Commit graph

743 commits

Author SHA1 Message Date
c097bd662c
fix: allow for extraVirtualAliases and ldap
Some checks failed
Build / deploy (push) Has been cancelled
2025-06-17 19:10:46 +01:00
192a7d426f
ci: deploy upstream on changes
Some checks failed
Build / deploy (push) Has been cancelled
2025-06-17 18:26:34 +01:00
f76919c938
test: Checking if virtual aliases are functional.
Relates to https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/issues/22

test: Remove the account type limiatation

# Conflicts:
#	default.nix
#	mail-server/assertions.nix
2025-06-17 18:26:31 +01:00
Martin Weinelt
7405122dde Merge branch 'postfix-config' into 'master'
postfix: migrate more options to services.postfix.config

See merge request simple-nixos-mailserver/nixos-mailserver!418
2025-06-16 05:34:22 +00:00
Martin Weinelt
6652b57dda
postfix: rearrange smtpd_tls_chain_files option 2025-06-16 07:27:03 +02:00
Martin Weinelt
c8f809fa76
postfix: migrate more options to services.postfix.config
I'm working on deprecating the top-level options, that configure main.cf
upstream in nixpkgs. With this change we stay ahead of the curve.

The `networks_style` option already defaults to `host` since Postfix 3.0,
so I dropped the setting.

```
$ postconf -d | grep networks_style
mynetworks_style = ${{$compatibility_level} <level {2} ? {subnet} : {host}}
````
2025-06-16 07:03:49 +02:00
Martin Weinelt
5c1b9921e6 Merge branch 'suggest-dmarc' into 'master'
Suggest that folks enable DMARC reporting

See merge request simple-nixos-mailserver/nixos-mailserver!377
2025-06-15 23:15:19 +00:00
Martin Weinelt
67b0a7e946 Merge branch 'cleanup' into 'master'
treewide: remove global `with lib` and overly broad `with cfg`

See merge request simple-nixos-mailserver/nixos-mailserver!416
2025-06-15 03:48:33 +00:00
Martin Weinelt
a2152f9807
treewide: remove overly broad with cfg
Makes it really hard to follow references and we were being explicit in
most places already anyway.
2025-06-15 05:39:20 +02:00
Martin Weinelt
fb56bcf747
treewide: remove global with lib
Instead inherit required functions from lib.
2025-06-15 05:08:47 +02:00
Martin Weinelt
b555b3e8dc Merge branch 'cleanup' into 'master'
Format with nixfmt, drop redundant parentheses

See merge request simple-nixos-mailserver/nixos-mailserver!415
2025-06-15 02:45:24 +00:00
Martin Weinelt
1a7f3d718c
treewide: reformat with nixfmt-rfc-style 2025-06-15 03:39:44 +02:00
Martin Weinelt
03433d472f
flake.nix: enable nixfmt-rfc-style hook and formatter 2025-06-15 03:34:20 +02:00
Martin Weinelt
c7497cd5f6
treewide: remove redundant parenthesis in nix code 2025-06-15 03:28:48 +02:00
Martin Weinelt
5f592b5960 Merge branch 'crypto-v2' into 'master'
postfix, dovecot: modernize and comment TLS settings

See merge request simple-nixos-mailserver/nixos-mailserver!413
2025-06-14 22:52:29 +00:00
Martin Weinelt
21ce4b4ff8
dovecot: disable Diffie-Hellman support
Recommended in the modern recommendation by Mozilla. Support for elliptic
curves is widespread and they are much faster.
2025-06-15 00:22:58 +02:00
Martin Weinelt
efebf59b13
dovecot: configure preferred elliptic curves 2025-06-15 00:22:57 +02:00
Martin Weinelt
4fd9508d41
postfix: drop tls_random_source config
The setting already defaults to /dev/urandom.
2025-06-15 00:22:57 +02:00
Martin Weinelt
3828b00dea
postfix: configure preferred curves and disable FFDHE
This aligns with the intermediate configuration recommended by Mozilla.
2025-06-15 00:22:57 +02:00
Martin Weinelt
e27326d317
postfix: refactor and prune TLS settings
- Groups settings between server and client
- Uses a range comparator for supported TLS versions
- Prune excluded primitives to what affects the supported TLS versions
2025-06-15 00:22:57 +02:00
Martin Weinelt
23cc9a3996 Merge branch 'postfix-cert-key' into 'master'
postfix: configure cert/key using smtpd_tls_chain_files

Closes #183

See merge request simple-nixos-mailserver/nixos-mailserver!410
2025-06-14 12:47:58 +00:00
Martin Weinelt
e0ab4eeb67
docs/setup-guide: bump example stateVersion to 2
If you do a fresh install now you should be able to skip the first
migration step.
2025-06-14 01:20:27 +02:00
Martin Weinelt
8e0074c4e5 Merge branch 'flake-update' into 'master'
flake.lock: Update

See merge request simple-nixos-mailserver/nixos-mailserver!414
2025-06-13 02:13:15 +00:00
Martin Weinelt
3b7cda8cc5 flake.lock: Update
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/dcf5072734cb576d2b0c59b2ac44f5050b5eac82' (2025-03-22)
  → 'github:cachix/git-hooks.nix/623c56286de5a3193aa38891a6991b28f9bab056' (2025-06-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/adaa24fbf46737f3f1b5497bf64bae750f82942e' (2025-05-13)
  → 'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/ca49c4304acf0973078db0a9d200fd2bae75676d' (2025-05-18)
  → 'github:NixOS/nixpkgs/fd487183437963a59ba763c0cc4f27e3447dd6dd' (2025-06-12)
2025-06-13 04:00:52 +02:00
Martin Weinelt
3f1c6960d3 Merge branch 'smptp-smuggling-cleanup' into 'master'
postfix: remove option to toggle SMTP smuggling workarounnd

See merge request simple-nixos-mailserver/nixos-mailserver!411
2025-06-12 22:57:43 +00:00
Martin Weinelt
54cb3e5784 Merge branch 'crypto' into 'master'
postfix: allow client to select the preferred cipher

See merge request simple-nixos-mailserver/nixos-mailserver!412
2025-06-12 22:48:04 +00:00
Martin Weinelt
f1bd4b8215
postfix: remove option to toggle SMTP smuggling workarounnd
It has been default enabled since Postfix 3.9 and can still be configured
from the NixOS option mentioned in the removal warning.

Removing the option makes our interface leaner.

Information is based on https://www.postfix.org/smtp-smuggling.html#long.
2025-06-13 00:21:16 +02:00
Martin Weinelt
e540dc864c
postfix: configure cert/key using smtpd_tls_chain_files
The sslCert and sslKey options are going away, because they do too much,
e.g. provision the keypair for client certificate authentication, which
is not at all what we want or need.
2025-06-12 01:05:51 +02:00
Martin Weinelt
8b27add088 Merge branch 'backup_spam_db' into 'master'
docs: mention spam and ham training data in backup guide

See merge request simple-nixos-mailserver/nixos-mailserver!409
2025-06-06 21:16:24 +00:00
Guillaume Girol
49980abd25 mention spam and ham training data in backup guide 2025-06-06 12:00:00 +00:00
Martin Weinelt
f9b15192b8
postfix: allow client to select the preferred cipher
As long as all cipher we support are considered safe we can allow clients
to select one that suits them best.
2025-06-03 00:45:12 +02:00
Martin Weinelt
d6d6308ba2 Merge branch 'doc-backup-sieve' into 'master'
docs/backup-guide: add recommendation for sieveDirectory

See merge request simple-nixos-mailserver/nixos-mailserver!405
2025-06-02 14:57:24 +00:00
Tom Herbers
c4628a4c04
docs/backup-guide: add recommendation for sieveDirectory
Co-authored-by: Martin Weinelt <martin+gitlab@linuxlounge.net>
2025-06-02 11:27:09 +02:00
Martin Weinelt
8c835feaa7
docs/migrations: Improve title scoping for LDAP home dir migration 2025-06-02 04:31:41 +02:00
Martin Weinelt
c9f61e02ae
docs/howto-develop: fix stateVersion assertion example 2025-05-31 13:06:29 +02:00
Martin Weinelt
145afc5393 Merge branch 'assertions-guard-reformat' into 'master'
assertions: guard by enable flag and reformat

See merge request simple-nixos-mailserver/nixos-mailserver!407
2025-05-31 10:51:28 +00:00
Martin Weinelt
ea1b0f8e2b
assertions: guard by enable flag and reformat
None of these should trigger when you've not enabled mailserver.
2025-05-30 18:28:16 +02:00
Martin Weinelt
c8bc3e4f1f Merge branch 'ldap-mail-directory-assertion' into 'master'
Fix assertion for ldap mail directory

See merge request simple-nixos-mailserver/nixos-mailserver!406
2025-05-30 13:14:11 +00:00
Charlotte Van Petegem
519a85a801 Fix assertion for ldap mail directory 2025-05-30 12:49:02 +00:00
Martin Weinelt
ffd0e6f8f2 Merge branch 'dont-hardcode-ldap-home-base' into 'master'
dovecot: respect the mailDirectory base for LDAP home directories

See merge request simple-nixos-mailserver/nixos-mailserver!400
2025-05-29 21:14:25 +00:00
Martin Weinelt
7cb61e6e3a
dovecot: respect the mailDirectory base for LDAP home directories
This change is safe, if you have not altered the default value of the
 `mailserver.mailDirectory` setting.
2025-05-29 23:10:33 +02:00
Martin Weinelt
a1e9276656 Merge branch 'remove-dovecot-module-workaround' into 'master'
dovecot: remove workaround for services.dovecot2.modules removal

See merge request simple-nixos-mailserver/nixos-mailserver!404
2025-05-29 17:41:37 +00:00
Martin Weinelt
233c5e1a70
dovecot: remove workaround for services.dovecot2.modules removal 2025-05-29 14:06:34 +02:00
Martin Weinelt
506c6151d6 Merge branch 'various-things' into 'master'
Cleanup

See merge request simple-nixos-mailserver/nixos-mailserver!403
2025-05-29 06:58:39 +00:00
Martin Weinelt
11bfdbf136
tests: drop dhparam default length configuration
This has been the default value since the option was introduced back in
2018[0].

[0] 81fc2c3509
2025-05-29 08:49:37 +02:00
Martin Weinelt
10cccc7706
docs: fix code block syntax in migration init 2025-05-29 08:48:56 +02:00
Martin Weinelt
6a78dc3375 Merge branch 'stateVersion' into 'master'
Introduce stateVersion concept

See merge request simple-nixos-mailserver/nixos-mailserver!401
2025-05-29 06:14:17 +00:00
Martin Weinelt
792225e256
Introduce stateVersion concept
With upcoming changes to the dovecot home and maildirectories we need to
introduce a way to nudge users to inform themselves about manual
migration steps they might need to carry out.

The idea here is to allow us to safely make breaking changes and notify
the user of required migration steps at eval time, so they can make the
necessary changes in time.
2025-05-27 23:54:15 +02:00
Martin Weinelt
53007af63f Merge branch 'release-25.05' into 'master'
Release 25.05

See merge request simple-nixos-mailserver/nixos-mailserver!399
2025-05-23 01:53:51 +00:00
Martin Weinelt
51d48f1492
Release 25.11 2025-05-22 01:31:46 +02:00