Merge branch 'flake-bump' into 'master'

postfix: don't cast message_size_limit to string See merge request simple-nixos-mailserver/nixos-mailserver!435
2025-08-02 00:27:02 +00:00 · 2025-08-02 00:27:02 +00:00 · eb656cd361
commit eb656cd361
parent ce87c8a977 b76a547bec
7 changed files with 65 additions and 63 deletions
--- a/flake.lock
+++ b/flake.lock
@ -79,11 +79,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1751792365,
+        "lastModified": 1753939845,
-        "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
+        "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
+        "rev": "94def634a20494ee057c76998843c015909d6311",
        "type": "github"
      },
      "original": {
@ -95,11 +95,11 @@
    },
    "nixpkgs-25_05": {
      "locked": {
-        "lastModified": 1751741127,
+        "lastModified": 1753749649,
-        "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=",
+        "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "29e290002bfff26af1db6f64d070698019460302",
+        "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a",
        "type": "github"
      },
      "original": {
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -168,7 +168,8 @@ let
    fts_header_excludes = listToLine cfg.fullTextSearch.headerExcludes;
    fts_autoindex = boolToYesNo cfg.fullTextSearch.autoIndex;
    fts_enforced = cfg.fullTextSearch.enforced;
-  } // (listToMultiAttrs "fts_autoindex_exclude" cfg.fullTextSearch.autoIndexExclude);
+  }
  // (listToMultiAttrs "fts_autoindex_exclude" cfg.fullTextSearch.autoIndexExclude);
 in
 {
@ -200,7 +201,8 @@ in
    # which are usually not compatible.
    environment.systemPackages = [
      pkgs.dovecot_pigeonhole
-    ] ++ lib.optional cfg.fullTextSearch.enable pkgs.dovecot-fts-flatcurve;
+    ]
    ++ lib.optional cfg.fullTextSearch.enable pkgs.dovecot-fts-flatcurve;
    # For compatibility with python imaplib
    environment.etc."dovecot/modules".source = "/run/current-system/sw/lib/dovecot/modules";
@ -228,7 +230,8 @@ in
        sieve = "file:${cfg.sieveDirectory}/%{user}/scripts;active=${cfg.sieveDirectory}/%{user}/active.sieve";
        sieve_default = "file:${cfg.sieveDirectory}/%{user}/default.sieve";
        sieve_default_name = "default";
-      } // (lib.optionalAttrs cfg.fullTextSearch.enable ftsPluginSettings);
+      }
      // (lib.optionalAttrs cfg.fullTextSearch.enable ftsPluginSettings);
      sieve = {
        extensions = [
@ -448,15 +451,15 @@ in
    };
    systemd.services.${dovecotUnitName} = {
-      preStart =
+      preStart = ''
-        ''
+        ${genPasswdScript}
-          ${genPasswdScript}
+      ''
-        ''
+      + (lib.optionalString cfg.ldap.enable setPwdInLdapConfFile);
        + (lib.optionalString cfg.ldap.enable setPwdInLdapConfFile);
    };
    systemd.services.postfix.restartTriggers = [
      genPasswdScript
-    ] ++ (lib.optional cfg.ldap.enable [ setPwdInLdapConfFile ]);
+    ]
    ++ (lib.optional cfg.ldap.enable [ setPwdInLdapConfFile ]);
  };
 }
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@ -23,16 +23,17 @@ in
  config = lib.mkIf (cfg.enable && cfg.openFirewall) {
    networking.firewall = {
-      allowedTCPPorts =
+      allowedTCPPorts = [
-        [ 25 ]
+        25
-        ++ lib.optional cfg.enableSubmission 587
+      ]
-        ++ lib.optional cfg.enableSubmissionSsl 465
+      ++ lib.optional cfg.enableSubmission 587
-        ++ lib.optional cfg.enableImap 143
+      ++ lib.optional cfg.enableSubmissionSsl 465
-        ++ lib.optional cfg.enableImapSsl 993
+      ++ lib.optional cfg.enableImap 143
-        ++ lib.optional cfg.enablePop3 110
+      ++ lib.optional cfg.enableImapSsl 993
-        ++ lib.optional cfg.enablePop3Ssl 995
+      ++ lib.optional cfg.enablePop3 110
-        ++ lib.optional cfg.enableManageSieve 4190
+      ++ lib.optional cfg.enablePop3Ssl 995
-        ++ lib.optional (cfg.certificateScheme == "acme-nginx") 80;
+      ++ lib.optional cfg.enableManageSieve 4190
      ++ lib.optional (cfg.certificateScheme == "acme-nginx") 80;
    };
  };
 }
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@ -277,23 +277,22 @@ in
        recipient_delimiter = cfg.recipientDelimiter;
        smtpd_banner = "${cfg.fqdn} ESMTP NO UCE";
        disable_vrfy_command = true;
-        message_size_limit = toString cfg.messageSizeLimit;
+        message_size_limit = cfg.messageSizeLimit;
        # virtual mail system
        virtual_uid_maps = "static:5000";
        virtual_gid_maps = "static:5000";
        virtual_mailbox_base = cfg.mailDirectory;
        virtual_mailbox_domains = vhosts_file;
-        virtual_mailbox_maps =
+        virtual_mailbox_maps = [
-          [
+          (mappedFile "valias")
-            (mappedFile "valias")
+        ]
-          ]
+        ++ lib.optionals cfg.ldap.enable [
-          ++ lib.optionals cfg.ldap.enable [
+          "ldap:${ldapVirtualMailboxMapFile}"
-            "ldap:${ldapVirtualMailboxMapFile}"
+        ]
-          ]
+        ++ lib.optionals (regex_valiases_postfix != { }) [
-          ++ lib.optionals (regex_valiases_postfix != { }) [
+          (mappedRegexFile "regex_valias")
-            (mappedRegexFile "regex_valias")
+        ];
          ];
        virtual_alias_maps = lib.mkAfter (
          lib.optionals (regex_valiases_postfix != { }) [
            (mappedRegexFile "regex_valias")
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@ -75,18 +75,17 @@ in
          '';
        };
        "redis.conf" = {
-          text =
+          text = ''
-            ''
+            servers = "${
-              servers = "${
+              if cfg.redis.port == null then
-                if cfg.redis.port == null then
+                cfg.redis.address
-                  cfg.redis.address
+              else
-                else
+                "${cfg.redis.address}:${toString cfg.redis.port}"
-                  "${cfg.redis.address}:${toString cfg.redis.port}"
+            }";
-              }";
+          ''
-            ''
+          + (lib.optionalString (cfg.redis.password != null) ''
-            + (lib.optionalString (cfg.redis.password != null) ''
+            password = "${cfg.redis.password}";
-              password = "${cfg.redis.password}";
+          '');
            '');
        };
        "classifier-bayes.conf" = {
          text = ''
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@ -94,10 +94,11 @@ in
    # Postfix requires dovecot lmtp socket, dovecot auth socket and certificate to work
    systemd.services.postfix = {
      wants = certificatesDeps;
-      after =
+      after = [
-        [ "${dovecotUnitName}.service" ]
+        "${dovecotUnitName}.service"
-        ++ lib.optional cfg.dkimSigning "rspamd.service"
+      ]
-        ++ certificatesDeps;
+      ++ lib.optional cfg.dkimSigning "rspamd.service"
      ++ certificatesDeps;
      requires = [ "${dovecotUnitName}.service" ] ++ lib.optional cfg.dkimSigning "rspamd.service";
    };
  };
--- a/tests/internal.nix
+++ b/tests/internal.nix
@ -58,17 +58,16 @@ in
        virtualisation.memorySize = 1024;
-        environment.systemPackages =
+        environment.systemPackages = [
-          [
+          (pkgs.writeScriptBin "mail-check" ''
-            (pkgs.writeScriptBin "mail-check" ''
+            ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
-              ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
+          '')
-            '')
+        ]
-          ]
+        ++ (with pkgs; [
-          ++ (with pkgs; [
+          curl
-            curl
+          openssl
-            openssl
+          netcat
-            netcat
+        ]);
          ]);
        mailserver = {
          enable = true;