From 2832f7b608a1b0fc6afefe7b84e6f6b322b936f4 Mon Sep 17 00:00:00 2001
From: twoneis <sanjay29@sapura.de>
Date: Wed, 26 Feb 2025 01:22:34 +0100
Subject: [PATCH] tried stream config, this doesn't work still

---
 devices/ellaca/options.nix |  2 +-
 modules/mail/default.nix   | 65 ++++++++++++++++++++++++--------------
 2 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/devices/ellaca/options.nix b/devices/ellaca/options.nix
index 94fe243..6053270 100644
--- a/devices/ellaca/options.nix
+++ b/devices/ellaca/options.nix
@@ -2,7 +2,7 @@
   conf = {
     ssh.enable = true;
     nginx.enable = true;
-    mail.enable = false; # broken
+    mail.enable = true; # broken
     website.enable = true;
     fedi.enable = true;
     matrix.enable = true;
diff --git a/modules/mail/default.nix b/modules/mail/default.nix
index c96e075..a5c0a16 100644
--- a/modules/mail/default.nix
+++ b/modules/mail/default.nix
@@ -2,20 +2,39 @@
   inherit (config) conf;
   inherit (lib) mkIf;
 in mkIf conf.mail.enable {
-  services.nginx = {
-    virtualHosts = {
-      "webadmin.chpu.eu" = {
-        useACMEHost = "chpu.eu";
-        forceSSL = true;
-        serverAliases = [
-          "mta-sts.chpu.eu"
-          "autoconfig.chpu.eu"
-          "autodiscover.chpu.eu"
-        ];
-        locations."/".proxyPass = "http://localhost:9090";
-      };
-    };
-  };
+  services.nginx.streamConfig = ''
+    # Proxy SMTP
+    server {
+      server_name chpu.eu mail.chpu.eu;
+      listen 25 proxy_protocol;
+      proxy_pass 127.0.0.1:10025;
+      proxy_protocol on;
+    }
+
+    # Proxy IMAPS
+    server {
+      server_name chpu.eu mail.chpu.eu;
+      listen 993 proxy_protocol;
+      proxy_pass 127.0.0.1:10993;
+      proxy_protocol on;
+    }
+
+    # Proxy SMTPS
+    server {
+      server_name chpu.eu mail.chpu.eu;
+      listen 465 proxy_protocol;
+      proxy_pass 127.0.0.1:10465;
+      proxy_protocol on;
+    }
+
+    # Proxy HTTPS
+    server {
+      server_name chpu.eu mail.chpu.eu;
+      listen 443 proxy_protocol;
+      proxy_pass 127.0.0.1:10443;
+      proxy_protocol on;
+    }
+  '';
 
   users.users."stalwart-mail".extraGroups = [ "nginx" ];
 
@@ -34,27 +53,27 @@ in mkIf conf.mail.enable {
           enable = true;
           implicit = true;
         };
+        proxy.trusted-networks = [
+          "127.0.0.0/8"
+          "::1"
+          "10.0.0.0/8"
+        ];
         listener = {
           submissions = {
             protocol = "smtp";
-            bind = "[::]:465";
+            bind = "127.0.0.1:10465";
           };
           smtp = {
             protocol = "smtp";
-            bind = "[::]:25";
+            bind = "127.0.0.1:10025";
           };
           imaps = {
             protocol = "imap";
-            bind = "[::]:993";
-          };
-          jmap = {
-            protocol = "http";
-            bind = "[::]:8080";
-            url = "https://mail.chpu.eu";
+            bind = "127.0.0.1:10993";
           };
           management = {
             protocol = "http";
-            bind = [ "127.0.0.1:9090" ];
+            bind = [ "127.0.0.1:10443" ];
           };
         };
       };