about summary refs log tree commit diff stats
path: root/modules/by-name/st/stalwart-mail/settings.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/by-name/st/stalwart-mail/settings.nix')
-rw-r--r--modules/by-name/st/stalwart-mail/settings.nix34
1 files changed, 20 insertions, 14 deletions
diff --git a/modules/by-name/st/stalwart-mail/settings.nix b/modules/by-name/st/stalwart-mail/settings.nix
index 17f045d..765d8db 100644
--- a/modules/by-name/st/stalwart-mail/settings.nix
+++ b/modules/by-name/st/stalwart-mail/settings.nix
@@ -100,7 +100,7 @@ in {
         from-name = "'TLS Report'";
         from-address = "'noreply-tls@${cfg.fqdn}'";
         org-name = "'Foss Syndicate Mail Handling'";
-        contact-info = "'${cfg.admin}'";
+        contact-info = "'mailto:${cfg.admin}'";
         send = "daily";
         max-size = 26214400; # 25 MiB
         sign = lib.mkIf (cfg.security != null) "'${cfg.fqdn}'";
@@ -110,7 +110,7 @@ in {
           from-name = "'DMARC Report'";
           from-address = "'noreply-dmarc@${cfg.fqdn}'";
           org-name = "'Foss Syndicate Mail Handling'";
-          contact-info = "'${cfg.admin}'";
+          contact-info = "'mailto:${cfg.admin}'";
           send = "weekly";
           max-size = 26214400; # 25MiB
           sign = lib.mkIf (cfg.security != null) "'${cfg.fqdn}'";
@@ -344,13 +344,13 @@ in {
       hostname = cfg.fqdn;
 
       listener = {
-        # TODO(@bpeetz): Add this <2025-02-08>
-        # # HTTP (used for jmap)
-        # "http" = {
-        #   bind = ["[::]:8080"];
-        #   protocol = "http";
-        #   tls.implicit = true;
-        # };
+        # HTTP (used for jmap)
+        "http" = {
+          bind = ["127.0.0.1:8112"];
+          protocol = "http";
+          # handled by ngnix
+          tls.implicit = false;
+        };
 
         # IMAP
         "imap" = {
@@ -406,11 +406,12 @@ in {
         certificate = "default";
       };
 
-      # TODO(@bpeetz): Configure that <2025-02-07>
-      # http = {
-      #   url = "";
-      #   allowed-endpoint = ["404"];
-      # };
+      http = {
+        url = "protocol + '://' + config_get('server.hostname') + ':' + local_port";
+
+        # We are behind a nginx proxy, and can thus trust this header.
+        use-x-forwarded = true;
+      };
 
       auto-ban = {
         # Ban if the same IP fails to login 10 times in a day
@@ -540,6 +541,11 @@ in {
       };
     };
 
+    authentication.fallback-admin = {
+      user = cfg.admin;
+      secret = cfg.initialAdminPassword;
+    };
+
     certificate = {
       "default" = {
         cert = "%{file:${config.security.acme.certs.${cfg.fqdn}.directory}/fullchain.pem}%";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-12-21 20:14:22 +0000