c097bd662c
fix: allow for extraVirtualAliases and ldap
Build / deploy (push) Has been cancelled
2025-06-17 19:10:46 +01:00
192a7d426f
ci: deploy upstream on changes
Build / deploy (push) Has been cancelled
2025-06-17 18:26:34 +01:00
f76919c938
test: Checking if virtual aliases are functional.
...
Relates to https://gitlab.skynet.ie/compsoc1/skynet/nixos/-/issues/22
test: Remove the account type limiatation
# Conflicts:
# default.nix
# mail-server/assertions.nix
2025-06-17 18:26:31 +01:00
Martin Weinelt
7405122dde
Merge branch 'postfix-config' into 'master'
...
postfix: migrate more options to services.postfix.config
See merge request simple-nixos-mailserver/nixos-mailserver!418
2025-06-16 05:34:22 +00:00
Martin Weinelt
6652b57dda
postfix: rearrange smtpd_tls_chain_files option
2025-06-16 07:27:03 +02:00
Martin Weinelt
c8f809fa76
postfix: migrate more options to services.postfix.config
...
I'm working on deprecating the top-level options, that configure main.cf
upstream in nixpkgs. With this change we stay ahead of the curve.
The `networks_style` option already defaults to `host` since Postfix 3.0,
so I dropped the setting.
```
$ postconf -d | grep networks_style
mynetworks_style = ${{$compatibility_level} <level {2} ? {subnet} : {host}}
````
2025-06-16 07:03:49 +02:00
Martin Weinelt
5c1b9921e6
Merge branch 'suggest-dmarc' into 'master'
...
Suggest that folks enable DMARC reporting
See merge request simple-nixos-mailserver/nixos-mailserver!377
2025-06-15 23:15:19 +00:00
Martin Weinelt
67b0a7e946
Merge branch 'cleanup' into 'master'
...
treewide: remove global `with lib` and overly broad `with cfg`
See merge request simple-nixos-mailserver/nixos-mailserver!416
2025-06-15 03:48:33 +00:00
Martin Weinelt
a2152f9807
treewide: remove overly broad with cfg
...
Makes it really hard to follow references and we were being explicit in
most places already anyway.
2025-06-15 05:39:20 +02:00
Martin Weinelt
fb56bcf747
treewide: remove global with lib
...
Instead inherit required functions from lib.
2025-06-15 05:08:47 +02:00
Martin Weinelt
b555b3e8dc
Merge branch 'cleanup' into 'master'
...
Format with nixfmt, drop redundant parentheses
See merge request simple-nixos-mailserver/nixos-mailserver!415
2025-06-15 02:45:24 +00:00
Martin Weinelt
1a7f3d718c
treewide: reformat with nixfmt-rfc-style
2025-06-15 03:39:44 +02:00
Martin Weinelt
03433d472f
flake.nix: enable nixfmt-rfc-style hook and formatter
2025-06-15 03:34:20 +02:00
Martin Weinelt
c7497cd5f6
treewide: remove redundant parenthesis in nix code
2025-06-15 03:28:48 +02:00
Martin Weinelt
5f592b5960
Merge branch 'crypto-v2' into 'master'
...
postfix, dovecot: modernize and comment TLS settings
See merge request simple-nixos-mailserver/nixos-mailserver!413
2025-06-14 22:52:29 +00:00
Martin Weinelt
21ce4b4ff8
dovecot: disable Diffie-Hellman support
...
Recommended in the modern recommendation by Mozilla. Support for elliptic
curves is widespread and they are much faster.
2025-06-15 00:22:58 +02:00
Martin Weinelt
efebf59b13
dovecot: configure preferred elliptic curves
2025-06-15 00:22:57 +02:00
Martin Weinelt
4fd9508d41
postfix: drop tls_random_source config
...
The setting already defaults to /dev/urandom.
2025-06-15 00:22:57 +02:00
Martin Weinelt
3828b00dea
postfix: configure preferred curves and disable FFDHE
...
This aligns with the intermediate configuration recommended by Mozilla.
2025-06-15 00:22:57 +02:00
Martin Weinelt
e27326d317
postfix: refactor and prune TLS settings
...
- Groups settings between server and client
- Uses a range comparator for supported TLS versions
- Prune excluded primitives to what affects the supported TLS versions
2025-06-15 00:22:57 +02:00
Martin Weinelt
23cc9a3996
Merge branch 'postfix-cert-key' into 'master'
...
postfix: configure cert/key using smtpd_tls_chain_files
Closes #183
See merge request simple-nixos-mailserver/nixos-mailserver!410
2025-06-14 12:47:58 +00:00
Martin Weinelt
e0ab4eeb67
docs/setup-guide: bump example stateVersion to 2
...
If you do a fresh install now you should be able to skip the first
migration step.
2025-06-14 01:20:27 +02:00
Martin Weinelt
8e0074c4e5
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!414
2025-06-13 02:13:15 +00:00
Martin Weinelt
3b7cda8cc5
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/dcf5072734cb576d2b0c59b2ac44f5050b5eac82' (2025-03-22)
→ 'github:cachix/git-hooks.nix/623c56286de5a3193aa38891a6991b28f9bab056' (2025-06-11)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/adaa24fbf46737f3f1b5497bf64bae750f82942e' (2025-05-13)
→ 'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07)
• Updated input 'nixpkgs-25_05':
'github:NixOS/nixpkgs/ca49c4304acf0973078db0a9d200fd2bae75676d' (2025-05-18)
→ 'github:NixOS/nixpkgs/fd487183437963a59ba763c0cc4f27e3447dd6dd' (2025-06-12)
2025-06-13 04:00:52 +02:00
Martin Weinelt
3f1c6960d3
Merge branch 'smptp-smuggling-cleanup' into 'master'
...
postfix: remove option to toggle SMTP smuggling workarounnd
See merge request simple-nixos-mailserver/nixos-mailserver!411
2025-06-12 22:57:43 +00:00
Martin Weinelt
54cb3e5784
Merge branch 'crypto' into 'master'
...
postfix: allow client to select the preferred cipher
See merge request simple-nixos-mailserver/nixos-mailserver!412
2025-06-12 22:48:04 +00:00
Martin Weinelt
f1bd4b8215
postfix: remove option to toggle SMTP smuggling workarounnd
...
It has been default enabled since Postfix 3.9 and can still be configured
from the NixOS option mentioned in the removal warning.
Removing the option makes our interface leaner.
Information is based on https://www.postfix.org/smtp-smuggling.html#long .
2025-06-13 00:21:16 +02:00
Martin Weinelt
e540dc864c
postfix: configure cert/key using smtpd_tls_chain_files
...
The sslCert and sslKey options are going away, because they do too much,
e.g. provision the keypair for client certificate authentication, which
is not at all what we want or need.
2025-06-12 01:05:51 +02:00
Martin Weinelt
8b27add088
Merge branch 'backup_spam_db' into 'master'
...
docs: mention spam and ham training data in backup guide
See merge request simple-nixos-mailserver/nixos-mailserver!409
2025-06-06 21:16:24 +00:00
Guillaume Girol
49980abd25
mention spam and ham training data in backup guide
2025-06-06 12:00:00 +00:00
Martin Weinelt
f9b15192b8
postfix: allow client to select the preferred cipher
...
As long as all cipher we support are considered safe we can allow clients
to select one that suits them best.
2025-06-03 00:45:12 +02:00
Martin Weinelt
d6d6308ba2
Merge branch 'doc-backup-sieve' into 'master'
...
docs/backup-guide: add recommendation for sieveDirectory
See merge request simple-nixos-mailserver/nixos-mailserver!405
2025-06-02 14:57:24 +00:00
Tom Herbers
c4628a4c04
docs/backup-guide: add recommendation for sieveDirectory
...
Co-authored-by: Martin Weinelt <martin+gitlab@linuxlounge.net>
2025-06-02 11:27:09 +02:00
Martin Weinelt
8c835feaa7
docs/migrations: Improve title scoping for LDAP home dir migration
2025-06-02 04:31:41 +02:00
Martin Weinelt
c9f61e02ae
docs/howto-develop: fix stateVersion assertion example
2025-05-31 13:06:29 +02:00
Martin Weinelt
145afc5393
Merge branch 'assertions-guard-reformat' into 'master'
...
assertions: guard by enable flag and reformat
See merge request simple-nixos-mailserver/nixos-mailserver!407
2025-05-31 10:51:28 +00:00
Martin Weinelt
ea1b0f8e2b
assertions: guard by enable flag and reformat
...
None of these should trigger when you've not enabled mailserver.
2025-05-30 18:28:16 +02:00
Martin Weinelt
c8bc3e4f1f
Merge branch 'ldap-mail-directory-assertion' into 'master'
...
Fix assertion for ldap mail directory
See merge request simple-nixos-mailserver/nixos-mailserver!406
2025-05-30 13:14:11 +00:00
Charlotte Van Petegem
519a85a801
Fix assertion for ldap mail directory
2025-05-30 12:49:02 +00:00
Martin Weinelt
ffd0e6f8f2
Merge branch 'dont-hardcode-ldap-home-base' into 'master'
...
dovecot: respect the mailDirectory base for LDAP home directories
See merge request simple-nixos-mailserver/nixos-mailserver!400
2025-05-29 21:14:25 +00:00
Martin Weinelt
7cb61e6e3a
dovecot: respect the mailDirectory base for LDAP home directories
...
This change is safe, if you have not altered the default value of the
`mailserver.mailDirectory` setting.
2025-05-29 23:10:33 +02:00
Martin Weinelt
a1e9276656
Merge branch 'remove-dovecot-module-workaround' into 'master'
...
dovecot: remove workaround for services.dovecot2.modules removal
See merge request simple-nixos-mailserver/nixos-mailserver!404
2025-05-29 17:41:37 +00:00
Martin Weinelt
233c5e1a70
dovecot: remove workaround for services.dovecot2.modules removal
2025-05-29 14:06:34 +02:00
Martin Weinelt
506c6151d6
Merge branch 'various-things' into 'master'
...
Cleanup
See merge request simple-nixos-mailserver/nixos-mailserver!403
2025-05-29 06:58:39 +00:00
Martin Weinelt
11bfdbf136
tests: drop dhparam default length configuration
...
This has been the default value since the option was introduced back in
2018[0].
[0] 81fc2c3509
2025-05-29 08:49:37 +02:00
Martin Weinelt
10cccc7706
docs: fix code block syntax in migration init
2025-05-29 08:48:56 +02:00
Martin Weinelt
6a78dc3375
Merge branch 'stateVersion' into 'master'
...
Introduce stateVersion concept
See merge request simple-nixos-mailserver/nixos-mailserver!401
2025-05-29 06:14:17 +00:00
Martin Weinelt
792225e256
Introduce stateVersion concept
...
With upcoming changes to the dovecot home and maildirectories we need to
introduce a way to nudge users to inform themselves about manual
migration steps they might need to carry out.
The idea here is to allow us to safely make breaking changes and notify
the user of required migration steps at eval time, so they can make the
necessary changes in time.
2025-05-27 23:54:15 +02:00
Martin Weinelt
53007af63f
Merge branch 'release-25.05' into 'master'
...
Release 25.05
See merge request simple-nixos-mailserver/nixos-mailserver!399
2025-05-23 01:53:51 +00:00
Martin Weinelt
51d48f1492
Release 25.11
2025-05-22 01:31:46 +02:00