diff options
| author | polwex <polwex@sortug.com> | 2024-09-10 01:59:29 +0700 |
|---|---|---|
| committer | polwex <polwex@sortug.com> | 2024-09-10 01:59:29 +0700 |
| commit | c9424dd1a0a5bddba4b40b08c7afcf0f2f682e28 (patch) | |
| tree | 1daf4c1ff8753741712b571f602e2e3d6c3268b2 | |
| parent | 1f438e0e2e7d1706e9e9dc1e517528e8e90fbeb1 (diff) | |
stalwart init
| -rw-r--r-- | hosts/cloud/bkk/jmap.nix | 77 | ||||
| -rw-r--r-- | hosts/cloud/bkk/nginx.nix | 25 |
2 files changed, 92 insertions, 10 deletions
diff --git a/hosts/cloud/bkk/jmap.nix b/hosts/cloud/bkk/jmap.nix index ec28999..bb1fd90 100644 --- a/hosts/cloud/bkk/jmap.nix +++ b/hosts/cloud/bkk/jmap.nix @@ -8,11 +8,82 @@ in { services.stalwart-mail = { enable = true; settings = { + authentication.fallback-admin = { + user = "admin"; + secret = "xdxdxdxd"; + }; server = { hostname = domain; - run-as = { - user = "y"; - group = "users"; + # run-as = { + # user = "y"; + # group = "users"; + # }; + http.use-x-forwarded = true; + tls = { + enable = true; + certificate = "default"; + implicit = false; + }; + + listener = { + "imap" = { + bind = ["[::]:143"]; + protocol = "imap"; + tls.implicit = false; + }; + "imaps" = { + bind = ["[::]:993"]; + protocol = "imap"; + tls.implicit = true; + }; + "smtp" = { + bind = ["[::]:25"]; + protocol = "smtp"; + tls.implicit = false; + }; + "smtp-sub" = { + bind = ["[::]:587"]; + protocol = "smtp"; + tls.implicit = false; + }; + "smtps-sub" = { + bind = ["[::]:465"]; + protocol = "smtp"; + tls.implicit = true; + }; + "http" = { + bind = ["127.0.0.1:8080"]; + protocol = "http"; + # tls.implicit = true; + }; + "sieve" = { + bind = ["[::]:4190"]; + protocol = "managesieve"; + tls.implicit = true; + }; + }; + session = { + rcpt.directory = "in-memory"; + auth = { + mechanisms = ["PLAIN"]; + directory = "in-memory"; + }; + }; + jmap.directory = "in-memory"; + directory."in-memory" = { + type = "memory"; + users = [ + { + name = "alice"; + secret = "foobar"; + email = ["alice@urbit.men"]; + } + { + name = "bob"; + secret = "foobar"; + email = ["bob@urbit.men"]; + } + ]; }; }; }; diff --git a/hosts/cloud/bkk/nginx.nix b/hosts/cloud/bkk/nginx.nix index b70cb06..c73eaeb 100644 --- a/hosts/cloud/bkk/nginx.nix +++ b/hosts/cloud/bkk/nginx.nix @@ -1,10 +1,13 @@ -{ config, pkgs, ... }: { - +{ + config, + pkgs, + ... +}: { security.acme.acceptTerms = true; security.acme.defaults.email = "security@urbit.cam"; services.nginx = { enable = true; - virtualHosts."u.urbit.men" = { + virtualHosts."u.urbit.men" = { enableACME = true; forceSSL = true; locations."/" = { @@ -19,10 +22,18 @@ chunked_transfer_encoding off; proxy_http_version 1.1; proxy_buffering off; - proxy_cache off; + proxy_cache off; ''; }; - virtualHosts."n.urbit.men" = { + virtualHosts."m.urbit.men" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."n.urbit.men" = { enableACME = true; forceSSL = true; locations."/" = { @@ -37,7 +48,7 @@ chunked_transfer_encoding off; proxy_http_version 1.1; proxy_buffering off; - proxy_cache off; + proxy_cache off; ''; }; # virtualHosts."t.urbit.men" = { @@ -55,7 +66,7 @@ # chunked_transfer_encoding off; # proxy_http_version 1.1; # proxy_buffering off; - # proxy_cache off; + # proxy_cache off; # ''; # }; }; |