Jaaj-San/pointfichiers
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Jaaj-San:499d34119d55a552e6d9b07fd196da07a3dc3e99
Branches Tags
Jaaj-San:main
Jaaj-San:feat/ovh-config
Jaaj-San:feat/nix
...
compare: Jaaj-San:7927f6ca963d229f7609a47227d51eb6b3038bcd
Branches Tags
Jaaj-San:main
Jaaj-San:feat/ovh-config
Jaaj-San:feat/nix

2 commits
499d34119d ... 7927f6ca96

Author SHA1 Message Date
GaspardCulis
7927f6ca96 fix(mail): Got working stalwart mail config 2024-11-11 00:15:07 +01:00
GaspardCulis
e97003764a feat(mail): Added log file config 2024-11-10 22:25:11 +01:00
3 changed files with 62 additions and 25 deletions
Show stats Expand all files Collapse all files

10
services/authelia/configuration.yml
View file

@ -76,12 +76,12 @@ storage:
notifier: notifier:
disable_startup_check: true disable_startup_check: true
smtp: smtp:
address: 'smtp://mail.gasdev.fr:25' address: 'submissions://mail.gasdev.fr:465'
username: 'postmaster@gasdev.fr' username: 'postmaster'
sender: 'Authelia <authelia@gasdev.fr>' sender: 'Authelia <authelia@gasdev.fr>'
identifier: 'mail.gasdev.fr' # identifier: 'mail.gasdev.fr'
tls: # tls:
server_name: 'mail.gasdev.fr' # server_name: 'mail.gasdev.fr'
log: log:
level: 'info' level: 'info'

6
services/outline/default.nix
View file

@ -30,10 +30,10 @@
smtp = { smtp = {
host = "mail.gasdev.fr"; host = "mail.gasdev.fr";
port = 465; port = 465;
username = "postmaster@gasdev.fr"; username = "postmaster";
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path; passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
fromEmail = "from.outline@gasdev.fr"; fromEmail = "outline@gasdev.fr";
replyEmail = "reply.outline@gasdev.fr"; replyEmail = "no-reply@gasdev.fr";
}; };
storage = { storage = {

71
services/stalwart-mail/default.nix
View file

@ -5,6 +5,11 @@ in {
sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail"; sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";
services.caddy.virtualHosts."mailadmin.${domain}" = { services.caddy.virtualHosts."mailadmin.${domain}" = {
extraConfig = ''
reverse_proxy http://127.0.01:40312
'';
};
services.caddy.virtualHosts."mail.${domain}" = {
extraConfig = '' extraConfig = ''
reverse_proxy http://127.0.01:8080 reverse_proxy http://127.0.01:8080
''; '';
@ -12,7 +17,7 @@ in {
"mta-sts.${domain}" "mta-sts.${domain}"
"autoconfig.${domain}" "autoconfig.${domain}"
"autodiscover.${domain}" "autodiscover.${domain}"
"mail.${domain}" "${domain}"
]; ];
}; };
networking.firewall.allowedTCPPorts = [25 465 587 993]; networking.firewall.allowedTCPPorts = [25 465 587 993];
@ -21,7 +26,7 @@ in {
enable = true; enable = true;
settings = { settings = {
server = { server = {
hostname = "mx1.${domain}"; hostname = "mail.${domain}";
tls = { tls = {
enable = true; enable = true;
implicit = true; implicit = true;
@ -34,40 +39,36 @@ in {
submissions = { submissions = {
bind = "[::]:465"; bind = "[::]:465";
protocol = "smtp"; protocol = "smtp";
tls.implicit = true;
}; };
imaps = { imaps = {
bind = "[::]:993"; bind = "[::]:993";
protocol = "imap"; protocol = "imap";
tls.implicit = true;
}; };
jmap = { jmap = {
bind = "[::]:8080"; bind = "[::]:8080";
url = "https://mail.${domain}"; protocol = "http";
protocol = "jmap"; tls.implicit = false;
}; };
management = { management = {
bind = ["127.0.0.1:8080"]; bind = ["127.0.0.1:40312"];
protocol = "http"; protocol = "http";
}; };
}; };
}; };
lookup.default = { lookup.default = {
hostname = "mx1.${domain}"; hostname = "mail.${domain}";
domain = "${domain}"; domain = "${domain}";
}; };
acme."letsencrypt" = { certificate.default = {
directory = "https://acme-v02.api.letsencrypt.org/directory"; default = true;
challenge = "dns-01"; cert = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.pem}%";
contact = "postmaster@${domain}"; private-key = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.priv.pem}%";
domains = ["${domain}" "mx1.${domain}"];
provider = "cloudflare";
secret = "%{file:${config.sops.secrets."stalwart-mail/ACME_SECRET".path}}%";
}; };
session.auth = { session.auth = {
mechanisms = "[plain]"; mechanisms = "[plain, login]";
directory = "'in-memory'";
}; };
session.rcpt.directory = "'in-memory'";
queue.outbound.next-hop = "'local'";
directory."imap".lookup.domains = ["${domain}"]; directory."imap".lookup.domains = ["${domain}"];
storage = { storage = {
data = "rocksdb"; data = "rocksdb";
@ -91,6 +92,11 @@ in {
ansi = false; ansi = false;
enable = true; enable = true;
}; };
tracer."journal" = {
type = "journal";
level = "info";
enable = true;
};
authentication."fallback-admin" = { authentication."fallback-admin" = {
user = "admin"; user = "admin";
secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%"; secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
@ -107,4 +113,35 @@ in {
StateDirectoryMode = "0740"; StateDirectoryMode = "0740";
}; };
}; };
systemd.timers."stalwart-mail-update-certs" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "stalwart-mail-update-certs.service";
};
};
systemd.services."stalwart-mail-update-certs" = {
script = ''
set -eu
CADDY_CERT_DIR="/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.${domain}"
STALWART_CERT_DIR="/var/lib/stalwart-mail/cert"
mkdir -p "''\${CADDY_CERT_DIR}"
mkdir -p "''\${STALWART_CERT_DIR}"
cat "''\${CADDY_CERT_DIR}/mail.${domain}.crt" > "''\${STALWART_CERT_DIR}/mail.${domain}.pem"
cat "''\${CADDY_CERT_DIR}/mail.${domain}.key" > "''\${STALWART_CERT_DIR}/mail.${domain}.priv.pem"
chown -R stalwart-mail:stalwart-mail "''\${STALWART_CERT_DIR}"
chmod -R 0700 "''\${STALWART_CERT_DIR}"
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
} }