExecStart = "${pkgs.fetchmail}/bin/fetchmail --fetchmailrc ${cfg.fetchmailRcPath} --daemon 60";
      };
    };
  };
}