aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
812 Commits 8 Branches 0 Tags
1cedddf425b8d2e7f8fa51debddc56d98d500182
Commit Graph

812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Weinelt
1cedddf425 flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37' (2025-10-17)
  → 'github:cachix/git-hooks.nix/8e7576e79b88c16d7ee3bbd112c8d90070832885' (2025-11-06)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4' (2025-11-02)
  → 'github:NixOS/nixpkgs/ae814fd3904b621d8ab97418f1d0f2eb0d3716f4' (2025-11-05)
 2025-11-08 17:55:51 +01:00
Martin Weinelt
ed771e37f7 Merge branch 'release-check' into 'master' 
Check release version compat, stop testing stable NixOS

See merge request simple-nixos-mailserver/nixos-mailserver!440
 2025-11-08 12:57:49 +00:00
Martin Weinelt
619e35dce2 Stop testing stable nixos 
We only test and support matching nixpkgs versions to simpliy alignment
with breaking changes on nixos unstable.
 2025-11-08 13:40:56 +01:00
Martin Weinelt
6dbbac29f9 Check release version compat 
To move into a better position to align this project with nixpkgs
unstable breaking changes we now default to require a matching nixpkgs
release.
 2025-11-08 13:39:33 +01:00
Martin Weinelt
cc54c4fa85 Merge branch 'disable-submission' into 'master' 
Disable submission with explicit STARTTLS by default

See merge request simple-nixos-mailserver/nixos-mailserver!461
 2025-11-08 11:56:16 +00:00
Martin Weinelt
1337e2eece Disable submission with explicit STARTTLS by default 
Deprecated, but not yet scheduled for removal pending user feedback.
 2025-11-08 12:50:50 +01:00
Martin Weinelt
58659fbdfd Merge branch 'hotfix-docs-build' into 'master' 
docs: fix Read the Docs by using portable-nix

See merge request simple-nixos-mailserver/nixos-mailserver!460
 2025-11-05 00:33:50 +00:00
emilylange
9f7291ce68 docs: fix Read the Docs by using portable-nix 
As of recently, Nix 2.6 from Ubuntu 22.04 became too old to evaluate
nixpkgs. A new-enough version of Nix is available as part of Ubuntu
24.04, but those newer versions of Nix aren't happy with our rather
primitive proot workaround anymore.

Thankfully, someone already made a version of Nix that does all the
heavy lifting for running in unprivileged environments like the one
Read the Docs provides. So we used that instead.
 2025-11-05 01:10:52 +01:00
Martin Weinelt
82c2225914 Merge branch 'flake-update' into 'master' 
flake.lock: Update

See merge request simple-nixos-mailserver/nixos-mailserver!459
 2025-11-04 00:21:16 +00:00
Martin Weinelt
85f0a94466 flake.nix: update sphinx-rtd-theme package attribute 
'sphinx_rtd_theme' has been renamed to/replaced by 'sphinx-rtd-theme'
 2025-11-04 00:51:49 +01:00
Martin Weinelt
70256c7d6e flake.lock: Update 
Flake lock file updates:

• Updated input 'flake-compat':
    'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885' (2025-05-12)
  → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5' (2025-10-27)
• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/54df955a695a84cd47d4a43e08e1feaf90b1fd9b' (2025-09-17)
  → 'github:cachix/git-hooks.nix/ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37' (2025-10-17)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e9f00bd893984bc8ce46c895c3bf7cac95331127' (2025-09-28)
  → 'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4' (2025-11-02)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/5ed4e25ab58fd4c028b59d5611e14ea64de51d23' (2025-09-29)
  → 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31' (2025-11-01)
 2025-11-04 00:48:17 +01:00
Martin Weinelt
6005d88bed Merge branch 'fix-acme-extraDomain' into 'master' 
Only set acme.extraDomainNames when the certificate scheme is acme

See merge request simple-nixos-mailserver/nixos-mailserver!450
 2025-10-03 11:08:18 +00:00
Antoine Eiche
9b57654b31 Only set acme.extraDomainNames when the certificate scheme is acme 
Otherwise, certificate domains appear twice in the certificate, since
they are added by the acme module and the nginx module.
 2025-10-02 09:36:14 +02:00
lewo
4a05bb1911 Merge branch 'update-flake-lock' into 'master' 
flake.lock: Update

See merge request simple-nixos-mailserver/nixos-mailserver!449
 2025-10-01 17:55:49 +00:00
Martin Weinelt
1e80fb2594 flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/16ec914f6fb6f599ce988427d9d94efddf25fe6d' (2025-06-24)
  → 'github:cachix/git-hooks.nix/54df955a695a84cd47d4a43e08e1feaf90b1fd9b' (2025-09-17)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/94def634a20494ee057c76998843c015909d6311' (2025-07-31)
  → 'github:NixOS/nixpkgs/e9f00bd893984bc8ce46c895c3bf7cac95331127' (2025-09-28)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a' (2025-07-29)
  → 'github:NixOS/nixpkgs/5ed4e25ab58fd4c028b59d5611e14ea64de51d23' (2025-09-29)
 2025-10-01 12:18:02 +02:00
lewo
0ab40d0575 Merge branch 'fix/acme-extra-domains' into 'master' 
fix(acme): request certificates for the extra domains too

See merge request simple-nixos-mailserver/nixos-mailserver!448
 2025-09-30 05:33:00 +00:00
Giel van Schijndel
bf2b313365 fix(acme): request certificates for the extra domains too 
Instead of just making it _possible_ to perform the name validation...
 2025-09-28 19:03:32 +02:00
Martin Weinelt
d2534fa431 Merge branch 'fix-jobset-generation' into 'master' 
ci: disable command execution in jobset generation

See merge request simple-nixos-mailserver/nixos-mailserver!447
 2025-09-22 13:27:17 +00:00
Martin Weinelt
39ead49eb4 ci: disable command execution in jobset generation 
When GitLab PR descriptions contain markdown inline code blocks they get
interpreted as command substitutions in bash.

This is because the here-doc string previously allowed for this behavior.
 2025-09-22 15:23:26 +02:00
Martin Weinelt
c709476ac5 Merge branch 'disable-plain-access' into 'master' 
Disable plaintext access per RFC 8314

See merge request simple-nixos-mailserver/nixos-mailserver!446
 2025-09-22 13:19:49 +00:00
Martin Weinelt
54f37811dd Disable plaintext access per RFC 8314 
This deprecates the `enableImap` and `enablePop` options and opens them
up for future removal.
 2025-09-22 03:46:43 +02:00
Martin Weinelt
b49ae46f22 Merge branch 'rspamd-local-networks' into 'master' 
rspamd: restrict addresses we disable checks for to localhost

Closes #326

See merge request simple-nixos-mailserver/nixos-mailserver!444
 2025-08-25 13:55:52 +00:00
Martin Weinelt
1a2d7a4bf5 rspamd: restrict addresses we disable checks for to localhost 
By default this includes private network subnets, but those should really
use authentication instead, if they want to skip checks.

Closes: #326
 2025-08-25 04:12:30 +02:00
Martin Weinelt
cc5f180427 Merge branch 'test-enableSubmissionSsl' into 'master' 
tests: also test client submission over `smtps://` instead of just `smtp://` with STARTTLS

See merge request simple-nixos-mailserver/nixos-mailserver!443
 2025-08-24 00:41:08 +00:00
emilylange
63b8e1615f tests: also test client submission over smtps:// 
instead of just smtp:// with STARTTLS.

Opted to call the flag --ssl and not --tls to keep it consistent with
the module option (mailserver.enableSubmissionSsl), dovecot internals
and smtplib in mail-check.py.
 2025-08-24 02:29:30 +02:00
Martin Weinelt
958c112fba Merge branch 'dkim-rsa2048' into 'master' 
Increase default DKIM key bits to 2048

Closes #333

See merge request simple-nixos-mailserver/nixos-mailserver!442
 2025-08-22 20:42:21 +00:00
Martin Weinelt
2204f55329 Increase default DKIM key bits to 2048 
This is the current recommendation in RFC 8301 from early 2018.

Fixes: #333
 2025-08-22 22:38:31 +02:00
Martin Weinelt
2be40a9653 Merge branch 'docs-fix-dovecot-links' into 'master' 
docs/dovecot: fix dovecot URLs (again)

See merge request simple-nixos-mailserver/nixos-mailserver!441
 2025-08-22 20:34:21 +00:00
emilylange
b7d2f287f3 docs/dovecot: fix dovecot URLs (again) 
https://doc.dovecot.org/configuration_manual moved to
https://doc.dovecot.org/2.3/configuration_manual to make room for
https://doc.dovecot.org/:version/ where :version can be any one of 2.3,
2.4.0, 2.4.1 or main.

Unfortunately, there is no redirect for the 2.3 manual pages, rendering
a few of those dovecot links dead. I figured we want to keep the old
docs at /2.3/ for now until we eventually migrate to 2.4, as there are
some differences in the ldap interface between those versions.

Previously: 90539a1a99
 2025-08-22 22:06:29 +02:00
Martin Weinelt
57d9624c71 Merge branch 'dmarc-reporter' into 'master' 
Allow AF_UNIX sockets for dmarc reporter, tokenize commandline

Closes #331

See merge request simple-nixos-mailserver/nixos-mailserver!437
 2025-08-07 22:31:50 +00:00
Martin Weinelt
fc955088e3 Respect configureLocally flag for redis 2025-08-08 00:01:45 +02:00
Martin Weinelt
43f87f5520 Tokenize dmarc reporter commandline 2025-08-08 00:01:45 +02:00
Martin Weinelt
aa06b2f489 Allow AF_UNIX sockets for dmarc reporter and allow group access 
This is required to use redis over UNIX domain sockets.
 2025-08-08 00:01:45 +02:00
Martin Weinelt
eb656cd361 Merge branch 'flake-bump' into 'master' 
postfix: don't cast message_size_limit to string

See merge request simple-nixos-mailserver/nixos-mailserver!435
 2025-08-02 00:27:02 +00:00
Martin Weinelt
b76a547bec treewide: reformat with nixfmt 1.0.0 2025-08-02 02:19:15 +02:00
Martin Weinelt
cea6f25a40 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/1fd8bada0b6117e6c7eb54aad5813023eed37ccb' (2025-07-06)
  → 'github:NixOS/nixpkgs/94def634a20494ee057c76998843c015909d6311' (2025-07-31)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/29e290002bfff26af1db6f64d070698019460302' (2025-07-05)
  → 'github:NixOS/nixpkgs/1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a' (2025-07-29)
 2025-08-02 02:12:47 +02:00
Martin Weinelt
027e6bcd76 postfix: don't cast message_size_limit to string 
On unstable this will become a signed integer and there was never a good
reason for this to be a string.
 2025-08-02 02:11:11 +02:00
Martin Weinelt
ce87c8a977 Merge branch 'options' into 'master' 
acmeCertificateName: Set defaultText as the default is dynamic

See merge request simple-nixos-mailserver/nixos-mailserver!432
 2025-07-23 15:47:20 +00:00
Tom Hubrecht
29de3e6865 acmeCertificateName: Set defaultText as the default is dynamic 2025-07-23 17:18:30 +02:00
Martin Weinelt
80d21ed7a1 Merge branch 'system-options' into 'master' 
Introduce system name and domain options

See merge request simple-nixos-mailserver/nixos-mailserver!427
 2025-07-09 11:20:39 +00:00
Martin Weinelt
e9953aa154 ruff: reject implicit string concat 
This is a common mistake that could have been prevented.

```
migrations/nixos-mailserver-migration-03.py:42:9: ISC002 Implicitly concatenated string literals over multiple lines
   |
40 |   def is_maildir_related(path: Path, layout: FolderLayout) -> bool:
41 |       if path.name in [
42 | /         "subscriptions"
43 | |         # https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/maildir/#imap-uid-mapping
44 | |         "dovecot-uidlist",
   | |_________________________^ ISC002
45 |           # https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/maildir/#imap-keywords
46 |           "dovecot-keywords",
   |
```
 2025-07-09 03:59:54 +02:00
Martin Weinelt
dda91cfc15 Merge branch 'patch-1' into 'master' 
migrations: add missing comma in list

See merge request simple-nixos-mailserver/nixos-mailserver!429
 2025-07-09 01:43:03 +00:00
Yureka
c2df33f76a migrations: add missing comma in list 2025-07-09 01:39:51 +00:00
Martin Weinelt
2b240501e0 Introduce system name and domain options 
Bring them up from the DMARC reporting section to the mailserver toplevel
so they become reusable for the upcoming TLSRPT integration.

We default to the first domain in the domains option, if not set
explicitly, so that `systemDomain` doesn't become a blocker for existing
setups. We still encourage picking out the intended one, which is likely
the one used for the MX hostname.

This also simplifies the DMARC reporting configuration, which doesn't
need to be so fine-grained.

Co-Authored-By: Emily <git@emilylange.de>
 2025-07-09 01:44:10 +02:00
Martin Weinelt
0aeb2849ad mail-check: fix format string 2025-07-08 04:39:36 +02:00
Martin Weinelt
47786932cb tests: fix deprecate machine config access 2025-07-08 03:58:37 +02:00
Martin Weinelt
358a44674e Merge branch 'flake-bump' into 'master' 
flake.lock: Update

See merge request simple-nixos-mailserver/nixos-mailserver!428
 2025-07-08 01:29:06 +00:00
Martin Weinelt
679bce8bbb flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/623c56286de5a3193aa38891a6991b28f9bab056' (2025-06-11)
  → 'github:cachix/git-hooks.nix/16ec914f6fb6f599ce988427d9d94efddf25fe6d' (2025-06-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07)
  → 'github:NixOS/nixpkgs/1fd8bada0b6117e6c7eb54aad5813023eed37ccb' (2025-07-06)
• Updated input 'nixpkgs-25_05':
    'github:NixOS/nixpkgs/fd487183437963a59ba763c0cc4f27e3447dd6dd' (2025-06-12)
  → 'github:NixOS/nixpkgs/29e290002bfff26af1db6f64d070698019460302' (2025-07-05)
 2025-07-08 03:20:45 +02:00
Martin Weinelt
334e370c1f Merge branch 'dovecot-unit-name-migration' into 'master' 
dovecot: use marker option as unit name migration indicator

See merge request simple-nixos-mailserver/nixos-mailserver!426
 2025-07-06 23:24:27 +00:00
Martin Weinelt
d6d2053b80 dovecot: use marker option as unit name migration indicator 
In nixpkgs we expose `services.dovecot.hasNewUnitName` option that can be
safely inspected to understand that whether to use the `dovecot` systemd
service name instead of `dovecot2`.
 2025-07-07 01:10:19 +02:00