# Example hieradata for profiles::mail::stalwart
# This shows the required and optional parameters for Stalwart configuration

# Required: Unique node ID for each server in the cluster (1, 2, 3, etc.)
profiles::mail::stalwart::node_id: 1

# Required: Cluster role name for query_nodes() discovery
profiles::mail::stalwart::cluster_role: 'mail-backend'

# Required: PostgreSQL connection settings
profiles::mail::stalwart::postgresql_host: 'pgsql.example.com'
profiles::mail::stalwart::postgresql_port: 5432
profiles::mail::stalwart::postgresql_database: 'stalwart'
profiles::mail::stalwart::postgresql_user: 'stalwart'
profiles::mail::stalwart::postgresql_password: >
  ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
profiles::mail::stalwart::postgresql_ssl: true

# Required: S3/Ceph-RGW connection settings
profiles::mail::stalwart::s3_endpoint: 'https://ceph-rgw.example.com'
profiles::mail::stalwart::s3_bucket: 'stalwart-blobs'
profiles::mail::stalwart::s3_region: 'default'
profiles::mail::stalwart::s3_access_key: 'stalwart_access_key'
profiles::mail::stalwart::s3_secret_key: >
  ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAxample...]
profiles::mail::stalwart::s3_key_prefix: 'stalwart/'

# Required: Domains this mail backend serves
profiles::mail::stalwart::domains:
  - 'example.com'
  - 'mail.example.com'

# Required: Postfix relay host for SMTP delivery
profiles::mail::stalwart::postfix_relay_host: 'postfix.example.com'

# Optional: Protocol configuration (defaults shown)
profiles::mail::stalwart::enable_imap: true
profiles::mail::stalwart::enable_imap_tls: true
profiles::mail::stalwart::enable_http: true
profiles::mail::stalwart::enable_smtp_relay: true

# Optional: Management settings
profiles::mail::stalwart::manage_dns_records: true
profiles::mail::stalwart::log_level: 'info'

# Optional: TLS certificate paths (defaults shown)
profiles::mail::stalwart::tls_cert: '/etc/pki/tls/vault/certificate.crt'
profiles::mail::stalwart::tls_key: '/etc/pki/tls/vault/private.key'

# Example PKI alt_names configuration for TLS certificates
# This should include all domains and hostnames that need certificates
profiles::pki::vault::alt_names:
  mail-backend:
    - 'imap.example.com'
    - 'mail.example.com'
    - 'autoconfig.example.com'
    - 'autodiscover.example.com'