Revert "Final attempt at getting stalwart working before revert"

This reverts commit fbcd590bfe.

nix/modules/nixos/infrastructure/mailserver/acme.nix

@@ -19,7 +19,6 @@ in
     services.stalwart-mail.settings = {
       certificate.default = {
         cert = "%{file:${acmeDir}/fullchain.pem}%";
-        default = true;
         private-key = "%{file:${config.security.acme.certs.${fqdn}.directory}/key.pem}%";
       };
     };

nix/modules/nixos/infrastructure/mailserver/default.nix

@@ -36,34 +36,8 @@ in
       enable = true;
       package = pkgs.callPackage ./package/package.nix { };
       settings = {
-        config = {
-          local-keys =
-            # defaults
-            [
-              "store.*"
-              "directory.*"
-              "tracer.*"
-              "!server.blocked-ip.*"
-              "!server.allowed-ip.*"
-              "server.*"
-              "authentication.fallback-admin.*"
-              "cluster.*"
-              "config.local-keys.*"
-              "storage.data"
-              "storage.blob"
-              "storage.lookup"
-              "storage.fts"
-              "storage.directory"
-              "certificate.*"
-            ]
-            # KHS addded
-            ++ [
-              "http.*"
-              "lookup.default.*"
-            ];
-        };
         http = {
-          url = "'https://${fqdn}'";
+          url = "https://${fqdn}";
           use-x-forwarded = true;
         };
         server = {
@@ -89,9 +63,13 @@ in
               protocol = "imap";
               tls.implicit = true;
             };
-            management = {
+            jmap = {
               bind = "[::]:8080";
               url = "https://${fqdn}";
+              protocol = "jmap";
+            };
+            management = {
+              bind = "[::]:8080";
               protocol = "http";
             };
           };
@@ -100,6 +78,7 @@ in
           hostname = fqdn;
           domain = "kaareskovgaard.net";
         };
+        spam-filter.resource = "${config.services.stalwart-mail.package.spam-filter}/spam-filter.toml";
       };
     };
     # TODO: Include a similiar rule for openstack

nix/modules/nixos/infrastructure/mailserver/dkim.nix

@@ -213,10 +213,6 @@ in
       ]) cfg.domains
     );
     services.stalwart-mail.settings = {
-      config.local-keys = [
-        "auth.*"
-        "signature.*"
-      ];
       auth.dkim = {
         sign = authDkim ++ [
           (otherwise false)

nix/modules/nixos/infrastructure/mailserver/ldap.nix

@@ -17,9 +17,6 @@ in
 
   config = lib.mkIf cfg.enable {
     services.stalwart-mail.settings = {
-      config.local-keys = [
-        "storage.ldap.*"
-      ];
       storage = {
         directory = "ldap";
       };

