jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Nixpkgs version of stalwart is outdated and broken. Temporary use oci containers.

Browse source
This commit is contained in:
Jurn Wubben 2025-06-12 11:41:57 +02:00
parent e6f0dd7f01
commit 7386b347d5
2 changed files with 102 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

8
secrets/default.nix
View file

@ -23,10 +23,10 @@ in {
}; };
cloudflare-acme.file = ./cloudflare-acme.age; cloudflare-acme.file = ./cloudflare-acme.age;
mail-admin = { mail-admin = {
owner = # owner = #FIXME: revert when stopped using docker for stalwart.
if config.niksos.server # if config.niksos.server
then serviceUser "stalwart-mail" # then serviceUser "stalwart-mail"
else "root"; # else "root";
file = ./mail-admin.age; file = ./mail-admin.age;
}; };
}; };

195
system/server/mail.nix
View file

@ -1,102 +1,101 @@
{config, ...}: { {config, ...}: {
nixpkgs.overlays = [ # nixpkgs.overlays = [
(final: prev: let # (final: prev: let
version = "0.12.4"; # version = "0.12.4";
hash = "sha256-MUbWGBbb8+b5cp+M5w27A/cHHkMcoEtkN13++FyBvbM="; # hash = "sha256-MUbWGBbb8+b5cp+M5w27A/cHHkMcoEtkN13++FyBvbM=";
cargoHash = "sha256-G1c7hh0nScc4Cx7A1UUXv6slA6pP0fC6h00zR71BJIo="; # cargoHash = "sha256-G1c7hh0nScc4Cx7A1UUXv6slA6pP0fC6h00zR71BJIo=";
in { # in {
stalwart-mail = prev.stalwart-mail.overrideAttrs (new: old: rec { # stalwart-mail = prev.stalwart-mail.overrideAttrs (new: old: rec {
inherit cargoHash version; # inherit cargoHash version;
src = prev.fetchFromGitHub { # src = prev.fetchFromGitHub {
inherit version hash; # inherit version hash;
inherit (old.src) owner repo; # inherit (old.src) owner repo;
tag = "v${version}"; # tag = "v${version}";
# };
# cargoDeps = prev.rustPlatform.fetchCargoVendor {
# inherit src;
# hash = cargoHash;
# };
# });
# })
# ];
# services.stalwart-mail = {
# enable = true;
# openFirewall = false; # Don't want to open port 8080, will leave that for caddy.
# credentials = {
# user_admin_password = config.age.secrets.mail-admin.path;
# };
# settings = {
# authentication.fallback-admin = {
# secret = "%{file:/run/credentials/stalwart-mail.service/user_admin_password}%";
# user = "admin";
# };
# server = {
# tracer."log" = {
# ansi = false;
# enable = true;
# level = "info";
# path = "./stalwart/logs";
# prefix = "stalwart.log";
# rotate = "daily";
# type = "log";
# };
# listener = {
# bind = "127.0.0.1:9003";
# protocol = "http";
# };
# imaptls = {
# bind = "[::]:993";
# protocol = "imap";
# tls.implicit = true;
# };
# smtp = {
# bind = "[::]:25";
# protocol = "smtp";
# };
# submissions = {
# bind = "[::]:465";
# protocol = "smtp";
# tls.implicit = true;
# };
# };
# };
#
# hostname = "mx1.jsw.tf";
# lookup.default.domain = "jsw.tf";
# acme."letsencrypt" = {
# directory = "https://acme-v02.api.letsencrypt.org/directory";
# challenge = "tls-alpn-01";
# contact = ["jurnwubben@gmail.com"];
# domains = ["jsw.tf" "mx1.jsw.tf"];
# renew-before = "30d";
# };
# directory."imap".lookup.domains = ["jsw.tf"];
# # directory."in-memory" = {
# # type = "memory";
# # principals = [
# # {
# # class = "individual";
# # name = "User 1";
# # secret = "%{file:/etc/stalwart/mail-pw1}%";
# # email = [""];
# # }
# # ];
# # };
# };
#FIXME: revert when stopped using docker for stalwart. https://github.com/NixOS/nixpkgs/issues/416091
virtualisation.oci-containers.containers.stalwart = {
image = "docker.io/stalwartlabs/stalwart:latest";
labels = {
"io.containers.autoupdate" = "registry";
}; };
cargoDeps = prev.rustPlatform.fetchCargoVendor { ports = ["25:25" "465:465" "993:993" "9003:8080"];
inherit src; volumes = [
hash = cargoHash; "/opt/stalwart:/opt/stalwart"
};
});
})
]; ];
services.stalwart-mail = {
enable = true;
openFirewall = false; # Don't want to open port 8080, will leave that for caddy.
credentials = {
user_admin_password = config.age.secrets.mail-admin.path;
}; };
settings = {
authentication.fallback-admin = {
secret = "%{file:/run/credentials/stalwart-mail.service/user_admin_password}%";
user = "admin";
};
server = {
tracer."log" = {
ansi = false;
enable = true;
level = "info";
path = "./stalwart/logs";
prefix = "stalwart.log";
rotate = "daily";
type = "log";
};
listener = {
http = {
bind = "127.0.0.1:9003";
protocol = "http";
};
imaptls = {
bind = "[::]:993";
protocol = "imap";
tls.implicit = true;
};
smtp = {
bind = "[::]:25";
protocol = "smtp";
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
tls.implicit = true;
};
};
};
hostname = "mx1.jsw.tf";
lookup.default.domain = "jsw.tf";
acme."letsencrypt" = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
challenge = "tls-alpn-01";
contact = ["jurnwubben@gmail.com"];
domains = ["jsw.tf" "mx1.jsw.tf"];
renew-before = "30d";
};
directory."imap".lookup.domains = ["jsw.tf"];
# directory."in-memory" = {
# type = "memory";
# principals = [
# {
# class = "individual";
# name = "User 1";
# secret = "%{file:/etc/stalwart/mail-pw1}%";
# email = [""];
# }
# ];
# };
};
};
# virtualisation.oci-containers.containers.stalwart = {
# image = "docker.io/stalwartlabs/mail-server:latest";
# labels = {
# "io.containers.autoupdate" = "registry";
# };
# ports = ["25:25" "465:465" "993:993" "9003:8080"];
# volumes = [
# "/home/jsw/stalwart:/opt/stalwart-mail"
# ];
# };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
993 993
25 25
@ -109,9 +108,9 @@
reverse_proxy http://127.0.0.1:9003 reverse_proxy http://127.0.0.1:9003
''; '';
serverAliases = [ serverAliases = [
"mta-sts.jsw.tf" # "mta-sts.jsw.tf"
"autoconfig.jsw.tf" # "autoconfig.jsw.tf"
"autodiscover.jsw.tf" # "autodiscover.jsw.tf"
"mail.jsw.tf" "mail.jsw.tf"
]; ];
}; };