Skynet/misc_nixos-mailserver
6
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
794 commits 37 branches 22 tags 326 MiB
Commit graph

794 commits

This branch
This branch
All branches
Author SHA1 Message Date
Brendan Golden
8bca7ebf09
fix: allow for extraVirtualAliases and ldap
All checks were successful
Build / deploy (push) Successful in 9s
Details
2025-09-20 12:26:27 +01:00
Brendan Golden
206b26ea8f
ci: deploy upstream on changes 2025-09-20 12:26:27 +01:00
Brendan Golden
54bbf02882
test: Checking if virtual aliases are functional. 
Relates to https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/issues/22

test: Remove the account type limiatation

# Conflicts:
#	default.nix
#	mail-server/assertions.nix
 2025-09-20 12:26:27 +01:00
Martin Weinelt
b49ae46f22 Merge branch 'rspamd-local-networks' into 'master' 
rspamd: restrict addresses we disable checks for to localhost

Closes #326

See merge request simple-nixos-mailserver/nixos-mailserver!444
 2025-08-25 13:55:52 +00:00
Martin Weinelt
1a2d7a4bf5
rspamd: restrict addresses we disable checks for to localhost 
By default this includes private network subnets, but those should really
use authentication instead, if they want to skip checks.

Closes: #326
 2025-08-25 04:12:30 +02:00
Martin Weinelt
cc5f180427 Merge branch 'test-enableSubmissionSsl' into 'master' 
tests: also test client submission over `smtps://` instead of just `smtp://` with STARTTLS

See merge request simple-nixos-mailserver/nixos-mailserver!443
 2025-08-24 00:41:08 +00:00
emilylange
63b8e1615f
tests: also test client submission over smtps:// 
instead of just smtp:// with STARTTLS.

Opted to call the flag --ssl and not --tls to keep it consistent with
the module option (mailserver.enableSubmissionSsl), dovecot internals
and smtplib in mail-check.py.
 2025-08-24 02:29:30 +02:00
Martin Weinelt
958c112fba Merge branch 'dkim-rsa2048' into 'master' 
Increase default DKIM key bits to 2048

Closes #333

See merge request simple-nixos-mailserver/nixos-mailserver!442
 2025-08-22 20:42:21 +00:00
Martin Weinelt
2204f55329
Increase default DKIM key bits to 2048 
This is the current recommendation in RFC 8301 from early 2018.

Fixes: #333
 2025-08-22 22:38:31 +02:00
Martin Weinelt
2be40a9653 Merge branch 'docs-fix-dovecot-links' into 'master' 
docs/dovecot: fix dovecot URLs (again)

See merge request simple-nixos-mailserver/nixos-mailserver!441
 2025-08-22 20:34:21 +00:00
emilylange
b7d2f287f3
docs/dovecot: fix dovecot URLs (again) 
https://doc.dovecot.org/configuration_manual moved to
https://doc.dovecot.org/2.3/configuration_manual to make room for
https://doc.dovecot.org/:version/ where :version can be any one of 2.3,
2.4.0, 2.4.1 or main.

Unfortunately, there is no redirect for the 2.3 manual pages, rendering
a few of those dovecot links dead. I figured we want to keep the old
docs at /2.3/ for now until we eventually migrate to 2.4, as there are
some differences in the ldap interface between those versions.

Previously: 90539a1a99
 2025-08-22 22:06:29 +02:00
Martin Weinelt
57d9624c71 Merge branch 'dmarc-reporter' into 'master' 
Allow AF_UNIX sockets for dmarc reporter, tokenize commandline

Closes #331

See merge request simple-nixos-mailserver/nixos-mailserver!437
 2025-08-07 22:31:50 +00:00
Martin Weinelt
fc955088e3
Respect configureLocally flag for redis 2025-08-08 00:01:45 +02:00
Martin Weinelt
43f87f5520
Tokenize dmarc reporter commandline 2025-08-08 00:01:45 +02:00
Martin Weinelt
aa06b2f489
Allow AF_UNIX sockets for dmarc reporter and allow group access 
This is required to use redis over UNIX domain sockets.
 2025-08-08 00:01:45 +02:00
Martin Weinelt
eb656cd361 Merge branch 'flake-bump' into 'master' 
postfix: don't cast message_size_limit to string

See merge request simple-nixos-mailserver/nixos-mailserver!435
 2025-08-02 00:27:02 +00:00
Martin Weinelt
b76a547bec
treewide: reformat with nixfmt 1.0.0 2025-08-02 02:19:15 +02:00
Martin Weinelt
cea6f25a40 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/1fd8bada0b6117e6c7eb54aad5813023eed37ccb' (2025-07-06)
  → 'github:NixOS/nixpkgs/94def634a20494ee057c76998843c015909d6311' (2025-07-31)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/29e290002bfff26af1db6f64d070698019460302' (2025-07-05)
  → 'github:NixOS/nixpkgs/1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a' (2025-07-29)
 2025-08-02 02:12:47 +02:00
Martin Weinelt
027e6bcd76
postfix: don't cast message_size_limit to string 
On unstable this will become a signed integer and there was never a good
reason for this to be a string.
 2025-08-02 02:11:11 +02:00
Martin Weinelt
ce87c8a977 Merge branch 'options' into 'master' 
acmeCertificateName: Set defaultText as the default is dynamic

See merge request simple-nixos-mailserver/nixos-mailserver!432
 2025-07-23 15:47:20 +00:00
Tom Hubrecht
29de3e6865
acmeCertificateName: Set defaultText as the default is dynamic 2025-07-23 17:18:30 +02:00
Martin Weinelt
80d21ed7a1 Merge branch 'system-options' into 'master' 
Introduce system name and domain options

See merge request simple-nixos-mailserver/nixos-mailserver!427
 2025-07-09 11:20:39 +00:00
Martin Weinelt
e9953aa154
ruff: reject implicit string concat 
This is a common mistake that could have been prevented.

```
migrations/nixos-mailserver-migration-03.py:42:9: ISC002 Implicitly concatenated string literals over multiple lines
   |
40 |   def is_maildir_related(path: Path, layout: FolderLayout) -> bool:
41 |       if path.name in [
42 | /         "subscriptions"
43 | |         # https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/maildir/#imap-uid-mapping
44 | |         "dovecot-uidlist",
   | |_________________________^ ISC002
45 |           # https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/maildir/#imap-keywords
46 |           "dovecot-keywords",
   |
```
 2025-07-09 03:59:54 +02:00
Martin Weinelt
dda91cfc15 Merge branch 'patch-1' into 'master' 
migrations: add missing comma in list

See merge request simple-nixos-mailserver/nixos-mailserver!429
 2025-07-09 01:43:03 +00:00
Yureka
c2df33f76a migrations: add missing comma in list 2025-07-09 01:39:51 +00:00
Martin Weinelt
2b240501e0
Introduce system name and domain options 
Bring them up from the DMARC reporting section to the mailserver toplevel
so they become reusable for the upcoming TLSRPT integration.

We default to the first domain in the domains option, if not set
explicitly, so that `systemDomain` doesn't become a blocker for existing
setups. We still encourage picking out the intended one, which is likely
the one used for the MX hostname.

This also simplifies the DMARC reporting configuration, which doesn't
need to be so fine-grained.

Co-Authored-By: Emily <git@emilylange.de>
 2025-07-09 01:44:10 +02:00
Martin Weinelt
0aeb2849ad
mail-check: fix format string 2025-07-08 04:39:36 +02:00
Martin Weinelt
47786932cb
tests: fix deprecate machine config access 2025-07-08 03:58:37 +02:00
Martin Weinelt
358a44674e Merge branch 'flake-bump' into 'master' 
flake.lock: Update

See merge request simple-nixos-mailserver/nixos-mailserver!428
 2025-07-08 01:29:06 +00:00
Martin Weinelt
679bce8bbb flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/623c56286de5a3193aa38891a6991b28f9bab056' (2025-06-11)
  → 'github:cachix/git-hooks.nix/16ec914f6fb6f599ce988427d9d94efddf25fe6d' (2025-06-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07)
  → 'github:NixOS/nixpkgs/1fd8bada0b6117e6c7eb54aad5813023eed37ccb' (2025-07-06)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/fd487183437963a59ba763c0cc4f27e3447dd6dd' (2025-06-12)
  → 'github:NixOS/nixpkgs/29e290002bfff26af1db6f64d070698019460302' (2025-07-05)
 2025-07-08 03:20:45 +02:00
Martin Weinelt
334e370c1f Merge branch 'dovecot-unit-name-migration' into 'master' 
dovecot: use marker option as unit name migration indicator

See merge request simple-nixos-mailserver/nixos-mailserver!426
 2025-07-06 23:24:27 +00:00
Martin Weinelt
d6d2053b80
dovecot: use marker option as unit name migration indicator 
In nixpkgs we expose `services.dovecot.hasNewUnitName` option that can be
safely inspected to understand that whether to use the `dovecot` systemd
service name instead of `dovecot2`.
 2025-07-07 01:10:19 +02:00
Martin Weinelt
6004878dc6 Merge branch 'dovecot-migration-compat-fixup' into 'master' 
dovecot: fix check for dovecot systemd unit name

See merge request simple-nixos-mailserver/nixos-mailserver!425
 2025-07-06 03:22:41 +00:00
Martin Weinelt
f9a52ca4b5
dovecot: fix check for dovecot systemd unit name 
and migrate the preStart script in systemd.nix as well.
 2025-07-06 05:18:01 +02:00
Martin Weinelt
a40574beb5 Merge branch 'dovecot-migration-compat' into 'master' 
dovecot: add compat shim for dovecot unit name migration

See merge request simple-nixos-mailserver/nixos-mailserver!424
 2025-07-06 00:58:47 +00:00
Martin Weinelt
b38dc8085c
dovecot: add compat shim for dovecot unit name migration 
In nixpkgs I renamed dovecot2 to dovecot and made dovecot2 an alias, so
adding the script to the alias does us no good.
 2025-07-06 02:52:31 +02:00
Martin Weinelt
b10c54606b
migrations: ignore maildir when in folder layout 
Otherwise we'd be tryhing to move the maildir into itself and error out.
 2025-06-26 16:52:49 +02:00
Martin Weinelt
c45b8a1253 Merge branch 'migrate-dovecot-control-files' into 'master' 
migrations: also migrate dovecot control files

See merge request simple-nixos-mailserver/nixos-mailserver!423
 2025-06-26 00:01:26 +00:00
Martin Weinelt
d91d94be94
migrations: also migrate dovecot control files 2025-06-25 22:09:41 +02:00
Martin Weinelt
b9e28e23af
migrations: fix move of subscriptions 
It is a file and we skip over files in the location I added it before.
 2025-06-23 03:48:18 +02:00
Martin Weinelt
67f0b864cc
migrations: also migrate subscriptions file in maildir migration 
Otherwise users will be unsubscribed from all maildir folders.
 2025-06-23 02:38:01 +02:00
Martin Weinelt
cfb3136cf0 Merge branch 'fix-cannot-compare-null-with-an-integer' into 'master' 
assertions: fix eval error when `mailserver.stateVersion` is unset (null)

See merge request simple-nixos-mailserver/nixos-mailserver!421
 2025-06-22 13:25:22 +00:00
emilylange
6ef1eb9ce1
assertions: fix eval error when mailserver.stateVersion is unset (null) 
Eval does not stop on the first assertion failure it encouters.
Instead, it tries to evaluate all assertions and returns with a list of
those that failed.

This means our very top `config.mailserver.stateVersion != null`
assertion does not gate against any other assertions trying to compare
null against an integer.

The error prior to this commit can be reproduced by removing
`mailserver.stateVersion = 999;` in tests/lib/config.nix and then trying
to evaluate any of the tests:

~~~bash
# nix eval --raw .#checks.x86_64-linux.internal-unstable
error:
       … while evaluating the attribute 'outPath'
         at /nix/store/syvnmj3hhckkbncm94kfkbl76qsdqqj3-source/lib/customisation.nix:421:7:
          420|         drv.drvPath;
          421|       outPath =
             |       ^
          422|         assert condition;

       … while calling the 'getAttr' builtin
         at «internal»:1:500:
       (stack trace truncated; use '--show-trace' to show the full trace)

       error: cannot compare null with an integer
~~~
 2025-06-21 20:15:46 +02:00
Martin Weinelt
9d8caf5944 Merge branch 'dovecot-home-mail-migration' into 'master' 
dovecot: migrate to dedicated homedir and separate maildir paths

Closes #324

See merge request simple-nixos-mailserver/nixos-mailserver!408
 2025-06-21 10:23:58 +00:00
Martin Weinelt
3c1cff431c
tests: test for the expected maildir and index dir locations 
These are not ideal yet, but we should make them a fixture, so that we
are always aware what they are for the different supported setups.
 2025-06-21 10:28:43 +02:00
Martin Weinelt
f25495cabf
dovecot: fix custom index dir configuration for ldap users 2025-06-21 09:47:03 +02:00
Martin Weinelt
62ea8a7e00
dovecot: migrate to dedicated homedir and separate maildir paths 
Per the dovecot documentation[0] we were previously running with an
unsupported home directory configuration, because we shared them among
all virtual users at /var/vmail.

After resolving this by creating per user home directories at
/var/vmail/%{domain}/%{user} this now also overlaps with the location of
the Maildir, which is not recommended.

As a result we now need to migrate our Maildirs into
/var/vmail/%{domain}/%{user}/mail, for which a small shell script is
provided as part of this change.

The script is included in the documentation because we cannot provide it
in time for users, because they might already be seeing the relevant
assertion and there is no safe waiting period that would allow us to skip
shipping it like that.

[0] https://doc.dovecot.org/2.3/configuration_manual/mail_location/
 2025-06-21 09:46:32 +02:00
Martin Weinelt
601b33d2a7
tests/minimal: drop 
We have other tests that are minimal, e.g. the multiple test. And this
test wasn't even hooked up in flake.nix, so I'm doubtful that we really
need it.
 2025-06-19 01:04:56 +02:00
Martin Weinelt
ed6d699eb4 Merge branch 'nuke-sha1' into 'master' 
postfix: disable SHA1 for SMTP connections

See merge request simple-nixos-mailserver/nixos-mailserver!420
 2025-06-18 16:54:39 +00:00
Martin Weinelt
64aca4f2ce
postfix: disable SHA1 for SMTP connections 2025-06-18 06:58:42 +02:00