Dovecot utilities not usable from Nix store; must be installed in /etc

[chkno]

Describe the bug

Basic unprivileged dovecot utility functionality requires dovecot to be installed system-wide. This makes it impossible to use dovecot utilities without administrator privileges, and makes it impossible for multiple versions of dovecot to coexist on the same machine. These are core Nix competencies & it's surprising to find them lacking for this package.

Steps To Reproduce

On a machine without dovecot installed system-wide, try to generate a password hash:

$ nix-shell -p dovecot --run "doveadm -c /dev/null pw -p foo"
doveadm(init): Fatal: opendir(/etc/dovecot/modules) failed: No such file or directory

Expected behavior

$ nix-shell -p dovecot --run "doveadm -c /dev/null pw -p foo"
{CRYPT}$2y$05$EskrTH1AHHe32GLh7nL9X.jr28KUY.F2/CzvKjfoyG1M0h/KywcCe

Additional context

This is caused by nixpkgs's own patch which modifies upstream's module-directory logic to force it to be in /etc. Just removing this patch makes things work again:

$ nix-shell -p 'dovecot.overrideAttrs (_: { patches = []; })' --run "doveadm -c /dev/null pw -p foo"
{CRYPT}$2y$05$czS/oyWodmqA5Rq06y3iie9SyVoteHhfnPOWD1X27kfPfoxNPH3mC

This was implemented in 2013 in 93ff42ae9c33b2f507c766ac5b2398cfd287ef30 as a way to allow combining dovecot modules from multiple derivations. Since 2013, nixpkgs has figured out much better ways to do this (eg: the various withPackages mechanisms). Dovecot's mechanism needs to be updated to these more recent, better practices.

Notify maintainers

Maintainers: @fpletz @globin @ajs124 Author of 93ff42ae9c33b2f507c766ac5b2398cfd287ef30: @rickynils

[ajs124]

I'd need to take a look at the code and maybe ask upstream, but what solution do you propose? How would withPackages work for something like this? Would we need to patch dovecot to read plugin paths from environment variabes? I'm not sure that's better than the status quo, tbh.

[chkno]

Reading the plugin path from an environment valiable seems ok to me. It's strictly better than hardcoding /etc/dovecot/modules:

• It would allow multiple version of dovecot to co-exist peacefully on the same machine
• It would allow running dovecot from the nix store, without installing, which would make it easier to use nix-built dovecot on non-NixOS systems
• The default module path (when the environment variable is not set) could fall back to the upstream behavior, making this a less-invasive change than the current method.

[kevinboulain]

FWIW this also breaks rootless setups. The server starts fine but any client will get disconnected immediately:

master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for imap
imap-login: Error: imap-login(init): Fatal: opendir(/etc/dovecot/modules) failed: No such file or directory
master: Error: service(imap-login): command startup failed, throttling for 2.000 secs
imap-login: Fatal: master: service(imap-login): child 358212 returned error 89 (Fatal failure)

I don't have a good idea on how to fix that though.

The configure script has the --with-moduledir option so the patch could be removed. I guess it would also make overlays a bit easier to work with (but maybe it's just me, I couldn't figure out how to filter out the patch without porting over the list). EDIT: it's not as simple as that, too bad.