docs/setup-{guide,example}: refresh the whole guide

- add many motivation, helpful comments and important details - improve formatting through use of more native sphinx/rst elements, like the csv-table for DNS records - clarify the basic requirements - use dig for uncached DNS propagation checks against an authoritative nameserver - explain the basic feature set of the setup example - adjust DNS TTLs; 1h is a common duration in modern setups and does not hurt caching much - remove mention of the announce mailinglist, users can just expect releases to be ready around branch-off
2026-03-09 03:58:35 +01:00
parent 88889601b9
commit 4089d73b51
2 changed files with 244 additions and 136 deletions
@@ -5,10 +5,15 @@
 {
  imports = [
    (builtins.fetchTarball {
-      # Pick a release version you are interested in and set its hash, e.g.
+      # This is a quick and dirty way to import a NixOS mailserver release. What
+      # you should do long-term is use a proper dependency pinning tool like npins
+      # or flakes.
+
+      # URL to the tarball for the release matching your NixOS release
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz";
-      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
-      # release="nixos-25.11"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
+
+      # Hash of the unpacked tarball, run the following command to retrieve it
+      # release="nixos-25.11" nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
      sha256 = "0000000000000000000000000000000000000000000000000000";
    })
  ];
@@ -30,18 +35,22 @@
    fqdn = "mail.example.com";
    domains = [ "example.com" ];

-    # reference an existing ACME configuration
+    # Reference the existing ACME configuration created by nginx
    x509.useACMEHost = config.mailserver.fqdn;

    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -s'
    loginAccounts = {
      "user1@example.com" = {
+        # Reads the password hash from a file on the server
        hashedPasswordFile = "/a/file/containing/a/hashed/password";
+
+        # Additional addresses delivered to this mailbox
        aliases = [ "postmaster@example.com" ];
      };
      "user2@example.com" = {
-        # ...
+        # Provides the password hash inline
+        hashedPassword = "$y$j9T$JqqefR6flaaJBRjD4KVZc1$QM6h4Spr5.yn/FuIT.ydTV22daEbiVd8ZprV/POtPgB";
      };
    };
  };