s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
reNixos/viola/services/stalwart.nix
s0me1newithhand7s 793b14918a viola: upstream 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-03-25 18:48:47 +03:00

210 lines
4.8 KiB
Nix
Raw Blame History

{config, ...}: {
services = {
stalwart = {
enable = true;
settings = {
server = {
allowed-ip = [
"127.0.0.1"
"100.109.201.146"
"192.168.1.0/24"
];
auto-ban = {
enable = false;
unban-after = "1h";
};
proxy = {
trusted-networks = [
"127.0.0.0/8"
"::1"
"100.109.201.146"
];
};
hostname = "mail.hand7s.org";
proxy-networks = [
"127.0.0.1/32"
"100.109.201.146"
];
listener = {
"lmtp" = {
bind = "0.0.0.0:24";
protocol = "lmtp";
};
"smtp" = {
bind = "0.0.0.0:25";
protocol = "smtp";
proxy-protocol = true;
};
"pop3" = {
bind = "0.0.0.0:110";
protocol = "pop3";
proxy-protocol = true;
};
"imap" = {
bind = "0.0.0.0:143";
protocol = "imap";
proxy-protocol = true;
tls = {
enable = true;
implicit = false;
certificate = "default";
};
};
"submissions" = {
bind = "0.0.0.0:465";
protocol = "smtp";
proxy-protocol = true;
tls = {
certificate = "default";
implicit = true;
enable = true;
};
};
"submission" = {
bind = "0.0.0.0:587";
protocol = "smtp";
proxy-protocol = true;
tls = {
enable = true;
implicit = false;
certificate = "default";
};
};
"imaptls" = {
bind = "0.0.0.0:993";
protocol = "imap";
proxy-protocol = true;
tls = {
certificate = "default";
implicit = true;
enable = true;
};
};
"pop3s" = {
bind = "0.0.0.0:995";
protocol = "pop3";
proxy-protocol = true;
tls = {
certificate = "default";
implicit = true;
enable = true;
};
};
"sieve" = {
bind = "0.0.0.0:4190";
proxy-protocol = true;
protocol = "managesieve";
};
"management" = {
protocol = "http";
bind = [
"0.0.0.0:8980"
];
};
};
};
lookup = {
default = {
hostname = "mail.hand7s.org";
domain = "hand7s.org";
};
};
storage = {
data = "postgresql";
blob = "s3";
fts = "postgresql";
lookup = "redis";
};
store = {
"postgresql" = {
type = "postgresql";
host = "localhost";
timeout = "15s";
tls = {
enable = false;
allow-invalid-certs = false;
};
pool = {
max-connections = 10;
};
};
"redis" = {
type = "redis";
redis-type = "single";
urls = ''redis+unix:///run/redis-stalwart/redis.sock?password=${config.services."stalwart".settings.requirePass}'';
timeout = "180s";
};
};
oauth = {
"zitadel" = {
type = "oidc";
issuer = "http://zitadel.hand7s.org:8443/.well-known/openid-configuration";
tls-allow-invalid-certs = true;
};
};
directory = {
"zitadel" = {
type = "oidc";
timeout = "1s";
issuer = "http://zitadel.hand7s.org:8443/.well-known/openid-configuration";
tls-allow-invalid-certs = true;
};
};
authentication = {
directories = [
"zitadel"
];
oauth = [
"zitadel"
];
};
tracer = {
journal = {
enable = true;
type = "journal";
level = "debug";
};
otlp = {
enable = true;
type = "open-telemetry";
endpoint = "http://127.0.0.1:4317";
transport = "grpc";
level = "info";
};
console = {
enable = true;
type = "console";
level = "trace";
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink