default.nix: add options to open ports 993 (IMAPS) and 995 (POP3S)

Dovecot is already configured to serve IMAPS on port 993 and POP3S on port 995.

default.nix

@@ -184,7 +184,7 @@ in
       default = true;
       description = ''
         Whether to enable imap / pop3. Both variants are only supported in the
-        (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are
+        (sane) startTLS configuration. The ports are
 
         110 - Pop3
         143 - IMAP
@@ -192,12 +192,21 @@ in
       '';
     };
 
+    enableImapSsl = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable IMAPS, setting this option to true will open port 993
+        in the firewall.
+      '';
+    };
+
     enablePop3 = mkOption {
       type = types.bool;
       default = false;
       description = ''
-        Whether to enable POP3. Both variants are only supported in the
+        Whether to enable POP3. Both variants are only supported in the (sane)
-        (sane) startTLS configuration. (TODO: Allow SSL ports). The ports are
+        startTLS configuration. The ports are
 
         110 - Pop3
         143 - IMAP
@@ -205,8 +214,14 @@ in
       '';
     };
 
-    # imapSsl = mkOption {} #< TODO
+    enablePop3Ssl = mkOption {
-    # pop3Ssl = mkOption {} #< TODO
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable POP3S, setting this option to true will open port 995
+        in the firewall.
+      '';
+    };
 
     virusScanning = mkOption {
       type = types.bool;

mail-server/networking.nix

@@ -25,7 +25,9 @@ in
     networking.firewall = {
       allowedTCPPorts = [ 25 587 ]
         ++ (if enableImap then [ 143 ] else [])
-        ++ (if enablePop3 then [ 110 ] else []);
+        ++ (if enableImapSsl then [ 993 ] else [])
+        ++ (if enablePop3 then [ 110 ] else [])
+        ++ (if enablePop3Ssl then [ 995 ] else []);
     };
   };
 }