diff --git a/flake.lock b/flake.lock index 838c77e..74df222 100644 --- a/flake.lock +++ b/flake.lock @@ -79,11 +79,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1753939845, + "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "94def634a20494ee057c76998843c015909d6311", "type": "github" }, "original": { @@ -95,11 +95,11 @@ }, "nixpkgs-25_05": { "locked": { - "lastModified": 1751741127, - "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "lastModified": 1753749649, + "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29e290002bfff26af1db6f64d070698019460302", + "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a", "type": "github" }, "original": { diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index 33e7f4c..69d2b6b 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -168,7 +168,8 @@ let fts_header_excludes = listToLine cfg.fullTextSearch.headerExcludes; fts_autoindex = boolToYesNo cfg.fullTextSearch.autoIndex; fts_enforced = cfg.fullTextSearch.enforced; - } // (listToMultiAttrs "fts_autoindex_exclude" cfg.fullTextSearch.autoIndexExclude); + } + // (listToMultiAttrs "fts_autoindex_exclude" cfg.fullTextSearch.autoIndexExclude); in { @@ -200,7 +201,8 @@ in # which are usually not compatible. environment.systemPackages = [ pkgs.dovecot_pigeonhole - ] ++ lib.optional cfg.fullTextSearch.enable pkgs.dovecot-fts-flatcurve; + ] + ++ lib.optional cfg.fullTextSearch.enable pkgs.dovecot-fts-flatcurve; # For compatibility with python imaplib environment.etc."dovecot/modules".source = "/run/current-system/sw/lib/dovecot/modules"; @@ -228,7 +230,8 @@ in sieve = "file:${cfg.sieveDirectory}/%{user}/scripts;active=${cfg.sieveDirectory}/%{user}/active.sieve"; sieve_default = "file:${cfg.sieveDirectory}/%{user}/default.sieve"; sieve_default_name = "default"; - } // (lib.optionalAttrs cfg.fullTextSearch.enable ftsPluginSettings); + } + // (lib.optionalAttrs cfg.fullTextSearch.enable ftsPluginSettings); sieve = { extensions = [ @@ -448,15 +451,15 @@ in }; systemd.services.${dovecotUnitName} = { - preStart = - '' - ${genPasswdScript} - '' - + (lib.optionalString cfg.ldap.enable setPwdInLdapConfFile); + preStart = '' + ${genPasswdScript} + '' + + (lib.optionalString cfg.ldap.enable setPwdInLdapConfFile); }; systemd.services.postfix.restartTriggers = [ genPasswdScript - ] ++ (lib.optional cfg.ldap.enable [ setPwdInLdapConfFile ]); + ] + ++ (lib.optional cfg.ldap.enable [ setPwdInLdapConfFile ]); }; } diff --git a/mail-server/networking.nix b/mail-server/networking.nix index f560ec0..a79aa37 100644 --- a/mail-server/networking.nix +++ b/mail-server/networking.nix @@ -23,16 +23,17 @@ in config = lib.mkIf (cfg.enable && cfg.openFirewall) { networking.firewall = { - allowedTCPPorts = - [ 25 ] - ++ lib.optional cfg.enableSubmission 587 - ++ lib.optional cfg.enableSubmissionSsl 465 - ++ lib.optional cfg.enableImap 143 - ++ lib.optional cfg.enableImapSsl 993 - ++ lib.optional cfg.enablePop3 110 - ++ lib.optional cfg.enablePop3Ssl 995 - ++ lib.optional cfg.enableManageSieve 4190 - ++ lib.optional (cfg.certificateScheme == "acme-nginx") 80; + allowedTCPPorts = [ + 25 + ] + ++ lib.optional cfg.enableSubmission 587 + ++ lib.optional cfg.enableSubmissionSsl 465 + ++ lib.optional cfg.enableImap 143 + ++ lib.optional cfg.enableImapSsl 993 + ++ lib.optional cfg.enablePop3 110 + ++ lib.optional cfg.enablePop3Ssl 995 + ++ lib.optional cfg.enableManageSieve 4190 + ++ lib.optional (cfg.certificateScheme == "acme-nginx") 80; }; }; } diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index 79b2eca..8c0bccd 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -277,23 +277,22 @@ in recipient_delimiter = cfg.recipientDelimiter; smtpd_banner = "${cfg.fqdn} ESMTP NO UCE"; disable_vrfy_command = true; - message_size_limit = toString cfg.messageSizeLimit; + message_size_limit = cfg.messageSizeLimit; # virtual mail system virtual_uid_maps = "static:5000"; virtual_gid_maps = "static:5000"; virtual_mailbox_base = cfg.mailDirectory; virtual_mailbox_domains = vhosts_file; - virtual_mailbox_maps = - [ - (mappedFile "valias") - ] - ++ lib.optionals cfg.ldap.enable [ - "ldap:${ldapVirtualMailboxMapFile}" - ] - ++ lib.optionals (regex_valiases_postfix != { }) [ - (mappedRegexFile "regex_valias") - ]; + virtual_mailbox_maps = [ + (mappedFile "valias") + ] + ++ lib.optionals cfg.ldap.enable [ + "ldap:${ldapVirtualMailboxMapFile}" + ] + ++ lib.optionals (regex_valiases_postfix != { }) [ + (mappedRegexFile "regex_valias") + ]; virtual_alias_maps = lib.mkAfter ( lib.optionals (regex_valiases_postfix != { }) [ (mappedRegexFile "regex_valias") diff --git a/mail-server/rspamd.nix b/mail-server/rspamd.nix index 73e119a..7121a46 100644 --- a/mail-server/rspamd.nix +++ b/mail-server/rspamd.nix @@ -75,18 +75,17 @@ in ''; }; "redis.conf" = { - text = - '' - servers = "${ - if cfg.redis.port == null then - cfg.redis.address - else - "${cfg.redis.address}:${toString cfg.redis.port}" - }"; - '' - + (lib.optionalString (cfg.redis.password != null) '' - password = "${cfg.redis.password}"; - ''); + text = '' + servers = "${ + if cfg.redis.port == null then + cfg.redis.address + else + "${cfg.redis.address}:${toString cfg.redis.port}" + }"; + '' + + (lib.optionalString (cfg.redis.password != null) '' + password = "${cfg.redis.password}"; + ''); }; "classifier-bayes.conf" = { text = '' diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix index 5f6fd4a..fb11a2d 100644 --- a/mail-server/systemd.nix +++ b/mail-server/systemd.nix @@ -94,10 +94,11 @@ in # Postfix requires dovecot lmtp socket, dovecot auth socket and certificate to work systemd.services.postfix = { wants = certificatesDeps; - after = - [ "${dovecotUnitName}.service" ] - ++ lib.optional cfg.dkimSigning "rspamd.service" - ++ certificatesDeps; + after = [ + "${dovecotUnitName}.service" + ] + ++ lib.optional cfg.dkimSigning "rspamd.service" + ++ certificatesDeps; requires = [ "${dovecotUnitName}.service" ] ++ lib.optional cfg.dkimSigning "rspamd.service"; }; }; diff --git a/tests/internal.nix b/tests/internal.nix index 251efbc..1b3224b 100644 --- a/tests/internal.nix +++ b/tests/internal.nix @@ -58,17 +58,16 @@ in virtualisation.memorySize = 1024; - environment.systemPackages = - [ - (pkgs.writeScriptBin "mail-check" '' - ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@ - '') - ] - ++ (with pkgs; [ - curl - openssl - netcat - ]); + environment.systemPackages = [ + (pkgs.writeScriptBin "mail-check" '' + ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@ + '') + ] + ++ (with pkgs; [ + curl + openssl + netcat + ]); mailserver = { enable = true;