fix(ops): delete email config for now

We don't have an email server configured (yet), we can resurrect it once we do. Change-Id: I568075154c6169d031462f39b43ce5897a754f19 Reviewed-on: https://cl.snix.dev/c/snix/+/30109 Autosubmit: Florian Klink <flokli@flokli.de> Tested-by: besadii Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-03-18 17:36:11 +00:00 · 2025-03-18 17:36:11 +00:00 · 9e7cadeded
commit 9e7cadeded
parent ebc924d492
5 changed files with 0 additions and 146 deletions
--- a/ops/modules/stalwart.nix
+++ b/ops/modules/stalwart.nix
@ -1,83 +0,0 @@
-# Stalwart is an all-in-one mailserver in Rust.
-# https://stalw.art/
-{ config, lib, ... }:
-let
-  inherit (lib) mkOption mkEnableOption mkIf types;
-  cfg = config.services.depot.stalwart;
-  certs = config.security.acme.certs.${cfg.mailDomain} or (throw "NixOS-level ACME was not enabled for `${cfg.mailDomain}`: mailserver cannot autoconfigure!");
-  mkBind = port: ip: "${ip}:${toString port}";
-in
-{
-  options.services.depot.stalwart = {
-    enable = mkEnableOption "Stalwart Mail server";
-
-    listenAddresses = mkOption {
-      type = types.listOf types.str;
-      default = [
-        "49.12.112.149"
-        "[2a01:4f8:c013:3e62::2]"
-      ];
-    };
-
-    mailDomain = mkOption {
-      type = types.str;
-      description = "The email domain, i.e. the part after @";
-      example = "snix.dev";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # Open only from the listen addresses.
-    networking.firewall.allowedTCPPorts = [ 25 587 143 443 ];
-    services.stalwart-mail = {
-      enable = true;
-      settings = {
-        certificate.letsencrypt = {
-          cert = "file://${certs.directory}/fullchain.pem";
-          private-key = "file://${certs.directory}/key.pem";
-        };
-        server = {
-          hostname = cfg.mailDomain;
-          tls = {
-            certificate = "letsencrypt";
-            enable = true;
-            implicit = false;
-          };
-          listener = {
-            smtp = {
-              bind = map (mkBind 587) cfg.listenAddresses;
-              protocol = "smtp";
-            };
-            imap = {
-              bind = map (mkBind 143) cfg.listenAddresses;
-              protocol = "imap";
-            };
-            mgmt = {
-              bind = map (mkBind 443) cfg.listenAddresses;
-              protocol = "https";
-            };
-          };
-        };
-        session = {
-          rcpt = {
-            directory = "in-memory";
-            # Allow this server to be used as a relay for authenticated principals.
-            relay = [
-              { "if" = "!is_empty(authenticated_as)"; "then" = true; }
-              { "else" = false; }
-            ];
-          };
-          auth = {
-            mechanisms = [ "PLAIN" ];
-            directory = "in-memory";
-          };
-        };
-        jmap.directory = "in-memory";
-        queue.outbound.next-hop = [ "local" ];
-        directory.in-memory = {
-          type = "memory";
-        };
-      };
-    };
-  };
-}
--- a/ops/modules/www/mail.snix.dev.nix
+++ b/ops/modules/www/mail.snix.dev.nix
@ -1,25 +0,0 @@
-{ config, ... }:
-
-{
-  imports = [
-    ./base.nix
-  ];
-
-  config = {
-    # Listen on a special IPv4 & IPv6 specialized for mail. 
-    # This NGINX has only one role: obtain TLS/SSL certificates for the mailserver. 
-    # All the TLS, IMAP, SMTP stuff is handled directly by the mailserver runtime. 
-    # This is why you will not see any `stream { }` block here.
-    services.nginx.virtualHosts.stalwart = {
-      serverName = "mail.snix.dev";
-      enableACME = true;
-      forceSSL = true;
-
-      listenAddresses = [
-        "127.0.0.2"
-        "49.12.112.149"
-        "[2a01:4f8:c013:3e62::2]"
-      ];
-    };
-  };
-}