From 8b3ab57b34fada755856e3c63918e39a5a216f53 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 17 Sep 2025 03:35:20 +0000
Subject: [PATCH] enable stalwart-mail for contacts

---
 flake.nix                                     |  1 +
 .../nmasur/presets/services/stalwart-mail.nix | 56 +++++++++++++++++++
 .../nmasur/profiles/communications.nix        |  1 +
 3 files changed, 58 insertions(+)
 create mode 100644 platforms/nixos/modules/nmasur/presets/services/stalwart-mail.nix

diff --git a/flake.nix b/flake.nix
index 1a89963..aef558e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -114,6 +114,7 @@
           bookmarks = "keep.${baseName}";
           books = "books.${baseName}";
           budget = "money.${baseName}";
+          contacts = "contacts.${baseName}";
           content = "cloud.${baseName}";
           download = "download.${baseName}";
           files = "files.${baseName}";
diff --git a/platforms/nixos/modules/nmasur/presets/services/stalwart-mail.nix b/platforms/nixos/modules/nmasur/presets/services/stalwart-mail.nix
new file mode 100644
index 0000000..93c535a
--- /dev/null
+++ b/platforms/nixos/modules/nmasur/presets/services/stalwart-mail.nix
@@ -0,0 +1,56 @@
+# Stalwart is a self-hosted email service, but in my case I want to use it as a
+# vCard contacts database server and ignore the email component.
+
+{ config, lib, ... }:
+
+let
+  inherit (config.nmasur.settings) hostnames;
+  cfg = config.nmasur.presets.services.stalwart-mail;
+in
+
+{
+
+  options.nmasur.presets.services.stalwart-mail = {
+    enable = lib.mkEnableOption "Stalwart mail and contacts server";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to use for the localhost";
+      default = 7982;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.stalwart-mail = {
+      enable = true;
+      settings = {
+        server.listener.http = {
+          bind = [ "127.0.0.1:${builtins.toString cfg.port}" ];
+          protocol = "http";
+        };
+        authentication.fallback-admin = {
+          user = "admin";
+          secret = "$6$W/zXJP0xtZSUQqIe$DedCz9ncAn8mtfQVCg8Fzguuz.x8u1dfVU/d7wKyc6ujLuY4WCdtY0OeYwpv8huJfKAgBKE3go2MTrT99ID7I1";
+        };
+      };
+    };
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ hostnames.contacts ];
+
+    # Allow web traffic to Caddy
+    nmasur.presets.services.caddy.routes = [
+      {
+        match = [ { host = [ hostnames.contacts ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [
+              { dial = "localhost:${builtins.toString cfg.port}"; }
+            ];
+          }
+        ];
+      }
+    ];
+  };
+}
diff --git a/platforms/nixos/modules/nmasur/profiles/communications.nix b/platforms/nixos/modules/nmasur/profiles/communications.nix
index a0e5b61..d7fc979 100644
--- a/platforms/nixos/modules/nmasur/profiles/communications.nix
+++ b/platforms/nixos/modules/nmasur/profiles/communications.nix
@@ -36,6 +36,7 @@ in
         ntfy-sh.enable = lib.mkDefault true;
         pgweb.enable = lib.mkDefault true;
         postgresql.enable = lib.mkDefault true;
+        stalwart-mail.enable = lib.mkDefault true;
         thelounge.enable = lib.mkDefault true;
         uptime-kuma.enable = lib.mkDefault true;
         vaultwarden.enable = lib.mkDefault true;