blob: 665fb6e782f771586048e77198f9e8396af0aafc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
{
pkgs,
nixpkgs-unstable,
unstable,
config,
...
}: {
disabledModules = ["services/mail/stalwart-mail.nix"];
imports = [
"${nixpkgs-unstable}/nixos/modules/services/mail/stalwart-mail.nix"
];
environment.etc."stalwart-mail/search-pw".source = config.secrets.ldap-search.path;
systemd.services.stalwart-mail.serviceConfig = {
EnvironmentFile = config.age.secrets.ldap-search.path;
};
users.users.stalwart-mail.extraGroups = ["acme"];
services.stalwart-mail = {
enable = true;
package = unstable.stalwart-mail;
openFirewall = true;
credentials = {
user_admin_password = config.secrets.ldap-root.path;
user_search_password = config.secrets.ldap-search.path;
};
settings = {
certificate.default = {
cert = "%{file:/var/lib/acme/mail.m4siri.com/fullchain.pem}%";
private-key = "%{file:/var/lib/acme/mail.m4siri.com/key.pem}%";
default = true;
};
http.url = "protocol + '://' + config_get('server.hostname')";
tracer.stdout = {
level = "trace";
};
auth.search = "%{file:/etc/stalwart-mail/search-pw}%";
server = {
hostname = "mail.m4siri.com";
tls = {
implicit = false;
};
auto-ban = {
auth.rate = "10/1d";
};
listener = {
smtp = {
protocol = "smtp";
bind = "[::]:25";
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
tls.implicit = true;
};
submission = {
bind = "[::]:587";
protocol = "smtp";
tls.implicit = true;
};
pop3 = {
bind = "[::]:110";
protocol = "pop3";
};
pop3s = {
bind = "[::]:995";
protocol = "pop3";
tls.implicit = true;
};
imap = {
bind = "[::]:143";
protocol = "imap";
};
imaps = {
bind = "[::]:993";
protocol = "imap";
tls.implicit = true;
};
http = {
bind = ["127.0.0.1:8080"];
protocol = "http";
};
https = {
bind = ["127.0.0.1:1443"];
protocol = "http";
tls.implicit = true;
};
jmap = {
bind = ["127.0.0.1:1443"];
protocol = "http";
tls.implicit = true;
};
sieve = {
bind = "[::]:4190";
protocol = "managesieve";
};
};
};
storage.blob = "rocksdb";
storage.data = "rocksdb";
storage.directory = "ldap";
storage.fts = "rocksdb";
store = {
"rocksdb" = {
compression = "lz4";
path = "/var/lib/stalwart-mail/data";
type = "rocksdb";
};
};
authentication.fallback-admin = {
user = "fallback-admin";
secret = "%{file:/run/credentials/stalwart-mail.service/user_admin_password}%";
};
directory.ldap = {
type = "ldap";
url = "ldap://localhost:389";
timeout = "30s";
base-dn = "dc=m4siri,dc=com";
tls.enable = false;
bind = {
dn = "cn=searchuser,ou=users,dc=m4siri,dc=com";
secret = "%{env:STALWART_SEARCH_PW}%";
auth = {
method = "template";
template = "uid={local},ou=users,dc=m4siri,dc=com";
search = true;
};
};
filter = {
name = "(&(objectClass=inetOrgPerson)(|(mail=?)(uid=?)))";
email = "(&(objectClass=inetLocalMailRecipient)(|(mail=?)(mailLocalAddress=?)))";
};
attributes = {
name = "uid";
secret = "userPassword";
email = "mail";
email-alias = "mailLocalAddress";
};
};
};
};
}
|
