Allow TLSv1 for compatibility with older devices

readme: remove the announcement public key
Current maintainer no longer has it.
2023-06-01 16:53:35 +02:00 · 2023-05-30 23:37:31 +02:00 · 2023-05-30 23:37:31 +02:00 · 2023-05-30 23:37:31 +02:00
7 changed files with 40 additions and 42 deletions
--- a/.hydra/declarative-jobsets.nix
+++ b/.hydra/declarative-jobsets.nix
@@ -32,8 +32,8 @@ let

  desc = prJobsets // {
    "master" = mkFlakeJobset "master";
-    "nixos-22.05" = mkFlakeJobset "nixos-22.05";
    "nixos-22.11" = mkFlakeJobset "nixos-22.11";
+    "nixos-23.05" = mkFlakeJobset "nixos-23.05";
  };

  log = {
--- a/README.md
+++ b/README.md
@@ -8,26 +8,21 @@
 For each NixOS release, we publish a branch. You then have to use the
 SNM branch corresponding to your NixOS version.

+* For NixOS 23.05
+   - Use the [SNM branch `nixos-23.05`](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/tree/nixos-23.05)
+   - [Documentation](https://nixos-mailserver.readthedocs.io/en/nixos-23.05/)
+   - [Release notes](https://nixos-mailserver.readthedocs.io/en/nixos-23.05/release-notes.html#nixos-23-05)
 * For NixOS 22.11
   - Use the [SNM branch `nixos-22.11`](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/tree/nixos-22.11)
   - [Documentation](https://nixos-mailserver.readthedocs.io/en/nixos-22.11/)
   - [Release notes](https://nixos-mailserver.readthedocs.io/en/nixos-22.11/release-notes.html#nixos-22-11)
-* For NixOS 22.05
-   - Use the [SNM branch `nixos-22.05`](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/tree/nixos-22.05)
-   - [Documentation](https://nixos-mailserver.readthedocs.io/en/nixos-22.05/)
-   - [Release notes](https://nixos-mailserver.readthedocs.io/en/nixos-22.05/release-notes.html#nixos-22-05)
 * For NixOS unstable
   - Use the [SNM branch `master`](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/tree/master)
   - [Documentation](https://nixos-mailserver.readthedocs.io/en/latest/)

 [Subscribe to SNM Announcement List](https://www.freelists.org/list/snm)
 This is a very low volume list where new releases of SNM are announced, so you
-can stay up to date with bug fixes and updates. All announcements are signed by
-the gpg key with fingerprint
-
-```
-D9FE 4119 F082 6F15 93BD  BD36 6162 DBA5 635E A16A
-```
+can stay up to date with bug fixes and updates.


 ## Features
@@ -117,30 +112,9 @@ For a complete list of options, see `default.nix`.
 ## How to Set Up a 10/10 Mail Server Guide
 Check out the [Complete Setup Guide](https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html) in the project's documentation.

-## How to Backup
-
-Checkout the [Complete Backup Guide](https://nixos-mailserver.readthedocs.io/en/latest/backup-guide.html). Backups are easy with `SNM`.
-
 ## Development

-See the [How to Develop SNM](https://nixos-mailserver.readthedocs.io/en/latest/howto-develop.html) wiki page.
-
-## Release notes
-
-### nixos-20.03
-
- Rspamd is upgraded to 2.0 which deprecates the SQLite Bayes
-  backend. We then moved to the Redis backend (the default since
-  Rspamd 2.0). If you don't want to relearn the Redis backend from the
-  scratch, we could manually run
-
-      rspamadm statconvert --spam-db /var/lib/rspamd/bayes.spam.sqlite --ham-db /var/lib/rspamd/bayes.ham.sqlite -h 127.0.0.1:6379 --symbol-ham BAYES_HAM --symbol-spam BAYES_SPAM
-
-  See the [Rspamd migration
-  notes](https://rspamd.com/doc/migration.html#migration-to-rspamd-20)
-  and [this SNM Merge
-  Request](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/164)
-  for details.
+See the [How to Develop SNM](https://nixos-mailserver.readthedocs.io/en/latest/howto-develop.html) documentation page.

 ## Contributors
 See the [contributor tab](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/graphs/master)
@@ -155,6 +129,4 @@ See the [contributor tab](https://gitlab.com/simple-nixos-mailserver/nixos-mails
 * Logo made with [Logomakr.com](https://logomakr.com)


-
-
 [logo]: docs/logo.png
--- a/flake.lock
+++ b/flake.lock
@@ -62,12 +62,28 @@
        "type": "indirect"
      }
    },
+    "nixpkgs-23_05": {
+      "locked": {
+        "lastModified": 1684782344,
+        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
    "root": {
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs",
        "nixpkgs-22_11": "nixpkgs-22_11",
+        "nixpkgs-23_05": "nixpkgs-23_05",
        "utils": "utils"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@@ -9,13 +9,14 @@
    utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "flake:nixpkgs/nixos-unstable";
    nixpkgs-22_11.url = "flake:nixpkgs/nixos-22.11";
+    nixpkgs-23_05.url = "flake:nixpkgs/nixos-23.05";
    blobs = {
      url = "gitlab:simple-nixos-mailserver/blobs";
      flake = false;
    };
  };

-  outputs = { self, utils, blobs, nixpkgs, nixpkgs-22_11, ... }: let
+  outputs = { self, utils, blobs, nixpkgs, nixpkgs-22_11, nixpkgs-23_05, ... }: let
    lib = nixpkgs.lib;
    system = "x86_64-linux";
    pkgs = nixpkgs.legacyPackages.${system};
@@ -24,6 +25,10 @@
        name = "unstable";
        pkgs = nixpkgs.legacyPackages.${system};
      }
+      {
+        name = "23.05";
+        pkgs = nixpkgs-22_11.legacyPackages.${system};
+      }
    ];
    testNames = [
      "internal"
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -200,7 +200,7 @@ in

        mail_access_groups = ${vmailGroupName}
        ssl = required
-        ssl_min_protocol = TLSv1.2
+        ssl_min_protocol = TLSv1
        ssl_prefer_server_ciphers = yes

        service lmtp {
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -206,10 +206,10 @@ in
        smtpd_tls_eecdh_grade = "ultra";

        # Disable obselete protocols
-        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
+        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";

        smtp_tls_ciphers = "high";
        smtpd_tls_ciphers = "high";
--- a/tests/multiple.nix
+++ b/tests/multiple.nix
@@ -30,7 +30,12 @@ let
      };
      services.dnsmasq = {
        enable = true;
-        settings.mx-host = [ "domain1.com,domain1,10" "domain2.com,domain2,10" ];
+        # Fixme: once nixos-23.05 hhas been removed, could be replaced by
+        # settings.mx-host = [ "domain1.com,domain1,10" "domain2.com,domain2,10" ];
+        extraConfig = ''
+          mx-host=domain1.com,domain1,10
+          mx-host=domain2.com,domain2,10
+        '';
      };
    };
Author	SHA1	Message	Date
Jakub Skokan	478da2c67b	Allow TLSv1 for compatibility with older devices	2023-06-01 16:53:35 +02:00
Antoine Eiche	acc7791ee9	readme: remove the announcement public key Current maintainer no longer has it.	2023-05-30 23:37:31 +02:00
Antoine Eiche	758fa8f9bc	Release 23.05	2023-05-30 23:37:31 +02:00
Antoine Eiche	811389e31b	Preserve the compatibility with nixos-23.05	2023-05-30 23:37:31 +02:00