From c576f263a760c7502bf6cbac4fa6087f00ad7409 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Mon, 6 Jan 2025 10:10:27 +0530
Subject: kay/mail: migrate

---
 os/kay/modules/mail.nix | 52 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 15 deletions(-)

(limited to 'os/kay/modules/mail.nix')

diff --git a/os/kay/modules/mail.nix b/os/kay/modules/mail.nix
index bd2681a..33a78ab 100644
--- a/os/kay/modules/mail.nix
+++ b/os/kay/modules/mail.nix
@@ -1,4 +1,4 @@
-{ config, ... }: let
+{ config, pkgs, ... }: let
   ipv6 = "2001:470:ee65::1337";
   domain = config.global.userdata.domain;
   username = config.global.userdata.name;
@@ -29,10 +29,34 @@ in {
     "key:${config.security.acme.certs.${domain}.directory}/key.pem"
   ];
 
+  services.postgresql = {
+    ensureDatabases = [ "stalwart" ];
+    ensureUsers = [{
+      name = "stalwart";
+      ensureDBOwnership = true;
+    }];
+  };
+
   services.stalwart-mail = {
-    enable = false;
+    enable = true;
     openFirewall = true;
 
+    # foundation db is too big to build on a 32GB ram machine, good job
+    # trillion dollar company, proud of you
+    package = pkgs.stalwart-mail.overrideAttrs {
+      buildNoDefaultFeatures = true;
+      buildFeatures = [ "postgres" ];
+      buildInputs = with pkgs; [
+        bzip2
+        openssl
+        zstd
+      ];
+      # some tests fails with -lfdb_c: No such file, just disable this for row
+      # probably because of not including foundationdb, upstream has this
+      # enabled so it's not the end of the world
+      doCheck = false;
+    };
+
     settings = {
       queue.outbound = {
         ip-strategy = "ipv6_then_ipv4";
@@ -57,6 +81,7 @@ in {
         imaptls = {
           bind = "[::]:993";
           protocol = "imap";
+          tls.implicit = true;
         };
         http = {
           bind = "[::]:8085";
@@ -95,10 +120,10 @@ in {
       };
 
       storage = {
-        data = "rocksdb";
-        fts = "rocksdb";
-        blob = "rocksdb";
-        lookup = "rocksdb";
+        data = "postgresql";
+        fts = "postgresql";
+        blob = "postgresql";
+        lookup = "postgresql";
         directory = "in-memory";
       };
       store.postgresql = {
@@ -106,7 +131,6 @@ in {
         host = "localhost";
         database = "stalwart";
         user = "stalwart";
-        password = "ass";
         timeout = "15s";
         tls.enable = false;
         pool.max-connections = 10;
@@ -114,20 +138,18 @@ in {
 
       directory."in-memory" = {
         type = "memory";
-        options.subaddressing = true;
-
         principals = [
           {
-            inherit email;
-            secret = "%{file:/${credentials_directory}/password}%";
+            class = "admin";
             name = username;
-            type = "admin";
+            secret = "%{file:/${credentials_directory}/password}%";
+            inherit email;
           }
           { # for mta-sts & dmarc reports
-            email = "reports${domain}";
-            secret = "%{file:/${credentials_directory}/password}%";
+            class = "individual";
             name = "reports";
-            type = "individual";
+            secret = "%{file:/${credentials_directory}/password}%";
+            email = "reports@${domain}";
           }
         ];
       };
-- 
cgit v1.2.3