Compare commits
No commits in common. "7927f6ca963d229f7609a47227d51eb6b3038bcd" and "499d34119d55a552e6d9b07fd196da07a3dc3e99" have entirely different histories.
7927f6ca96
...
499d34119d
3 changed files with 25 additions and 62 deletions
|
@ -76,12 +76,12 @@ storage:
|
||||||
notifier:
|
notifier:
|
||||||
disable_startup_check: true
|
disable_startup_check: true
|
||||||
smtp:
|
smtp:
|
||||||
address: 'submissions://mail.gasdev.fr:465'
|
address: 'smtp://mail.gasdev.fr:25'
|
||||||
username: 'postmaster'
|
username: 'postmaster@gasdev.fr'
|
||||||
sender: 'Authelia <authelia@gasdev.fr>'
|
sender: 'Authelia <authelia@gasdev.fr>'
|
||||||
# identifier: 'mail.gasdev.fr'
|
identifier: 'mail.gasdev.fr'
|
||||||
# tls:
|
tls:
|
||||||
# server_name: 'mail.gasdev.fr'
|
server_name: 'mail.gasdev.fr'
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: 'info'
|
level: 'info'
|
||||||
|
|
|
@ -30,10 +30,10 @@
|
||||||
smtp = {
|
smtp = {
|
||||||
host = "mail.gasdev.fr";
|
host = "mail.gasdev.fr";
|
||||||
port = 465;
|
port = 465;
|
||||||
username = "postmaster";
|
username = "postmaster@gasdev.fr";
|
||||||
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
|
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
|
||||||
fromEmail = "outline@gasdev.fr";
|
fromEmail = "from.outline@gasdev.fr";
|
||||||
replyEmail = "no-reply@gasdev.fr";
|
replyEmail = "reply.outline@gasdev.fr";
|
||||||
};
|
};
|
||||||
|
|
||||||
storage = {
|
storage = {
|
||||||
|
|
|
@ -5,11 +5,6 @@ in {
|
||||||
sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";
|
sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";
|
||||||
|
|
||||||
services.caddy.virtualHosts."mailadmin.${domain}" = {
|
services.caddy.virtualHosts."mailadmin.${domain}" = {
|
||||||
extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.01:40312
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.caddy.virtualHosts."mail.${domain}" = {
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
reverse_proxy http://127.0.01:8080
|
reverse_proxy http://127.0.01:8080
|
||||||
'';
|
'';
|
||||||
|
@ -17,7 +12,7 @@ in {
|
||||||
"mta-sts.${domain}"
|
"mta-sts.${domain}"
|
||||||
"autoconfig.${domain}"
|
"autoconfig.${domain}"
|
||||||
"autodiscover.${domain}"
|
"autodiscover.${domain}"
|
||||||
"${domain}"
|
"mail.${domain}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [25 465 587 993];
|
networking.firewall.allowedTCPPorts = [25 465 587 993];
|
||||||
|
@ -26,7 +21,7 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
hostname = "mail.${domain}";
|
hostname = "mx1.${domain}";
|
||||||
tls = {
|
tls = {
|
||||||
enable = true;
|
enable = true;
|
||||||
implicit = true;
|
implicit = true;
|
||||||
|
@ -39,36 +34,40 @@ in {
|
||||||
submissions = {
|
submissions = {
|
||||||
bind = "[::]:465";
|
bind = "[::]:465";
|
||||||
protocol = "smtp";
|
protocol = "smtp";
|
||||||
tls.implicit = true;
|
|
||||||
};
|
};
|
||||||
imaps = {
|
imaps = {
|
||||||
bind = "[::]:993";
|
bind = "[::]:993";
|
||||||
protocol = "imap";
|
protocol = "imap";
|
||||||
tls.implicit = true;
|
|
||||||
};
|
};
|
||||||
jmap = {
|
jmap = {
|
||||||
bind = "[::]:8080";
|
bind = "[::]:8080";
|
||||||
protocol = "http";
|
url = "https://mail.${domain}";
|
||||||
tls.implicit = false;
|
protocol = "jmap";
|
||||||
};
|
};
|
||||||
management = {
|
management = {
|
||||||
bind = ["127.0.0.1:40312"];
|
bind = ["127.0.0.1:8080"];
|
||||||
protocol = "http";
|
protocol = "http";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
lookup.default = {
|
lookup.default = {
|
||||||
hostname = "mail.${domain}";
|
hostname = "mx1.${domain}";
|
||||||
domain = "${domain}";
|
domain = "${domain}";
|
||||||
};
|
};
|
||||||
certificate.default = {
|
acme."letsencrypt" = {
|
||||||
default = true;
|
directory = "https://acme-v02.api.letsencrypt.org/directory";
|
||||||
cert = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.pem}%";
|
challenge = "dns-01";
|
||||||
private-key = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.priv.pem}%";
|
contact = "postmaster@${domain}";
|
||||||
|
domains = ["${domain}" "mx1.${domain}"];
|
||||||
|
provider = "cloudflare";
|
||||||
|
secret = "%{file:${config.sops.secrets."stalwart-mail/ACME_SECRET".path}}%";
|
||||||
};
|
};
|
||||||
session.auth = {
|
session.auth = {
|
||||||
mechanisms = "[plain, login]";
|
mechanisms = "[plain]";
|
||||||
|
directory = "'in-memory'";
|
||||||
};
|
};
|
||||||
|
session.rcpt.directory = "'in-memory'";
|
||||||
|
queue.outbound.next-hop = "'local'";
|
||||||
directory."imap".lookup.domains = ["${domain}"];
|
directory."imap".lookup.domains = ["${domain}"];
|
||||||
storage = {
|
storage = {
|
||||||
data = "rocksdb";
|
data = "rocksdb";
|
||||||
|
@ -92,11 +91,6 @@ in {
|
||||||
ansi = false;
|
ansi = false;
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
tracer."journal" = {
|
|
||||||
type = "journal";
|
|
||||||
level = "info";
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
authentication."fallback-admin" = {
|
authentication."fallback-admin" = {
|
||||||
user = "admin";
|
user = "admin";
|
||||||
secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
|
secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
|
||||||
|
@ -113,35 +107,4 @@ in {
|
||||||
StateDirectoryMode = "0740";
|
StateDirectoryMode = "0740";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers."stalwart-mail-update-certs" = {
|
|
||||||
wantedBy = ["timers.target"];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
Persistent = true;
|
|
||||||
Unit = "stalwart-mail-update-certs.service";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services."stalwart-mail-update-certs" = {
|
|
||||||
script = ''
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
CADDY_CERT_DIR="/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.${domain}"
|
|
||||||
STALWART_CERT_DIR="/var/lib/stalwart-mail/cert"
|
|
||||||
|
|
||||||
mkdir -p "''\${CADDY_CERT_DIR}"
|
|
||||||
mkdir -p "''\${STALWART_CERT_DIR}"
|
|
||||||
|
|
||||||
cat "''\${CADDY_CERT_DIR}/mail.${domain}.crt" > "''\${STALWART_CERT_DIR}/mail.${domain}.pem"
|
|
||||||
cat "''\${CADDY_CERT_DIR}/mail.${domain}.key" > "''\${STALWART_CERT_DIR}/mail.${domain}.priv.pem"
|
|
||||||
|
|
||||||
chown -R stalwart-mail:stalwart-mail "''\${STALWART_CERT_DIR}"
|
|
||||||
chmod -R 0700 "''\${STALWART_CERT_DIR}"
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
User = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue