# Stalwart Mail Server — Local Development Configuration
#
# This is a minimal config for local dev. Production config will have:
#   - Real TLS certs (Let's Encrypt)
#   - DKIM signing with real keys
#   - SPF/DMARC enforcement
#   - Rspamd integration
#   - Hetzner Object Storage for blob storage
#
# Reference: https://stalw.art/docs

[server]
hostname = "mail.dezky.local"

[server.listener]
"smtp" = { bind = "[::]:25", protocol = "smtp" }
"submission" = { bind = "[::]:587", protocol = "smtp", tls.implicit = false }
"submissions" = { bind = "[::]:465", protocol = "smtp", tls.implicit = true }
"imap" = { bind = "[::]:143", protocol = "imap", tls.implicit = false }
"imaps" = { bind = "[::]:993", protocol = "imap", tls.implicit = true }
"sieve" = { bind = "[::]:4190", protocol = "managesieve" }
"http" = { bind = "[::]:8080", protocol = "http" }

# ─────────────────────────────────────────────────────────────────
# Storage — RocksDB embedded for local dev (single-binary simplicity)
# Production will use PostgreSQL backend
# ─────────────────────────────────────────────────────────────────
[store."rocksdb"]
type = "rocksdb"
path = "/opt/stalwart/data"
compression = "lz4"

[storage]
data = "rocksdb"
fts = "rocksdb"
blob = "rocksdb"
lookup = "rocksdb"
directory = "internal"

# ─────────────────────────────────────────────────────────────────
# Directory — internal user store for local dev
# Production will wire OIDC to Authentik
# ─────────────────────────────────────────────────────────────────
[directory."internal"]
type = "internal"
store = "rocksdb"

# ─────────────────────────────────────────────────────────────────
# TLS — Self-signed in dev, Traefik terminates the public-facing HTTPS
# ─────────────────────────────────────────────────────────────────
[certificate."default"]
cert = "%{file:/opt/stalwart/etc/tls/cert.pem}%"
private-key = "%{file:/opt/stalwart/etc/tls/key.pem}%"
default = true

# ─────────────────────────────────────────────────────────────────
# Authentication for local development
# ─────────────────────────────────────────────────────────────────
[authentication]
fallback-admin.user = "admin"
fallback-admin.secret = "$env{STALWART_ADMIN_PASSWORD}"

# ─────────────────────────────────────────────────────────────────
# Resolver — use the Docker DNS for local dev
# ─────────────────────────────────────────────────────────────────
[resolver]
type = "system"
preserve-intermediates = true
concurrency = 2

# ─────────────────────────────────────────────────────────────────
# Logging
# ─────────────────────────────────────────────────────────────────
[tracer."stdout"]
type = "stdout"
level = "info"
ansi = false
enable = true

# ─────────────────────────────────────────────────────────────────
# Spam filtering — disabled in dev (no Rspamd configured)
# Production: integrate Rspamd via milter
# ─────────────────────────────────────────────────────────────────
[spam-filter]
enable = false

# ─────────────────────────────────────────────────────────────────
# Local development hint:
# After first boot, create your first mailbox by visiting
# https://mail.dezky.local and using admin credentials.
# ─────────────────────────────────────────────────────────────────