# Example hieradata for roles::infra::mail::backend # Place this in: hieradata/roles/infra/mail/backend.yaml # Stalwart module configuration - all parameters passed directly to the module # stalwart::node_id: 1234 # Optional - automatically extracted from last 4 digits of hostname stalwart::cluster_role: 'mail-backend' # PostgreSQL connection settings stalwart::postgresql_host: 'pgsql.example.com' stalwart::postgresql_port: 5432 stalwart::postgresql_database: 'stalwart' stalwart::postgresql_user: 'stalwart' stalwart::postgresql_password: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...] stalwart::postgresql_ssl: true # S3/Ceph-RGW connection settings stalwart::s3_endpoint: 'https://ceph-rgw.example.com' stalwart::s3_bucket: 'stalwart-blobs' stalwart::s3_region: 'default' stalwart::s3_access_key: 'stalwart_access_key' stalwart::s3_secret_key: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...] stalwart::s3_key_prefix: 'stalwart/' # Domains this mail backend serves stalwart::domains: - 'example.com' - 'mail.example.com' # Postfix relay host for SMTP delivery stalwart::postfix_relay_host: 'postfix.example.com' # Optional protocol configuration (defaults shown) stalwart::enable_imap: true stalwart::enable_imap_tls: true stalwart::enable_http: true stalwart::enable_smtp_relay: true # Optional management settings stalwart::manage_dns_records: true stalwart::log_level: 'info' # Optional TLS certificate paths (defaults work with profiles::pki::vault) # stalwart::tls_cert: '/etc/pki/tls/vault/certificate.crt' # stalwart::tls_key: '/etc/pki/tls/vault/private.key' # Optional path overrides (RPM package sets up these defaults) # stalwart::config_dir: '/opt/stalwart/etc' # stalwart::data_dir: '/var/lib/stalwart' # PKI alt_names configuration for TLS certificates # This should include all domains and hostnames that need certificates profiles::pki::vault::alt_names: - 'imap.example.com' - 'mail.example.com' - 'autoconfig.example.com' - 'autodiscover.example.com'