diff options
Diffstat (limited to '')
-rw-r--r-- | modules/by-name/st/stalwart-mail/settings.nix | 56 |
1 files changed, 38 insertions, 18 deletions
diff --git a/modules/by-name/st/stalwart-mail/settings.nix b/modules/by-name/st/stalwart-mail/settings.nix index 7032ae0..907cea9 100644 --- a/modules/by-name/st/stalwart-mail/settings.nix +++ b/modules/by-name/st/stalwart-mail/settings.nix @@ -18,6 +18,11 @@ if cfg.security != null then cfg.security.verificationMode else "disable"; + + directory = + if cfg.principals == null + then "internal" + else "in-memory"; in { config.services.stalwart-mail.settings = lib.mkIf cfg.enable { # https://www.rfc-editor.org/rfc/rfc6376.html#section-3.3 @@ -219,7 +224,7 @@ in { require = true; }; rcpt = { - directory = "'in-memory'"; + directory = "'${directory}'"; catch-all = true; subaddressing = true; }; @@ -236,7 +241,7 @@ in { }; auth = { mechanisms = ["LOGIN" "PLAIN"]; - directory = "'in-memory'"; + directory = "'${directory}'"; require = true; must-match-sender = true; errors = { @@ -339,13 +344,13 @@ in { hostname = cfg.fqdn; listener = { - # TODO(@bpeetz): Add this <2025-02-08> - # # HTTP (used for jmap) - # "http" = { - # bind = ["[::]:8080"]; - # protocol = "http"; - # tls.implicit = true; - # }; + # HTTP (used for jmap) + "http" = { + bind = ["127.0.0.1:8112"]; + protocol = "http"; + # handled by ngnix + tls.implicit = false; + }; # IMAP "imap" = { @@ -401,11 +406,12 @@ in { certificate = "default"; }; - # TODO(@bpeetz): Configure that <2025-02-07> - # http = { - # url = ""; - # allowed-endpoint = ["404"]; - # }; + http = { + url = "protocol + '://' + config_get('server.hostname') + ':' + local_port"; + + # We are behind a nginx proxy, and can thus trust this header. + use-x-forwarded = true; + }; auto-ban = { # Ban if the same IP fails to login 10 times in a day @@ -467,6 +473,14 @@ in { # Perform “maintenance” every day at 3 am local time. purge.frequency = "0 3 *"; }; + "rocksdb-directory" = lib.mkIf (cfg.principals == null) { + type = "rocksdb"; + path = "${cfg.dataDirectory}/storage/directory"; + compression = "lz4"; + + # Perform “maintenance” every day at 1 am local time. + purge.frequency = "0 1 *"; + }; "rocksdb-full-text-search" = { type = "rocksdb"; path = "${cfg.dataDirectory}/storage/full-text-search"; @@ -505,7 +519,7 @@ in { full-text.default-language = "en"; fts = "rocksdb-full-text-search"; - directory = "in-memory"; + directory = "${directory}"; lookup = "redis"; @@ -516,9 +530,15 @@ in { encryption.enable = false; }; - directory."in-memory" = { - type = "memory"; - inherit (cfg) principals; + directory = { + "in-memory" = lib.mkIf (cfg.principals != null) { + type = "memory"; + inherit (cfg) principals; + }; + "internal" = lib.mkIf (cfg.principals == null) { + type = "internal"; + store = "rocksdb-directory"; + }; }; certificate = { |