Jaaj-San/pointfichiers
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(services): Created new stalwart-mail service

Browse source
This commit is contained in:
GaspardCulis 2024-11-05 14:39:49 +01:00
parent 19100102fd
commit 10d4078fd2
3 changed files with 122 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
secrets/OVHCloud.yaml
View file

@ -45,6 +45,8 @@ penpot:
STORAGE_ASSETS_S3_REGION: ENC[AES256_GCM,data:oV4ucbPe,iv:zNsUsftybGcQdryAB+mN9Xb/rVWOLFlVixqRLLz8WIY=,tag:FiiSjLyuK89HK1GEE3BSUA==,type:str] STORAGE_ASSETS_S3_REGION: ENC[AES256_GCM,data:oV4ucbPe,iv:zNsUsftybGcQdryAB+mN9Xb/rVWOLFlVixqRLLz8WIY=,tag:FiiSjLyuK89HK1GEE3BSUA==,type:str]
STORAGE_ASSETS_S3_ENDPOINT: ENC[AES256_GCM,data:mZjvBvNZC28jUYrK8e6HHixC4GU=,iv:mppmZn7nV/gckB3+GonwQQT5U14qg1FyEnQ92pGDSZI=,tag:rAePtPdd6o+EDC0MrAToKw==,type:str] STORAGE_ASSETS_S3_ENDPOINT: ENC[AES256_GCM,data:mZjvBvNZC28jUYrK8e6HHixC4GU=,iv:mppmZn7nV/gckB3+GonwQQT5U14qg1FyEnQ92pGDSZI=,tag:rAePtPdd6o+EDC0MrAToKw==,type:str]
STORAGE_ASSETS_S3_BUCKET: ENC[AES256_GCM,data:nfcjtCQVWhdT1UUYPw==,iv:mF2Esw1GvWAjkabvDde63bAq4V5pXNhbhqsK1dkg5sg=,tag:uE6qKxKSJzYtHWxPMiK3Lw==,type:str] STORAGE_ASSETS_S3_BUCKET: ENC[AES256_GCM,data:nfcjtCQVWhdT1UUYPw==,iv:mF2Esw1GvWAjkabvDde63bAq4V5pXNhbhqsK1dkg5sg=,tag:uE6qKxKSJzYtHWxPMiK3Lw==,type:str]
stalwart-mail:
ADMIN_SECRET: ENC[AES256_GCM,data:4ytiKxJ55Wm9p6M=,iv:dl1BCtxOu4o+2qC6ZlUw8cluoqDjp16/SN9bhGneRHs=,tag:qEgWrYHQJHDjR2PwK9y8UA==,type:str]
shadowsocks: shadowsocks:
password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str] password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str]
webdav: webdav:
@ -76,8 +78,8 @@ sops:
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-04T20:13:03Z" lastmodified: "2024-11-04T21:15:49Z"
mac: ENC[AES256_GCM,data:5vNhuKUNMXjBPdGU/ptNE68JqNpFdPxTMbAFZ7OW/tr4WPxSBNnOTuo5qXm36h0sMDbXOJCKe7ofdvbjECtTtcPbP4zRE7Sw+B0vwQ75ruLTD3fG01ONZ08GclomfSe5i2Uv1QEhrKfs3IWf657yRRE3mvIw+rhcpFEwFC+qOyE=,iv:SkwLNKK6K0F55eahv5U4IRjl1zCNRgMvbQWd1EIyeeI=,tag:6aU2GRc0T1YarztNQPoLtQ==,type:str] mac: ENC[AES256_GCM,data:/0c7+XlYMN+CYvhLhpo6ivwI33uLVUGpm8ypN4dJzxFWFCMlVRm4lDxb0u0/6Qudri7RQRqo1AtuK5jP0jBnZQBaKdvHWqV+uTBQNjtdh5PUNT+34eBBh1eT22OzED6CeXWRTlDiFZ6z3rQYpi6j3D7h13VMokvWGRNdpGgcKWw=,iv:LPrWXUgvxKum8hvp4hC01hOinyctafODE1/VJaPLRBc=,tag:rFjJkRIDipCUUhDV8C+dSA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

1
services/default.nix
View file

@ -5,6 +5,7 @@
./outline ./outline
./penpot ./penpot
./shadowsocks ./shadowsocks
./stalwart-mail
./uptime-kuma ./uptime-kuma
./webdav ./webdav
./wireguard ./wireguard

117
services/stalwart-mail/default.nix Normal file
View file

@ -0,0 +1,117 @@
{config, ...}: let
domain = "mail.gasdev.fr";
in {
sops.secrets."stalwart-mail/ADMIN_SECRET".owner = "stalwart-mail";
services.caddy.virtualHosts."${domain}".extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
services.stalwart-mail = {
enable = true;
settings = {
lookup.default.hostname = "${domain}";
server = {
tls.certificate = "default";
http = {
url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port";
use-x-forwarded = true;
};
listener = {
smtp = {
bind = ["[::]:25"];
protocol = "smtp";
};
submissions = {
bind = ["[::]:465"];
protocol = "smtp";
tls.implicit = true;
};
imaptls = {
bind = ["[::]:993"];
protocol = "imap";
tls.implicit = true;
};
management = {
bind = "[::]:8080";
protocol = "http";
};
};
};
certificate.default = {
default = true;
cert = "%{file:/var/lib/stalwart-mail/cert/${domain}.pem}%";
private-key = "%{file:/var/lib/stalwart-mail/cert/${domain}.priv.pem}%";
};
storage = {
data = "rocksdb";
fts = "rocksdb";
blob = "rocksdb";
lookup = "rocksdb";
directory = "internal";
};
store."rocksdb" = {
type = "rocksdb";
path = "%{env:STALWART_PATH}%/data";
compression = "lz4";
};
directory."internal" = {
type = "internal";
store = "rocksdb";
};
tracer."stdout" = {
type = "stdout";
level = "info";
ansi = false;
enable = true;
};
authentication."fallback-admin" = {
user = "admin";
secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
};
};
};
systemd.services.stalwart-mail = {
environment = {
STALWART_PATH = "/var/lib/stalwart-mail";
};
serviceConfig = {
StateDirectory = "stalwart-mail";
StateDirectoryMode = "0740";
};
};
networking.firewall.allowedTCPPorts = [22 465 993];
systemd.timers."stalwart-mail-update-certs" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "stalwart-mail-update-certs.service";
};
};
systemd.services."stalwart-mail-update-certs" = {
script = ''
set -eu
CADDY_CERT_DIR="/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}"
STALWART_CERT_DIR="/var/lib/stalwart-mail/cert"
mkdir -p "''\${CADDY_CERT_DIR}"
mkdir -p "''\${STALWART_CERT_DIR}"
cat "''\${CADDY_CERT_DIR}/${domain}.crt" > "''\${STALWART_CERT_DIR}/${domain}.pem"
cat "''\${CADDY_CERT_DIR}/${domain}.key" > "''\${STALWART_CERT_DIR}/${domain}.priv.pem"
chown -R stalwart-mail:stalwart-mail "''\${STALWART_CERT_DIR}"
chmod -R 0600 "''\${STALWART_CERT_DIR}"
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}