Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'ldap-mail-directory-assertion' into 'master'

Browse source 
Fix assertion for ldap mail directory

See merge request simple-nixos-mailserver/nixos-mailserver!406
This commit is contained in:
Martin Weinelt 2025-05-30 13:14:11 +00:00
commit c8bc3e4f1f
1 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

28
mail-server/assertions.nix
View file

@ -1,20 +1,7 @@
{ config, lib, ... }:
{
assertions = [
{
assertion = config.mailserver.stateVersion < 2
&& config.mailserver.ldap.enable
&& config.mailserver.mailDirectory != "/var/vmail";
message = ''
Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`.
Remediation:
- Stop the `dovecot2.service`
- Move `/var/vmail/ldap` below your `mailserver.mailDirectory`
- Increase the `stateVersion` to 2.
Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information.
'';
}
] ++ lib.optionals config.mailserver.enable [
{
assertion = config.mailserver.stateVersion != null;
@ -29,6 +16,19 @@
assertion = config.mailserver.extraVirtualAliases == {};
message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases";
}
] ++ lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail") [
{
assertion = config.mailserver.stateVersion >= 2;
message = ''
Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`.
Remediation:
- Stop the `dovecot2.service`
- Move `/var/vmail/ldap` below your `mailserver.mailDirectory`
- Increase the `stateVersion` to 2.
Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#ldap-home-directory-migration for more information.
'';
}
] ++ lib.optionals (config.mailserver.enable && config.mailserver.certificateScheme != "acme") [
{
assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn;