pointfichiers/services/stalwart-mail/default.nix

{config, ...}: let
  domain = "gasdev.fr";
in {
  sops.secrets."stalwart-mail/ADMIN_SECRET".owner = "stalwart-mail";
  sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";

  services.caddy.virtualHosts."mailadmin.${domain}" = {
    extraConfig = ''
      reverse_proxy http://127.0.01:8080
    '';
    serverAliases = [
      "mta-sts.${domain}"
      "autoconfig.${domain}"
      "autodiscover.${domain}"
      "mail.${domain}"
    ];
  };
  networking.firewall.allowedTCPPorts = [25 465 587 993];

  services.stalwart-mail = {
    enable = true;
    settings = {
      server = {
        hostname = "mx1.${domain}";
        tls = {
          enable = true;
          implicit = true;
        };
        listener = {
          smtp = {
            protocol = "smtp";
            bind = "[::]:25";
          };
          submissions = {
            bind = "[::]:465";
            protocol = "smtp";
          };
          imaps = {
            bind = "[::]:993";
            protocol = "imap";
          };
          jmap = {
            bind = "[::]:8080";
            url = "https://mail.${domain}";
            protocol = "jmap";
          };
          management = {
            bind = ["127.0.0.1:8080"];
            protocol = "http";
          };
        };
      };
      lookup.default = {
        hostname = "mx1.${domain}";
        domain = "${domain}";
      };
      acme."letsencrypt" = {
        directory = "https://acme-v02.api.letsencrypt.org/directory";
        challenge = "dns-01";
        contact = "postmaster@${domain}";
        domains = ["${domain}" "mx1.${domain}"];
        provider = "cloudflare";
        secret = "%{file:${config.sops.secrets."stalwart-mail/ACME_SECRET".path}}%";
      };
      session.auth = {
        mechanisms = "[plain]";
        directory = "'in-memory'";
      };
      session.rcpt.directory = "'in-memory'";
      queue.outbound.next-hop = "'local'";
      directory."imap".lookup.domains = ["${domain}"];
      storage = {
        data = "rocksdb";
        fts = "rocksdb";
        blob = "rocksdb";
        lookup = "rocksdb";
        directory = "internal";
      };
      store."rocksdb" = {
        type = "rocksdb";
        path = "%{env:STALWART_PATH}%/data";
        compression = "lz4";
      };
      directory."internal" = {
        type = "internal";
        store = "rocksdb";
      };
      tracer."stdout" = {
        type = "stdout";
        level = "info";
        ansi = false;
        enable = true;
      };
      authentication."fallback-admin" = {
        user = "admin";
        secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
      };
    };
  };

  systemd.services.stalwart-mail = {
    environment = {
      STALWART_PATH = "/var/lib/stalwart-mail";
    };
    serviceConfig = {
      StateDirectory = "stalwart-mail";
      StateDirectoryMode = "0740";
    };
  };
}
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`{config, ...}: let`
chore(services): Tweak SMTP config 2024-11-05 18:35:52 +01:00			`domain = "gasdev.fr";`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`in {`
			`sops.secrets."stalwart-mail/ADMIN_SECRET".owner = "stalwart-mail";`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`services.caddy.virtualHosts."mailadmin.${domain}" = {`
			`extraConfig = ''`
			`reverse_proxy http://127.0.01:8080`
			`'';`
			`serverAliases = [`
			`"mta-sts.${domain}"`
			`"autoconfig.${domain}"`
			`"autodiscover.${domain}"`
			`"mail.${domain}"`
			`];`
			`};`
			`networking.firewall.allowedTCPPorts = [25 465 587 993];`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00
			`services.stalwart-mail = {`
			`enable = true;`
			`settings = {`
			`server = {`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`hostname = "mx1.${domain}";`
			`tls = {`
			`enable = true;`
			`implicit = true;`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`};`
			`listener = {`
			`smtp = {`
			`protocol = "smtp";`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`bind = "[::]:25";`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`};`
			`submissions = {`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`bind = "[::]:465";`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`protocol = "smtp";`
			`};`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`imaps = {`
			`bind = "[::]:993";`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`protocol = "imap";`
			`};`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`jmap = {`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`bind = "[::]:8080";`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`url = "https://mail.${domain}";`
			`protocol = "jmap";`
			`};`
			`management = {`
			`bind = ["127.0.0.1:8080"];`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`protocol = "http";`
			`};`
			`};`
			`};`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`lookup.default = {`
			`hostname = "mx1.${domain}";`
			`domain = "${domain}";`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`};`
refactor(mail): Rewrite config Following this guide: https://wiki.nixos.org/wiki/Stalwart 2024-11-10 19:52:04 +01:00			`acme."letsencrypt" = {`
			`directory = "https://acme-v02.api.letsencrypt.org/directory";`
			`challenge = "dns-01";`
			`contact = "postmaster@${domain}";`
			`domains = ["${domain}" "mx1.${domain}"];`
			`provider = "cloudflare";`
			`secret = "%{file:${config.sops.secrets."stalwart-mail/ACME_SECRET".path}}%";`
			`};`
			`session.auth = {`
			`mechanisms = "[plain]";`
			`directory = "'in-memory'";`
			`};`
			`session.rcpt.directory = "'in-memory'";`
			`queue.outbound.next-hop = "'local'";`
			`directory."imap".lookup.domains = ["${domain}"];`
feat(services): Created new `stalwart-mail` service 2024-11-05 14:39:49 +01:00			`storage = {`
			`data = "rocksdb";`
			`fts = "rocksdb";`
			`blob = "rocksdb";`
			`lookup = "rocksdb";`
			`directory = "internal";`
			`};`
			`store."rocksdb" = {`
			`type = "rocksdb";`
			`path = "%{env:STALWART_PATH}%/data";`
			`compression = "lz4";`
			`};`
			`directory."internal" = {`
			`type = "internal";`
			`store = "rocksdb";`
			`};`
			`tracer."stdout" = {`
			`type = "stdout";`
			`level = "info";`
			`ansi = false;`
			`enable = true;`
			`};`
			`authentication."fallback-admin" = {`
			`user = "admin";`
			`secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";`
			`};`
			`};`
			`};`

			`systemd.services.stalwart-mail = {`
			`environment = {`
			`STALWART_PATH = "/var/lib/stalwart-mail";`
			`};`
			`serviceConfig = {`
			`StateDirectory = "stalwart-mail";`
			`StateDirectoryMode = "0740";`
			`};`
			`};`
			`}`