dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: stalwart proxy with ldap directory

Browse source
This commit is contained in:
danny 2025-09-20 22:55:35 +08:00
parent d7cf0baf67
commit 854caa3742
12 changed files with 229 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

2
home/user/waybar.nix
View file

@ -138,7 +138,7 @@ in
#memory,
#cpu,
#pulseaudio {
font-size: ${toString (osConfig.stylix.fonts.sizes.desktop + 1)}px;
font-size: ${toString (osConfig.stylix.fonts.sizes.desktop)}px;
}
/* Main bar */

39
system/dev/dn-pre7780/default.nix
View file

@ -32,7 +32,12 @@ in
hardware.nvidia.open = lib.mkForce true;
imports = [
./boot.nix # Extra Boot Options
./sops-conf.nix # Secret
./nginx.nix
./mail.nix
./hardware-configuration.nix
../../modules/presets/basic.nix
../../modules/sunshine.nix
@ -43,8 +48,6 @@ in
nvidia-bus-id = "PCI:1:0:0";
})
./boot.nix # Extra Boot Options
./sops-conf.nix # Secret
../../modules/gaming.nix
# ../../modules/secure-boot.nix
../../modules/virtualization.nix
@ -59,37 +62,17 @@ in
];
})
(import ../../modules/stalwart.nix {
enableNginx = true;
domain = "pre7780.dn";
adminPassFile = config.sops.secrets."stalwart/adminPassword".path;
dbPassFile = config.sops.secrets."stalwart/db".path;
acmeConf = {
directory = "https://ca.net.dn/acme/acme/directory";
ca_bundle = "${"" + ../../extra/ca.crt}";
challenge = "dns-01";
origin = "pre7780.dn";
contact = "admin@pre7780.dn";
domains = [
"pre7780.dn"
"mx1.pre7780.dn"
];
default = true;
provider = "rfc2136-tsig";
host = "10.0.0.1";
renew-before = "1d";
port = 5359;
cache = "${config.services.stalwart-mail.dataDir}/acme";
key = "stalwart";
tsig-algorithm = "hmac-sha512";
secret = "%{file:${config.sops.secrets."stalwart/tsig".path}}%";
};
(import ../../modules/nextcloud.nix {
hostname = "nextcloud.pre7780.dn";
configureACME = false;
https = false;
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
trusted = [ "nextcloud.daccc.info" ];
})
../../modules/davinci-resolve.nix
../../modules/webcam.nix
../../modules/postgresql.nix
./nginx.nix
];
# Live Sync D

71
system/dev/dn-pre7780/mail.nix Normal file
View file

@ -0,0 +1,71 @@
{ config, ... }:
let
domain = "daccc.info";
fqdn = "mx1.daccc.info";
in
{
networking.firewall.allowedTCPPorts = [ 8080 ];
imports = [
(import ../../modules/stalwart.nix {
inherit domain;
enableNginx = false;
dkimKey = config.sops.secrets."stalwart/dkimKey".path;
adminPassFile = config.sops.secrets."stalwart/adminPassword".path;
dbPassFile = config.sops.secrets."stalwart/db".path;
acmeConf = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
origin = "${domain}";
contact = "admin@${domain}";
domains = [
domain
fqdn
];
challenge = "dns-01";
cache = "${config.services.stalwart-mail.dataDir}/acme";
default = true;
provider = "cloudflare";
renew-before = "30d";
secret = "%{file:${config.sops.secrets."cloudflare/secret".path}}%";
};
ldapConf = {
type = "ldap";
url = "ldap://10.0.0.1:389";
timeout = "30s";
base-dn = "dc=net,dc=dn";
attributes = {
name = "uid";
email = "mail";
secret = "userPassword";
description = [
"cn"
"description"
];
class = "objectClass";
};
filter = {
name = "(&(objectClass=inetOrgPerson)(uid=?))";
email = "(&(objectClass=inetOrgPerson)(mail=?))";
};
bind = {
dn = "cn=admin,dc=net,dc=dn";
secret = "%{file:${config.sops.secrets."stalwart/ldap".path}}%";
auth = {
method = "lookup";
};
};
};
oidcConf = {
type = "oidc";
timeout = "1s";
endpoint.url = "https://keycloak.net.dn/realms/master/protocol/openid-connect/userinfo";
endpoint.method = "userinfo";
fields = {
email = "email";
username = "preferred_username";
full-name = "name";
};
};
})
];
}

2
system/dev/dn-pre7780/nginx.nix
View file

@ -14,7 +14,7 @@
email = "danny@net.dn";
dnsProvider = "pdns";
dnsPropagationCheck = false;
environmentFile = config.sops.secrets."acme/pdns".path;
# environmentFile = config.sops.secrets."acme/pdns".path;
};
};

10
system/dev/dn-pre7780/secret.yaml
View file

@ -3,7 +3,7 @@ wireguard:
dovecot:
openldap: ENC[AES256_GCM,data:U3YYreEqoh+F0Mrli52jgQowrUqIUPmdQps=,iv:vTjHBFsue+89GOCDigVIktgGSZNZv8A2e3GM80o6TXc=,tag:GGh+hsT+yV/I12meXxflbQ==,type:str]
nextcloud:
adminPassword: ENC[AES256_GCM,data:7rC29qpvDGDZOuW+ONot,iv:+A7yoeys74IRsAR5unH4eHcgjbzF/UKZWY9Q0AVLN7U=,tag:v/KWQH+p0Yh9CIt7sHHDGA==,type:str]
adminPassword: ENC[AES256_GCM,data:8LjI2/vQ9aHQfZSMumnjBw==,iv:1hfhKz58v10JfPgipueQVOtlCgBXwruA00BOkhjuN/E=,tag:y/vqcztye4Xlokpbm/jHiw==,type:str]
openldap:
adminPassword: ENC[AES256_GCM,data:jEGuzgs5QTWfdyJenC3t3g==,iv:StfFOcvbDapnma6eAlpaGiBWnqiD3I/wfQsMBzufol0=,tag:892q7N4KrsSQoZYGy6CQrA==,type:str]
lam:
@ -12,8 +12,12 @@ stalwart:
adminPassword: ENC[AES256_GCM,data:6tUL7b2s3gLtF4Ors9CgYQ==,iv:9UQowgXKr9HR/poELP6SZijp3c2HVTHzEfwf1tZI/3w=,tag:KIOiYEwLsZLH31E2Xb478A==,type:str]
tsig: ENC[AES256_GCM,data:wxsM/dbkW2fNf86b6TsLRNAce19h7mBEuSzFT84aIlaVZA/S29g1U4/CAwD4b+h/XfBgpZQCJf/9yT3yo6dbGAIAk5UgjV2cNY9pO1/uF1T6xoKDgfRZxA==,iv:9BvP8vQkTTEaNgYUPfQcfEMcWqDyD045EPBr7NyHmO4=,tag:coBBAe62kpe/L0S6V8NhXg==,type:str]
db: ENC[AES256_GCM,data:ZRZ2ZzUotYMe2GfkMS7o7dz0aGg=,iv:ys6ogueueESp0y6A+hUG9zTnqmCVobuIzyqA4WVtewo=,tag:p74G+8XhMcpgDnIfh1aXTg==,type:str]
dkimKey: ENC[AES256_GCM,data:oi+XvZ9hMMsgMtFnGPMbVBGagkwQzcPQDi1b0Zd54615V5yuOLHZxpLT5Z3LYlCOQmOcrCaIwn8lQKIZbAuAq6HDUVlNabjgnHeoq3XRIvcswO/B9pljL/22JCZleSrWSBh+WE+RwQIcqUIr0eNerXCUaAQLTE8lYn6mJMa/OoHJJ3R498OGyM/8rbuIMfKj5eqJnctsd9lRWeNmiq7hpQKJ8syLXMsRM9y79NJTPGJrIAJ/5F8SfUJ256/S2N25Cq61pkaXWxTcZzXFgAGU/sa3zsY86BRwEnFEVRMnygJWrVZW/ABYgRjL99r6OBQM8WTFpE8cK9GZTpylTm+QCS9lHsAA2rnUfLTs/09z41klbGSAu5jfokM5jhyFIjmDm9h3hEk4l0F4KTWgQ7avWqGVx4yVPktrVS6eh6W7+I0V6BOUhzH0Pp9xXWwhbFrMPYAYK5MQSLAS5nd3RCQWrxZwWh//ATiWdngUeWPyObxXSTmoV254k230sT39jQmqmTK5zIkOBvokPps9q3nPq1i3UIkSAXo0ZWI+GHiL1rnzJkMMGViugJdGEwUf8nWlYMcYkHmDRUZam6DIxzkf5svtd+kbDTxRa4GzeJrOYizgwDGpD5vRA9u8i7MYBS1Rhw3UVqZ9gkjtv8mqoOkDqVnHVnS2UPtsircecvjHmhu4Tq4hn8phX3F+2I8lhXUIalzPng5zjPGNUcDT+SoCbNeHuSWDDmMYQtzM3/xwae9quP9FXhr9IGGygmFUPGsl3cuxSJ3+Cq9/Hhd7bnTYnxYfv781qTmZsFclMUWNxUJQWLJ+5BQz6u1zW64wh+5SHUGrw7CHFsdgNAKv7YN+GJMNTHOjZr9RTL9R8opDm8Iho5IyQjMP401+DY30mOCq03WKJiC8qehgoaH16ssNV6ZuoHldu2N6JKmiwywgTRq8zQEo8jPnro772CQ9Tg0/5PnkhdlLdphDEIp60IbM+XWqMNwHY57fm6U+81PcgtsoRmI5OklrrhQjv+1aRgz0vRM80FOHMv7kxgEdNkb1x15B4g0ocBXEdLuxJEVaW4uWlP9EIivXOWwaPZf1QjT8ISuUQlFMXvtNj/V3SraW3K1bErJL5JnI16z803kdoAqYijf3IrRK49SKoCq6B2V8yo8iCRod2GFt1P3ADKb/uvJ6iCBSlFRFwiJYr8qu7TPXFCpsoySEmr1edBQdAkzXxFZLDMczHq2BzUo2RPfwtDubG1GMWxzrbZ1T6N3j1+GXiyTX7XuKdpSpFlXtPuJcCIrX4D4xnjv1SqqXEcKJO9oUcdMK6+Eem7wtVDBDDYpWellT+bLmtouvdEgjYE8VG5UGJJ5NpYoJAce9c7RE5/ozuvUH+uMfqfb8igZQlBMl6hbqO7j8m11i+ijS9T6Wu2DCSVIqqBHu8bouz1vyfq8l/whJCl1BkaZtiE5+NLkHoYSOuXGtVvEuXwMhvCWdnkxJtHZxxXQuCcBcVkD9Edg0YTslGv+XUvaYRlfZUqypqYZ9zJ21en9XPK3zafZ5gRLdY0xhXN4OKbGrXXL4cm5jfroTeez9iIL4fJGcA80PRHUGoLfK7ht2z0Lq3U91F4jz5KEhbaDtWDcMryr1Bwb6UXgLrezNM290g8J3GpXLBAdvqDXK79jSdPNqptGYt++VDeCdtA+P3z9K6aMWZzPURkLXxZ1bWy5YXP03MIkUpZWsc5lQmccUiyFe/Y+d9RSAZClmVxsQAY5y90d42EhkrOag06geziV9aaxgr57LdoPJQabD48bIbFFvimhV2DS3Gf/7gFtCXlm9oZiIqSHG+1TMKRp8XVwn6f70d76/Ba5Uiu0EX8V2x0Dsnin6GGynMBFCPKPXssHRe71SfRVxPJrzlLjtfTdPuzW5Q2k/U//z9SWd6Ao3+mzsbTC8MAYGeIzeE4GdsTs4ViEQWg5sSMSfjeKOFfgpTQi20LGomjF4gtTfnchEUBcUAarV6+hT/inYG2SlglyWwr2+LE3Ua5FWRXsZu4tBHcfE0axIb6Ju5KeogPVPo6cNoJCR2XLPNQakB9ONniCxPTW6zOx8h/A2UeIWMgbAn/jNYdd4kFu1IWBAQaZg5kSg1KmSAtnKgFmhb8A0Ope8h5fKfdX5tf0ulW0bjBz+rqNf2FQwcB/ScuEc65LSX+b0bzvIILuZfSRytFQpaQ4svjjA6mP4VIRoPRkkRl+gTEO+Ue4No4VZGE9+YdRFZ7OmtH6S1e5vu1rBiLuTVayHjuSWRu0OmxDiErP6uXPy8Q==,iv:Q5g9kxJKEKLHge2mcgk/UnTNMDFjzeLFLNjlY8KWe60=,tag:yL03NWRK2whOxNjcR3cPyA==,type:str]
ldap: ENC[AES256_GCM,data:ygOPMCNIxvWxE9dPBeKGbA==,iv:t+p1/vjEZNDTw7LcaitzYv2xCPtlf/mmQhqXT1OFKXs=,tag:uPYp259FHZu5fut+Bc9eSA==,type:str]
acme:
pdns: ENC[AES256_GCM,data:+InGSnaGIFVtDRlVltzWbZfquzodHUQrPeMRBnVNB9mrajlKr5dFK6DD8dXAvN7UjZFBfrgZefOPkmLR2ncLXGOV2Kl7jorVw50Y0f0iKl7mqwHaZKaQdk7cpGDkCrt/LvfbP9x7gVrs6pQpsU+c/P5rbBLRyejchh/WtiyzgowYIJxYohggeG09+l7YI3FR6U5wiymIRISpNBGEhwG0q17qdAhdtc49qP/K,iv:JcSlxAwHwU528S7iSpAnSbUZw7iO+LMjR3qGwRHp+Zk=,tag:twf2WOQb/yZ3GtN/hlikMA==,type:str]
cloudflare:
secret: ENC[AES256_GCM,data:tritGdt3bWm/YtfdF2kO8qIBisa2rGF9/Dpl8R79e6REe//YKZFqFg==,iv:UG53JZ55+gDCPJzKjbVaWnpgOdvqcRoDUg8ef9xOV9A=,tag:JD3s28dsA9G2fqtz4soATA==,type:str]
sops:
age:
- recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
@ -25,7 +29,7 @@ sops:
MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w
lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-16T04:39:12Z"
mac: ENC[AES256_GCM,data:yRVAJz73AqlBm6fxeTehfSqlTLyRYIsPjC/5igpnGC8URUiK66SUtHJSE3196AaPV+CWJrxrXfNWoCmZsP85Rr5V9nw31ZF1boaAc0YzRQBxVmBBlAK7+9Z5KADShAetYNwk9qtCrXd6S8mCwmZjNJaN/Rthy3hchxzAB0/79R4=,iv:QeNUZfmnCx4QF/0wjU/JJRu6umNFC/weW2BJx+7OaPo=,tag:KsityLnPYhugFL4c6wrs6Q==,type:str]
lastmodified: "2025-09-20T11:44:16Z"
mac: ENC[AES256_GCM,data:ZNSn4h4r1d+9YBBpjJfI+AsYGOcC8r+A61KmmRf9JfyQiI0U8Le9C+ut45YQCMW3Q57a5q8NUN1GA72iCaXUk00UuESl4ybuqotrs0SVQ/QUbQCCANkItFck7XiNJ3AJY2zbWT09tI4FlnoW/ZHXMlSiPvo+hzCAEtAaM83JpIs=,iv:QKDsRjrJ7AVOY8TZm9O/g1vc81WD8xLYFBS9A/pfxZE=,tag:IMhI59NUHKH52Rs06TTZYg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

64
system/dev/dn-pre7780/sops-conf.nix
View file

@ -1,9 +1,15 @@
{ config, lib, ... }:
let
inherit (lib) optionalAttrs;
in
{
sops = {
secrets = {
"wireguard/conf" = { };
"nextcloud/adminPassword" = { };
"nextcloud/adminPassword" = lib.mkIf config.services.nextcloud.enable {
owner = "nextcloud";
group = "nextcloud";
};
"openldap/adminPassword" = lib.mkIf config.services.openldap.enable {
owner = config.users.users.openldap.name;
group = config.users.users.openldap.group;
@ -16,35 +22,37 @@
mode = "0660";
};
"stalwart/adminPassword" =
let
inherit (config.users.users.stalwart-mail) name group;
in
lib.mkIf config.services.stalwart-mail.enable {
inherit group;
owner = name;
# "acme/pdns" = {
# mode = "0660";
# owner = "acme";
# group = "acme";
# };
}
// (optionalAttrs config.services.stalwart-mail.enable (
let
inherit (config.users.users.stalwart-mail) name group;
owner = name;
in
{
"stalwart/adminPassword" = {
inherit group owner;
};
"stalwart/tsig" =
let
inherit (config.users.users.stalwart-mail) name group;
in
lib.mkIf config.services.stalwart-mail.enable {
inherit group;
owner = name;
"stalwart/tsig" = {
inherit group owner;
};
"stalwart/db" =
let
inherit (config.users.users.stalwart-mail) name group;
in
lib.mkIf config.services.stalwart-mail.enable {
inherit group;
owner = name;
"stalwart/db" = {
inherit group owner;
};
"acme/pdns" = {
mode = "0660";
owner = "acme";
group = "acme";
};
};
"stalwart/dkimKey" = {
inherit group owner;
};
"cloudflare/secret" = {
inherit group owner;
};
"stalwart/ldap" = {
inherit group owner;
};
}
));
};
}

4
system/dev/dn-server/default.nix
View file

@ -56,6 +56,7 @@ in
hostname = "nextcloud.net.dn";
dataBackupPath = "/mnt/backup_dn";
dbBackupPath = "/mnt/backup_dn";
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
})
(import ../../modules/vaultwarden.nix {
domain = "bitwarden.net.dn";
@ -95,6 +96,7 @@ in
mail-server = {
enable = true;
configuraACME = true;
mailDir = "~/Maildir";
caFile = "" + ../../extra/ca.crt;
virtualMailDir = "/var/mail/vhosts";
@ -127,7 +129,7 @@ in
../../../home/user/config.nix
../../../home/user/direnv.nix
../../../home/user/environment.nix
../../../home/user/nvf.nix
../../../home/user/nvf
../../../home/user/shell.nix
../../../home/user/tmux.nix
../../../home/user/yazi.nix

7
system/dev/dn-server/services.nix
View file

@ -62,6 +62,7 @@ let
allowedIPs = [ "10.0.0.8/32" ];
}
];
meshRoute = [
{
# pre7780.dn
@ -150,6 +151,12 @@ let
publicKey = "K6Pd69/Hfu4ceCAp/JbeEL2QQ+/4ohugW1lAOxHFKDA=";
allowedIPs = [ "10.0.0.147/32" ];
}
{
# GCP
dns = "gcp";
publicKey = "5th0G9c7vHrhcByvPJAbrn2LXjLPqDEMsHzda0FGUTQ=";
allowedIPs = [ "10.0.0.148/32" ];
}
];
in
{

5
system/modules/mail-server/default.nix
View file

@ -7,6 +7,11 @@ with lib;
{
options.mail-server = {
enable = mkEnableOption "mail-server";
configureACME = mkEnableOption "Enable auto configuration of ACME" // {
default = false;
};
caFile = mkOption {
type = types.path;
default = config.security.pki.caBundle;

2
system/modules/mail-server/server.nix
View file

@ -34,7 +34,7 @@ let
in
{
config = mkIf cfg.enable {
security.acme.certs = {
security.acme.certs = mkIf cfg.configureACME {
"${config.services.postfix.settings.main.myhostname}" = {
dnsProvider = null;
webroot = "/var/lib/acme/acme-challenge";

17
system/modules/nextcloud.nix
View file

@ -1,9 +1,12 @@
{
hostname,
adminpassFile,
datadir ? null,
dataBackupPath ? null,
dbBackupPath ? null,
https ? true,
configureACME ? true,
trusted ? [ ],
}:
{
config,
@ -12,6 +15,10 @@
...
}:
let
inherit (lib) mkIf;
enableBackup = dataBackupPath != null || dbBackupPath != null;
nextcloudPkg = pkgs.nextcloud31.overrideAttrs (oldAttr: rec {
caBundle = config.security.pki.caBundle;
postPatch = ''
@ -77,13 +84,15 @@ in
database.createLocally = true;
config = {
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
adminpassFile = adminpassFile;
dbtype = "pgsql";
};
settings = {
allow_local_remote_servers = true;
log_type = "syslog";
trusted_proxies = trusted;
trusted_domains = trusted;
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
@ -102,7 +111,7 @@ in
};
};
services.nginx.virtualHosts.${hostname} = {
services.nginx.virtualHosts.${hostname} = mkIf configureACME {
enableACME = true;
forceSSL = true;
};
@ -112,7 +121,7 @@ in
];
systemd = {
timers = lib.mkIf (dataBackupPath != null || dbBackupPath != null) {
timers = lib.mkIf enableBackup {
"nextcloud-backup" = {
enable = true;
description = "Nextcloud backup";
@ -127,7 +136,7 @@ in
};
};
services."nextcloud-backup" = lib.mkIf (dataBackupPath != null || dbBackupPath != null) {
services."nextcloud-backup" = lib.mkIf enableBackup {
enable = true;
serviceConfig = {
User = "nextcloud";

93
system/modules/stalwart.nix
View file

@ -1,6 +1,9 @@
{
adminPassFile,
dbPassFile,
dkimKey,
ldapConf,
oidcConf,
domain ? null,
acmeConf ? null,
enableNginx ? true,
@ -12,6 +15,17 @@
}:
let
inherit (lib) mkIf;
logFilePath = "${config.services.stalwart-mail.dataDir}/logs";
mkCondition = (
condition: ithen: ielse: [
{
"if" = condition;
"then" = ithen;
}
{ "else" = ielse; }
]
);
in
{
services.postgresql = {
@ -27,13 +41,23 @@ in
];
};
systemd.tmpfiles.rules =
let
inherit (config.users.users.stalwart-mail) name group;
in
[
"d ${logFilePath} 0750 ${name} ${group} - "
];
services.stalwart-mail = {
enable = true;
openFirewall = true;
settings = {
server = {
hostname = if (domain != null) then "mx1.${domain}" else config.networking.fqdn;
auto-ban.scan.rate = "1000/1d";
proxy = {
trusted-networks = [ "10.0.0.148" ];
};
tls = {
enable = true;
implicit = true;
@ -42,56 +66,76 @@ in
smtp = {
protocol = "smtp";
bind = "[::]:25";
proxy_protocol = true;
};
submission = {
protocol = "smtp";
bind = "[::]:587";
proxy_protocol = true;
};
submissions = {
protocol = "smtp";
bind = "[::]:465";
tls.implicit = true;
proxy_protocol = true;
};
imaps = {
protocol = "imap";
bind = "[::]:993";
tls.implicit = true;
proxy_protocol = true;
};
management = {
protocol = "http";
bind = [ "127.0.0.1:8080" ];
bind = [
"10.0.0.130:8080"
"127.0.0.1:8080"
];
proxy_protocol = true;
};
};
};
lookup.default = {
hostname = "mx1.${domain}";
domain = "${domain}";
};
acme."step-ca" = mkIf (acmeConf != null) acmeConf;
acme."letsencrypt" = mkIf (acmeConf != null) acmeConf;
session.auth = {
mechanisms = "[plain]";
directory = "'in-memory'";
require = true;
allow-plain-text = true;
mechanisms = "[PLAIN LOGIN OAUTHBEARER]";
directory = mkCondition "listener != 'smtp'" "'ldap'" false;
require = mkCondition "listener != 'smtp'" true false;
};
storage.data = "db";
store."db" = {
type = "postgresql";
host = "localhost";
port = 5432;
database = "stalwart";
user = "stalwart";
password = "%{file:${dbPassFile}}%";
session.rcpt = {
relay = mkCondition "!is_empty(authenticated_as)" true false;
directory = "'*'";
};
directory = {
"imap".lookup.domains = [ domain ];
"in-memory" = {
type = "memory";
principals = [
{
name = "admin";
class = "admin";
name = "danny";
class = "individual";
secret = "%{file:${adminPassFile}}%";
email = [ "admin@${domain}" ];
email = [ "danny@${domain}" ];
}
{
name = "postmaster";
class = "individual";
secret = "%{file:${adminPassFile}}%";
email = [ "postmaster@${domain}" ];
}
];
};
"ldap" = ldapConf;
imap.lookup.domains = [
domain
];
"oidc" = oidcConf;
};
authentication.fallback-admin = {
user = "admin";
@ -100,7 +144,16 @@ in
tracer."stdout" = {
enable = true;
type = "console";
level = "debug";
level = "trace";
};
tracer."file" = {
enable = true;
type = "log";
level = "trace";
ansi = true;
path = logFilePath;
prefix = "stalwart.log";
rotate = "daily";
};
};
};