stalwart

Integrated solution for email, calendaring and file management

Options

services.stalwart-mail

services.stalwart-mail.credentials

Credentials envs used to configure Stalwart-Mail secrets. These secrets can be accessed in configuration values with the macros such as %{file:/run/credentials/stalwart-mail.service/VAR_NAME}%.

Type:: attribute set of string
Default:: { }

services.stalwart-mail.dataDir

Data directory for stalwart

Type:: absolute path
Default:: "/var/lib/stalwart-mail"

services.stalwart-mail.enable

Whether to enable the Stalwart all-in-one email server.

Type:: boolean
Default:: false

services.stalwart-mail.openFirewall

Whether to open TCP firewall ports, which are specified in {option}services.stalwart-mail.settings.server.listener on all interfaces.

Type:: boolean
Default:: false

services.stalwart-mail.package

The stalwart-mail package to use.

Type:: package
Default:: pkgs.stalwart-mail

services.stalwart-mail.settings

Configuration options for the Stalwart email server. See https://stalw.art/docs/category/configuration for available options.

By default, the module is configured to store everything locally.

Type:: TOML value
Default:: { }

Examples

Enable Stalwart Mail Server

{ pkgs, lib, ... }:

let
  certs = import ../common/acme/server/snakeoil-certs.nix;
  domain = certs.domain;
in
{
  security.pki.certificateFiles = [ certs.ca.cert ];

  services.stalwart-mail = {
    enable = true;
    settings = {
      server.hostname = domain;

      certificate."snakeoil" = {
        cert = "%{file:${certs.${domain}.cert}}%";
        private-key = "%{file:${certs.${domain}.key}}%";
      };

      server.tls = {
        certificate = "snakeoil";
        enable = true;
        implicit = false;
      };

      server.listener = {
        "smtp-submission" = {
          bind = [ "[::]:587" ];
          protocol = "smtp";
        };

        "imap" = {
          bind = [ "[::]:143" ];
          protocol = "imap";
        };

        "http" = {
          bind = [ "[::]:80" ];
          protocol = "http";
        };
      };

      session.auth.mechanisms = "[plain]";
      session.auth.directory = "'in-memory'";
      storage.directory = "in-memory";

      storage.data = "rocksdb";
      storage.fts = "rocksdb";
      storage.blob = "rocksdb";
      storage.lookup = "rocksdb";

      session.rcpt.directory = "'in-memory'";
      queue.outbound.next-hop = "'local'";

      store."rocksdb" = {
        type = "rocksdb";
        path = "/var/lib/stalwart-mail/data";
        compression = "lz4";
      };

      directory."in-memory" = {
        type = "memory";
        principals = [
          {
            class = "individual";
            name = "alice";
            secret = "foobar";
            email = [ "alice@${domain}" ];
          }
          {
            class = "individual";
            name = "bob";
            secret = "foobar";
            email = [ "bob@${domain}" ];
          }
        ];
      };
    };
  };

}

    
    
  

This project is funded by NLnet through these subgrants: