diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-01-06 10:10:27 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-01-06 21:33:00 +0530 |
| commit | c576f263a760c7502bf6cbac4fa6087f00ad7409 (patch) | |
| tree | c0cec8534fd6aba81df2adc2551380c13ffdd00f /os/kay | |
| parent | 5c274e6214c321a8ba90d473e3500989d6e84ed1 (diff) | |
kay/mail: migrate
Diffstat (limited to 'os/kay')
| -rw-r--r-- | os/kay/modules/mail.nix | 52 | ||||
| -rw-r--r-- | os/kay/modules/www.nix | 8 |
2 files changed, 45 insertions, 15 deletions
diff --git a/os/kay/modules/mail.nix b/os/kay/modules/mail.nix index bd2681a..33a78ab 100644 --- a/os/kay/modules/mail.nix +++ b/os/kay/modules/mail.nix @@ -1,4 +1,4 @@ -{ config, ... }: let +{ config, pkgs, ... }: let ipv6 = "2001:470:ee65::1337"; domain = config.global.userdata.domain; username = config.global.userdata.name; @@ -29,10 +29,34 @@ in { "key:${config.security.acme.certs.${domain}.directory}/key.pem" ]; + services.postgresql = { + ensureDatabases = [ "stalwart" ]; + ensureUsers = [{ + name = "stalwart"; + ensureDBOwnership = true; + }]; + }; + services.stalwart-mail = { - enable = false; + enable = true; openFirewall = true; + # foundation db is too big to build on a 32GB ram machine, good job + # trillion dollar company, proud of you + package = pkgs.stalwart-mail.overrideAttrs { + buildNoDefaultFeatures = true; + buildFeatures = [ "postgres" ]; + buildInputs = with pkgs; [ + bzip2 + openssl + zstd + ]; + # some tests fails with -lfdb_c: No such file, just disable this for row + # probably because of not including foundationdb, upstream has this + # enabled so it's not the end of the world + doCheck = false; + }; + settings = { queue.outbound = { ip-strategy = "ipv6_then_ipv4"; @@ -57,6 +81,7 @@ in { imaptls = { bind = "[::]:993"; protocol = "imap"; + tls.implicit = true; }; http = { bind = "[::]:8085"; @@ -95,10 +120,10 @@ in { }; storage = { - data = "rocksdb"; - fts = "rocksdb"; - blob = "rocksdb"; - lookup = "rocksdb"; + data = "postgresql"; + fts = "postgresql"; + blob = "postgresql"; + lookup = "postgresql"; directory = "in-memory"; }; store.postgresql = { @@ -106,7 +131,6 @@ in { host = "localhost"; database = "stalwart"; user = "stalwart"; - password = "ass"; timeout = "15s"; tls.enable = false; pool.max-connections = 10; @@ -114,20 +138,18 @@ in { directory."in-memory" = { type = "memory"; - options.subaddressing = true; - principals = [ { - inherit email; - secret = "%{file:/${credentials_directory}/password}%"; + class = "admin"; name = username; - type = "admin"; + secret = "%{file:/${credentials_directory}/password}%"; + inherit email; } { # for mta-sts & dmarc reports - email = "reports${domain}"; - secret = "%{file:/${credentials_directory}/password}%"; + class = "individual"; name = "reports"; - type = "individual"; + secret = "%{file:/${credentials_directory}/password}%"; + email = "reports@${domain}"; } ]; }; diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix index 6530281..e8def58 100644 --- a/os/kay/modules/www.nix +++ b/os/kay/modules/www.nix @@ -96,6 +96,14 @@ in }; }; + "mail.${domain}" = defaultOpts // { + extraConfig = "proxy_buffering off;"; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:8085"; + }; + }; + "mta-sts.${domain}" = defaultOpts // { locations."= /.well-known/mta-sts.txt".return = ''200 "${ lib.strings.concatStringsSep "\\n" [ |