feat(*): initialize new Snix infrastructure

Co-Authored-By: edef <edef@edef.eu> Co-Authored-by: Ryan Lahfa <raito@lix.systems> Change-Id: Ica1cda177a236814de900f50a8a61d288f58f519
2025-01-06 01:06:47 +01:00 · 2025-01-06 01:06:47 +01:00 · a52ea3675c
commit a52ea3675c
parent 067eff3427
124 changed files with 27723 additions and 1631 deletions
--- a/ops/modules/www/mail.snix.dev.nix
+++ b/ops/modules/www/mail.snix.dev.nix
@ -0,0 +1,25 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+    # Listen on a special IPv4 & IPv6 specialized for mail. 
+    # This NGINX has only one role: obtain TLS/SSL certificates for the mailserver. 
+    # All the TLS, IMAP, SMTP stuff is handled directly by the mailserver runtime. 
+    # This is why you will not see any `stream { }` block here.
+    services.nginx.virtualHosts.stalwart = {
+      serverName = "mail.snix.dev";
+      enableACME = true;
+      forceSSL = true;
+
+      listenAddresses = [
+        "127.0.0.2"
+        "49.12.112.149"
+        "[2a01:4f8:c013:3e62::2]"
+      ];
+    };
+  };
+}