From a468e87d4927c42558c1b0284cae10b63f42de1c Mon Sep 17 00:00:00 2001
From: Drew Haven <drew.haven@gmail.com>
Date: Tue, 8 Apr 2025 16:32:19 -0700
Subject: [PATCH] [email] WIP

---
 system/hosts/mcp/containers/email.nix         | 19 +--------
 .../hosts/mcp/containers/email/mailserver.env |  1 +
 .../hosts/mcp/containers/public-homepage.nix  |  2 +-
 .../mcp/containers/traefik/static/email.yaml  | 41 +++++++++++++++++++
 .../hosts/mcp/containers/traefik/traefik.yaml |  4 ++
 5 files changed, 49 insertions(+), 18 deletions(-)
 create mode 100644 system/hosts/mcp/containers/traefik/static/email.yaml

diff --git a/system/hosts/mcp/containers/email.nix b/system/hosts/mcp/containers/email.nix
index 45f3068..ff2672e 100644
--- a/system/hosts/mcp/containers/email.nix
+++ b/system/hosts/mcp/containers/email.nix
@@ -7,28 +7,14 @@ in {
     image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
     hostname = "mail.${blazestar}";
     autoStart = true;
-    ports = [
-      "465:465"
-      "587:587"
-      "993:993"
-    ];
     volumes = [
       "/tank/mailserver/mail-data:/var/mail"
       "/tank/mailserver/mail-state:/var/mail-state"
       "/tank/mailserver/mail-logs:/var/log/mail"
       "/tank/mailserver/config:/tmp/docker-mailserver"
       "/etc/localtime:/etc/localtime:ro"
+      "/tank/config/traefik/acme/acme.json:/etc/letsencrypt/acme.json:ro"
     ];
-    # environment = {
-      # See https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/
-      # docker-mailserver uses 0 and 1 for false and true respectively
-    #   ENABLE_RSPAMD="1";
-    #   ENABLE_CLAMAV="1";
-    #   ENABLE_FAIL2BAN="1";
-    #   LOG_LEVEL="info";
-    #   ENABLE_POP3="0";
-    #   ENABLE_IMAP="1";
-    # };
     environmentFiles = [
       ./email/mailserver.env
     ];
@@ -37,8 +23,7 @@ in {
       "--cap-add=NET_ADMIN"
     ];
     labels = {
-      "traefik.enable" = "true";
-      "traefik.tcp.routers.mail.service" = "mailserver";
+      "traefik.enable" = "false";
     };
   };
 }
diff --git a/system/hosts/mcp/containers/email/mailserver.env b/system/hosts/mcp/containers/email/mailserver.env
index 3bc1794..cf6a394 100644
--- a/system/hosts/mcp/containers/email/mailserver.env
+++ b/system/hosts/mcp/containers/email/mailserver.env
@@ -239,6 +239,7 @@ SMTP_ONLY=
 # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
 # self-signed => Enables self-signed certificates
 SSL_TYPE=letsencrypt
+SSL_DOMAIL=mail.blazestar.net
 
 # These are only supported with `SSL_TYPE=manual`.
 # Provide the path to your cert and key files that you've mounted access to within the container.
diff --git a/system/hosts/mcp/containers/public-homepage.nix b/system/hosts/mcp/containers/public-homepage.nix
index 42824a7..4386004 100644
--- a/system/hosts/mcp/containers/public-homepage.nix
+++ b/system/hosts/mcp/containers/public-homepage.nix
@@ -1,5 +1,5 @@
 # Define a very simple webserver to act as a default homepage.
-{ pkgs, ... }:
+{ ... }:
 {
   virtualisation.oci-containers.containers = {
     public-homepage = {
diff --git a/system/hosts/mcp/containers/traefik/static/email.yaml b/system/hosts/mcp/containers/traefik/static/email.yaml
new file mode 100644
index 0000000..f89eaaa
--- /dev/null
+++ b/system/hosts/mcp/containers/traefik/static/email.yaml
@@ -0,0 +1,41 @@
+http:
+  routers:
+    # A dummy route so that I can get certificates
+    mailserver-dummy:
+      service: public
+      rule: "Host(`mail.blazestar.net`)"
+  services: 
+    public:
+      loadbalancer:
+        servers:
+          url: "http://public-homepage:80"
+tcp:
+  routers:
+    docker-mailserver-esmtp:
+      service: docker-mailserver-esmtp
+      entryPoints:
+        - esmtp
+      rule: "HostSNI(`*`)"
+      # tls:
+      #   # Send traffic through for the mail server to terminate.
+      #   # This is required because some of the mail TLS is handled by upgrading connections.
+      #   passthrough: true
+      #   certResovler: letsencrypt
+      #   domains:
+      #     - main: "mail.blazestar.net"
+      # A host SNI rule is required (per documentation) for tls options.
+      # rule: "HostSNI(`mail.blazestar.net`)"
+    docker-mailserver-imap4:
+      service: docker-mailserver-imap4
+      entryPoints:
+        - imap4
+      rule: "HostSNI(`*`)"
+  services:
+    docker-mailserver-esmtp:
+      loadBalancer:
+        servers:
+          - address: "docker-mailserver:465"
+    docker-mailserver-imap4:
+      loadBalancer:
+        servers:
+          - address: "docker-mailserver:993"
diff --git a/system/hosts/mcp/containers/traefik/traefik.yaml b/system/hosts/mcp/containers/traefik/traefik.yaml
index 8120d26..ec65235 100644
--- a/system/hosts/mcp/containers/traefik/traefik.yaml
+++ b/system/hosts/mcp/containers/traefik/traefik.yaml
@@ -13,6 +13,10 @@ entryPoints:
         certResolver: letsencrypt
   metrics:
     address: ":8082"
+  esmtp:
+    address: ":465"
+  imap4:
+    address: ":993"
 
 api:
   insecure: true