diff --git a/modules/services/acme/module.nix b/modules/services/acme/module.nix index 078b405..68473b8 100644 --- a/modules/services/acme/module.nix +++ b/modules/services/acme/module.nix @@ -30,4 +30,11 @@ in { # "mail.charlieroot.dev" = mkAcmeCert "mail.charlieroot.dev"; }; }; + + services.nginx.appendConfig = '' + location /.well-known/acme-challenge/ { + rewrite /.well-known/acme-challenge/(.*) /$1 break; + root /var/lib/acme/.well-known/acme-challenge; + } + ''; } diff --git a/modules/services/stalwart/module.nix b/modules/services/stalwart/module.nix index 903efec..5efc214 100644 --- a/modules/services/stalwart/module.nix +++ b/modules/services/stalwart/module.nix @@ -55,17 +55,17 @@ in { # and is used by mail clients to send email to mail servers. submissions = { - bind = ["localhost:465" "[::]:465"]; + bind = ["localhost::465" "[::]:465"]; protocol = "smtp"; tls.implicit = true; }; imaps = { - bind = ["localhost:993" "[::]:993"]; + bind = ["localhost::993" "[::]:993"]; protocol = "imap"; tls.implicit = true; }; jmap = { - bind = ["localhost:8080" "[::]:8080"]; + bind = ["localhost::8080" "[::]:8080"]; url = "https://mail.${domain}"; protocol = "jmap"; tls.implicit = true; @@ -91,7 +91,7 @@ in { }; }; store = { - "postgresql" = { + postgresql = { # Specifies the database type, set to "postgresql" for PostgreSQL. type = "postgresql"; @@ -102,10 +102,17 @@ in { port = "5432"; # Name of the database to connect to. - database = "stalwart"; + # TODO: add this to PostgreSQL. + name = "stalwart"; # The username used for authentication with the PostgreSQL server. - user = "stalwart"; + # TODO: add this to PostgreSQL. + username = "stalwart"; + + # Compression algorithm to use. + compression = "lz4"; + # Clean up every day at 5:30am local time. + purge.frequency = "30 5 *"; # Enable TLS tls.enable = true;