Allow TLSv1 for compatibility with older devices

default.nix

@@ -277,7 +277,7 @@ in
 
       dovecot = {
         userAttrs = mkOption {
-          type = types.nullOr types.str;
+          type = types.str;
           default = "";
           description = ''
             LDAP attributes to be retrieved during userdb lookups.

docs/rspamd-tuning.rst

@@ -24,14 +24,17 @@ You can run the training in a root shell as follows:
 
 .. code:: bash
 
+  # Path to the controller socket
+  export RSOCK="/var/run/rspamd/worker-controller.sock"
+
   # Learn the Junk folder as spam
-  rspamc learn_spam /var/vmail/$DOMAIN/$USER/.Junk/cur/
+  rspamc -h $RSOCK learn_spam /var/vmail/$DOMAIN/$USER/.Junk/cur/
 
   # Learn the INBOX as ham
-  rspamc learn_ham /var/vmail/$DOMAIN/$USER/cur/
+  rspamc -h $RSOCK learn_ham /var/vmail/$DOMAIN/$USER/cur/
 
   # Check that training was successful
-  rspamc stat | grep learned
+  rspamc -h $RSOCK stat | grep learned
 
 Tune symbol weight
 ~~~~~~~~~~~~~~~~~~

flake.lock

@@ -67,7 +67,41 @@
         "blobs": "blobs",
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-24_05": "nixpkgs-24_05"
+        "nixpkgs-24_05": "nixpkgs-24_05",
+        "utils": "utils"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1709126324,
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
       }
     }
   },

flake.nix

@@ -6,6 +6,7 @@
       url = "github:edolstra/flake-compat";
       flake = false;
     };
+    utils.url = "github:numtide/flake-utils";
     nixpkgs.url = "flake:nixpkgs/nixos-unstable";
     nixpkgs-24_05.url = "flake:nixpkgs/nixos-24.05";
     blobs = {
@@ -14,7 +15,7 @@
     };
   };
 
-  outputs = { self, blobs, nixpkgs, nixpkgs-24_05, ... }: let
+  outputs = { self, utils, blobs, nixpkgs, nixpkgs-24_05, ... }: let
     lib = nixpkgs.lib;
     system = "x86_64-linux";
     pkgs = nixpkgs.legacyPackages.${system};

mail-server/dovecot.nix

@@ -76,7 +76,7 @@ let
       auth_bind = yes
       base = ${cfg.ldap.searchBase}
       scope = ${mkLdapSearchScope cfg.ldap.searchScope}
-      ${lib.optionalString (cfg.ldap.dovecot.userAttrs != null) ''
+      ${lib.optionalString (cfg.ldap.dovecot.userAttrs != "") ''
       user_attrs = ${cfg.ldap.dovecot.userAttrs}
       ''}
       user_filter = ${cfg.ldap.dovecot.userFilter}

mail-server/postfix.nix

@@ -325,7 +325,7 @@ in
           privileged = true;
           chroot = false;
           command = "spawn";
-          args = [ "user=nobody" "argv=${pkgs.spf-engine}/bin/policyd-spf" "${policyd-spf}"];
+          args = [ "user=nobody" "argv=${pkgs.pypolicyd-spf}/bin/policyd-spf" "${policyd-spf}"];
         };
         "submission-header-cleanup" = {
           type = "unix";

mail-server/rspamd.nix

@@ -25,15 +25,6 @@ let
 in
 {
   config = with cfg; lib.mkIf enable {
-    environment.systemPackages = lib.mkBefore [
-      (pkgs.runCommand "rspamc-wrapped" {
-        nativeBuildInputs = with pkgs; [ makeWrapper ];
-       }''
-        makeWrapper ${pkgs.rspamd}/bin/rspamc $out/bin/rspamc \
-          --add-flags "-h /var/run/rspamd/worker-controller.sock"
-      '')
-    ];
-
     services.rspamd = {
       enable = true;
       inherit debug;