From 5e272879e527188db912bc7816efd98d2b3dee51 Mon Sep 17 00:00:00 2001
From: Stefan Kempinger <kempinger@ins.jku.at>
Date: Wed, 18 Feb 2026 01:05:05 +0100
Subject: [PATCH] fix jmap setup

---
 heimserver/configuration.nix | 38 +++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix
index c244737..b37ace2 100644
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@@ -102,14 +102,14 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at"
     ];
   };
-  
+
   users.users."stalwart-mail".extraGroups = [
-      "acme"
-    ];
-  
+    "acme"
+  ];
+
   users.users."nginx".extraGroups = [
-      "acme"
-    ];
+    "acme"
+  ];
 
   users.users.immich.extraGroups = [
     "video"
@@ -206,17 +206,19 @@
     virtualHosts."webadmin.kempinger.at" = {
       forceSSL = true;
       useACMEHost = "webadmin.kempinger.at";
-      #acmeRoot = null;
       serverAliases = [
         "mta-sts.kempinger.at"
         "autoconfig.kempinger.at"
         "autodiscover.kempinger.at"
-        "mail.kempinger.at"
         "imap.kempinger.at"
         "mx1.kempinger.at"
+        "mail.kempinger.at"
       ];
       locations."/" = {
         proxyPass = "http://127.0.0.1:8090";
+      };      
+      locations."/jmap" = {
+        proxyPass = "http://127.0.0.1:8091/jmap";
       };
     };
     virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
@@ -842,7 +844,7 @@
     openFirewall = true;
     settings = {
       server = {
-        hostname = "mx1.kempinger.at";
+        hostname = "mail.kempinger.at";
         tls = {
           enable = true;
           implicit = true;
@@ -858,12 +860,12 @@
             tls.implicit = true;
           };
           imaps = {
-            bind = "[::]:993";
+            bind = "192.168.69.69:993";
             protocol = "imap";
             tls.implicit = true;
           };
           jmap = {
-            bind = "0.0.0.0:8091";
+            bind = "127.0.0.1:8091";
             url = "https://mail.kempinger.at";
             protocol = "http";
           };
@@ -873,16 +875,20 @@
           };
         };
       };
-      resolver.type = "custom";
-      resolver.custom = [ "udp://127.0.0.1:53" ];
+      resolver = {
+        type = "custom";
+        custom = [ "udp://127.0.0.1:53" ];
+      };
+
+      http.base-url = "'https://' + config_get('server.hostname')";
 
       certificate."default" = {
         cert = "%{file:${config.security.acme.certs."webadmin.kempinger.at".directory}/fullchain.pem}%";
         private-key = "%{file:${config.security.acme.certs."webadmin.kempinger.at".directory}/key.pem}%";
       };
-      
+
       lookup.default = {
-        hostname = "mx1.kempinger.at";
+        hostname = "mail.kempinger.at";
         domain = "kempinger.at";
       };
 
@@ -894,7 +900,7 @@
       # };
     };
   };
-  
+
   services.snowflake-proxy = {
     enable = true;
     capacity = 50;