nix/modules/nixos/infrastructure/mailserver/openid-connect.nix

@@ -5,43 +5,41 @@ let
 in
 {
   config = lib.mkIf cfg.enable {
-    services.stalwart-mail.settings = {
+    # khscodes.services.vault-agent.templates = [
-      tracer.stdout.level = "trace";
+    #   {
-      directory.oidc = {
+    #     contents = ''
-        type = "oidc";
+    #       {{- with secret "kanidm/data/apps/dovecot" -}}
-        url = "ldaps://login.kaareskovgaard.net";
+    #       scope = email openid profile
-        timeout = "1s";
+    #       username_attribute = username
-        endpoint.url = "https://login.kaareskovgaard.net/oauth2/openid/dovecot/userinfo";
+    #       debug = yes
-        endpoint.method = "userinfo";
+    #       introspection_url = https://dovecot:{{ .Data.data.basic_secret }}@login.kaareskovgaard.net/oauth2/token/introspect
-        auth.method = "user-token";
+    #       introspection_mode = post
-        auth.username = "dovecot";
+    #       {{- end -}}
-        auth.secret = "%{file:${oauthConfigFile}}%";
+    #     '';
-        fields.email = "email";
+    #     destination = oauthConfigFile;
-        fields.username = "preferred_username";
+    #     perms = "0600";
-        fields.full-name = "name";
+    #     owner = "root";
-      };
+    #     group = "root";
-    };
+    #     restartUnits = [ "dovecot2.service" ];
-    khscodes.services.vault-agent.templates = [
+    #   }
-      {
+    # ];
-        contents = ''
+    # services.dovecot2.extraConfig = ''
-          {{- with secret "kanidm/data/apps/dovecot" -}}
+    #   auth_mechanisms = $auth_mechanisms oauthbearer xoauth2
-          {{ .Data.data.basic_secret }}@login.kaareskovgaard.net/oauth2/token/introspect
+
-          {{- end -}}
+    #   passdb {
-        '';
+    #     driver = oauth2
-        destination = oauthConfigFile;
+    #     mechanisms = xoauth2 oauthbearer
-        perms = "0600";
+    #     args = ${oauthConfigFile}
-        owner = "stalwart-mail";
+    #   }
-        group = "stalwart-mail";
+    # '';
-        restartUnits = [ "stalwart-mail.service" ];
+    # systemd.services.dovecot2 = {
-      }
+    #   serviceConfig.ReadOnlyPaths = [
-    ];
+    #     oauthConfigFile
-    systemd.services.stalwart-mail = {
+    #   ];
-      serviceConfig.ReadOnlyPaths = [
+    #   unitConfig.ConditionPathExists = [
-        oauthConfigFile
+    #     oauthConfigFile
-      ];
+    #   ];
-      unitConfig.ConditionPathExists = [
+    # };
-        oauthConfigFile
+
-      ];
-    };
   };
 }

nix/modules/nixos/infrastructure/mailserver/package/nixos-module.nix

@@ -1,5 +1,4 @@
-# This file contains patches for Nixos 25.05 to be compatible with new stalwart mail.
+# This file contains patches for Nixos 25.05 to be compatible with new stalwart mail
-# Also some minor patches to avoid having warnings on startup
 {
   lib,
   config,
@@ -11,17 +10,6 @@ let
   configFile = configFormat.generate "stalwart-mail.toml" config.services.stalwart-mail.settings;
 in
 {
-  services.stalwart-mail.settings = {
-    config.local-keys = [
-      "spam-filter.resource"
-    ]
-    ++ [
-      # I think these maybe should be added to nixpkgs?
-      "resolver.*"
-      "webadmin.*"
-    ];
-    spam-filter.resource = "file://${config.services.stalwart-mail.package.spam-filter}/spam-filter.toml";
-  };
   systemd.services.stalwart-mail = lib.mkIf config.services.stalwart-mail.enable {
     serviceConfig = {
       User = "stalwart-mail";
@@ -30,7 +18,6 @@ in
         ""
         "${lib.getExe config.services.stalwart-mail.package} --config=${configFile}"
       ];
-      ReadOnlyPaths = [ "${config.services.stalwart-mail.package.spam-filter}/spam-filter.toml" ];
     };
   };
 }

nix/modules/nixos/infrastructure/mailserver/prometheus.nix

@@ -5,11 +5,8 @@ let
 in
 {
   config = lib.mkIf cfg.enable {
-    services.stalwart-mail.settings = {
+    services.stalwart-mail.settings.metrics.prometheus = {
-      config.local-keys = [ "metrics.prometheus.*" ];
+      enable = true;
-      metrics.prometheus = {
-        enable = true;
-      };
     };
     # Don't expose the endpoint
     khscodes.services.nginx.virtualHosts."${fqdn}".locations."=/metrics/prometheus" = {

nix/systems/aarch64-linux/mx.kaareskovgaard.net/default.nix

@@ -74,8 +74,6 @@
       $config['oauth_identity_uri'] = 'https://login.kaareskovgaard.net/oauth2/openid/dovecot/userinfo';
       $config['oauth_identity_fields'] = ['preferred_username'];
       $config['oauth_scope'] = 'email openid profile';
-      # Don't show login dialog, just redirect to oauth login page
-      # $config['oauth_login_redirect'] = true;
     '';
   };
   khscodes.services.nginx = {