Stalwart: Difference between revisions

Line 361:

Adapt the variables <code>DOMAIN</code>, <code>SUBDOMAIN</code>, and <code>PORT</code> according to your needs. The variable <code>ACME_PROVIDER_ID</code> corresponds to the ACME profile name you've setup in the Stalwart webadmin interface. <code>EnvironmentFile</code> points to a file containing the secret Cloudflare api token in the format: TOKEN=12345678[...].

==== deSEC.io ====

In case you want to update your TLSA records at deSEC you can use [https://codeberg.org/Cameo007/dyndns-tlsa-desec dyndns-tlsa-desec] ('''install via flake''') which checks your existing records and updates them if necessary. The certificate and key are taken from the specified directory (like your [[ACME]] directory)

It defaults to <code>3 1 1</code> but you can choose other values as described [[wikipedia:DNS-based_Authentication_of_Named_Entities#RR_data_fields|here]].<syntaxhighlight lang="nixos">

services.dyndns-tlsa-desec = {

enable = true;

api_token_file = config.age.secrets.dyndns-tlsa-desec-api-key.path;

tlsa_zones."example.com" = {

cert_path = "/var/lib/acme/example.com/";

records."_25._tcp.mail" = { };

};

</syntaxhighlight>The program is executed hourly per default but you can set the <code>interval</code> option to any [https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events systemd calendar event].<syntaxhighlight lang="nixos">

services.dyndns-tlsa-desec.interval = "5m"; # Every 5 minutes

</syntaxhighlight>

=== Sending from subaddresses ===

@@ Line 361: / Line 361: @@
 Adapt the variables <code>DOMAIN</code>, <code>SUBDOMAIN</code>, and <code>PORT</code> according to your needs. The variable <code>ACME_PROVIDER_ID</code> corresponds to the ACME profile name you've setup in the Stalwart webadmin interface. <code>EnvironmentFile</code> points to a file containing the secret Cloudflare api token in the format: TOKEN=12345678[...].
+==== deSEC.io ====
+In case you want to update your TLSA records at deSEC you can use [https://codeberg.org/Cameo007/dyndns-tlsa-desec dyndns-tlsa-desec] ('''install via flake''') which checks your existing records and updates them if necessary. The certificate and key are taken from the specified directory (like your [[ACME]] directory)
+It defaults to <code>3 1 1</code> but you can choose other values as described [[wikipedia:DNS-based_Authentication_of_Named_Entities#RR_data_fields|here]].<syntaxhighlight lang="nixos">
+services.dyndns-tlsa-desec = {
+  enable = true;
+  api_token_file = config.age.secrets.dyndns-tlsa-desec-api-key.path;
+  tlsa_zones."example.com" = {
+    cert_path = "/var/lib/acme/example.com/";
+    records."_25._tcp.mail" = { };
+  };
+};
+</syntaxhighlight>The program is executed hourly per default but you can set the <code>interval</code> option to any [https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events systemd calendar event].<syntaxhighlight lang="nixos">
+services.dyndns-tlsa-desec.interval = "5m"; # Every 5 minutes
+</syntaxhighlight>
 === Sending from subaddresses ===