fix jmap setup

2026-02-18 01:05:05 +01:00 · 2026-02-18 01:05:05 +01:00 · 40642acf03
commit 40642acf03
parent 6ede343e56
1 changed files with 26 additions and 20 deletions
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@ -102,14 +102,14 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at"
    ];
  };
-  
+
  users.users."stalwart-mail".extraGroups = [
-      "acme"
-    ];
-  
+    "acme"
+  ];
+
  users.users."nginx".extraGroups = [
-      "acme"
-    ];
+    "acme"
+  ];

  users.users.immich.extraGroups = [
    "video"
@ -206,17 +206,19 @@
    virtualHosts."webadmin.kempinger.at" = {
      forceSSL = true;
      useACMEHost = "webadmin.kempinger.at";
-      #acmeRoot = null;
      serverAliases = [
        "mta-sts.kempinger.at"
        "autoconfig.kempinger.at"
        "autodiscover.kempinger.at"
-        "mail.kempinger.at"
        "imap.kempinger.at"
        "mx1.kempinger.at"
+        "mail.kempinger.at"
      ];
      locations."/" = {
        proxyPass = "http://127.0.0.1:8090";
+      };      
+      locations."/jmap" = {
+        proxyPass = "http://127.0.0.1:8091/jmap";
      };
    };
    virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
@ -842,7 +844,7 @@
    openFirewall = true;
    settings = {
      server = {
-        hostname = "mx1.kempinger.at";
+        hostname = "mail.kempinger.at";
        tls = {
          enable = true;
          implicit = true;
@ -858,12 +860,12 @@
            tls.implicit = true;
          };
          imaps = {
-            bind = "[::]:993";
+            bind = "192.168.69.69:993";
            protocol = "imap";
            tls.implicit = true;
          };
          jmap = {
-            bind = "0.0.0.0:8091";
+            bind = "127.0.0.1:8091";
            url = "https://mail.kempinger.at";
            protocol = "http";
          };
@ -873,28 +875,32 @@
          };
        };
      };
-      resolver.type = "custom";
-      resolver.custom = [ "udp://127.0.0.1:53" ];
+      resolver = {
+        type = "custom";
+        custom = [ "udp://127.0.0.1:53" ];
+      };
+
+      http.base-url = "'https://' + config_get('server.hostname')";

      certificate."default" = {
        cert = "%{file:${config.security.acme.certs."webadmin.kempinger.at".directory}/fullchain.pem}%";
        private-key = "%{file:${config.security.acme.certs."webadmin.kempinger.at".directory}/key.pem}%";
      };
-      
+
      lookup.default = {
-        hostname = "mx1.kempinger.at";
+        hostname = "mail.kempinger.at";
        domain = "kempinger.at";
      };

      session.rcpt.directory = "'internal'";
      directory."imap".lookup.domains = [ "kempinger.at" ];
-      # authentication.fallback-admin = {
-      #   user = "admin";
-      #   secret = "bcrypt-hash";
-      # };
+      authentication.fallback-admin = {
+        user = "admin";
+        secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW";
+      };
    };
  };
-  
+
  services.snowflake-proxy = {
    enable = true;
    capacity = 50;