jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
NiksOS/system/server/mail.nix
Jurn Wubben 146ca3b9ad Bump
2025-06-11 21:15:04 +02:00

93 lines
2.3 KiB
Nix
Raw Blame History

{config, ...}: {
services.stalwart-mail = {
enable = true;
openFirewall = false; # Don't want to open port 8080, will leave that for caddy.
credentials = {
user_admin_password = config.age.secrets.mail-admin.path;
};
settings = {
authentication = {
fallback-admin = {
secret = "%{file:/run/credentials/stalwart-mail.service/user_admin_password}%";
user = "admin";
};
};
server = {
tracer."log" = {
ansi = false;
enable = true;
level = "info";
path = "./stalwart/logs";
prefix = "stalwart.log";
rotate = "daily";
type = "log";
};
listener = {
http = {
bind = "127.0.0.1:9003";
protocol = "http";
};
imaptls = {
bind = "[::]:993";
protocol = "imap";
tls.implicit = true;
};
smtp = {
bind = "[::]:25";
protocol = "smtp";
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
tls.implicit = true;
};
};
};
hostname = "mx1.jsw.tf";
lookup.default = {
hostname = "mx1.jsw.tf";
domain = "jsw.tf";
};
acme."letsencrypt" = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
challenge = "tls-alpn-01";
contact = ["jurnwubben@gmail.com"];
domains = ["jsw.tf" "mx1.jsw.tf"];
cache = "%{BASE_PATH}%/etc/acme";
renew-before = "30d";
};
directory."imap".lookup.domains = ["jsw.tf"];
# directory."in-memory" = {
# type = "memory";
# principals = [
# {
# class = "individual";
# name = "User 1";
# secret = "%{file:/etc/stalwart/mail-pw1}%";
# email = [""];
# }
# ];
# };
};
};
networking.firewall.allowedTCPPorts = [
993
25
465
];
services.caddy.virtualHosts = {
"webadmin.jsw.tf" = {
extraConfig = ''
reverse_proxy http://127.0.0.1:9003
'';
serverAliases = [
"mta-sts.jsw.tf"
"autoconfig.jsw.tf"
"autodiscover.jsw.tf"
"mail.jsw.tf"
];
};
};
}
Reference in a new issue View git blame Copy permalink