faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nichts/modules/services/stalwart.mod.nix
Bloxx12 e641dfa114
 treewide: format using nixfmt 
Signed-off-by: Bloxx12 <charlie@charlieroot.dev>
Change-Id: I6a6a69641c36f9763e104087a559c148d0449f00
2025-07-20 02:14:32 +02:00

135 lines
4.2 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
domain = "charlieroot.dev";
cfg = config.modules.system.services.stalwart;
in
{
options.modules.system.services.stalwart.enable = mkEnableOption "stalwart";
config = mkIf cfg.enable {
# create the stallwart user
users.users.stalwart = {
home = "/var/lib/stalwart-mail";
useDefaultShell = true;
group = "stalwart";
isSystemUser = true;
};
users.groups.stalwart = { };
services.stalwart-mail = {
enable = true;
package = pkgs.stalwart-mail;
openFirewall = true;
settings = {
email = {
# All incoming messages via SMTP or LMTP are automatically encrypted before they are written to disk,
# provided the user has uploaded their S/MIME certificate or OpenPGP public key.
encryption.enable = true;
};
server = {
# The default server hostname is utilized in SMTP EHLO commands,
# as well as included in message headers and reports.
hostname = domain;
tls = {
# Specifies whether the TLS encryption is available for the listener.
enable = true;
# Specifies whether the listener should use implicit or explicit TLS encryption.
# If set to false (the default), the listener will use explicit TLS encryption,
# which requires clients to initiate a STARTTLS command before upgrading the connection
# to an encrypted one. If set to true, the listener will use implicit TLS encryption,
# which requires the connection to be encrypted from the start.
implicit = true;
};
# Listeners are responsible for receiving incoming TCP connections.
listener = {
# Unencrypted SMTP connections are received on port 25 by default.
# This is the standard port for SMTP, and is used by mail servers to send email to each other.
smtp = {
protocol = "smtp";
bind = [ "[::]:25" ];
tls.implicit = true;
};
# SMTP submissions with implicit TLS are received on port 465 by default.
# This is the standard port for SMTP submissions with native implicit TLS,
# and is used by mail clients to send email to mail servers.
submissions = {
bind = [ "[::]:465" ];
protocol = "smtp";
tls.implicit = true;
};
imaps = {
bind = [ "[::]:993" ];
protocol = "imap";
tls.implicit = true;
};
management = {
bind = [ "127.0.0.1:8080" ];
protocol = "http";
tls.implicit = true;
};
};
lookup.default = {
hostname = "mail.${domain}";
inherit domain;
};
};
# storage = {
# data = "postgresql";
# blob = "postgresql";
# fts = "postgresql";
# lookup = "postgresql";
# full-text = {
# default-language = "en";
# };
# };
# store = {
# postgresql = {
# # Specifies the database type, set to "postgresql" for PostgreSQL.
# type = "postgresql";
# # The hostname or IP address of the PostgreSQL server.
# host = "localhost";
# # Port PostgreSQL runs on. Defaults to 5432.
# port = "5432";
# # Name of the database to connect to.
# # TODO: add this to PostgreSQL.
# database = "stalwart";
# # The username used for authentication with the PostgreSQL server.
# # TODO: add this to PostgreSQL.
# user = "stalwart";
# password = "";
# # Enable TLS
# tls.enable = true;
# };
# };
};
};
services.nginx = {
enable = true;
virtualHosts."mail.${domain}" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString 8080}";
};
};
};
};
}
Reference in a new issue View git blame Copy permalink