docs/setup-{guide,example}: refresh the whole guide

- add many motivation, helpful comments and important details
- improve formatting through use of more native sphinx/rst elements, like
  the csv-table for DNS records
- clarify the basic requirements
- use dig for uncached DNS propagation checks against an authoritative
  nameserver
- explain the basic feature set of the setup example
- adjust DNS TTLs; 1h is a common duration in modern setups and does not
  hurt caching much
- remove mention of the announce mailinglist, users can just expect
  releases to be ready around branch-off
This commit is contained in:
Martin Weinelt
2026-03-09 03:58:35 +01:00
parent 88889601b9
commit 4089d73b51
2 changed files with 244 additions and 136 deletions
+14 -5
View File
@@ -5,10 +5,15 @@
{
imports = [
(builtins.fetchTarball {
# Pick a release version you are interested in and set its hash, e.g.
# This is a quick and dirty way to import a NixOS mailserver release. What
# you should do long-term is use a proper dependency pinning tool like npins
# or flakes.
# URL to the tarball for the release matching your NixOS release
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz";
# To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
# release="nixos-25.11"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
# Hash of the unpacked tarball, run the following command to retrieve it
# release="nixos-25.11" nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
sha256 = "0000000000000000000000000000000000000000000000000000";
})
];
@@ -30,18 +35,22 @@
fqdn = "mail.example.com";
domains = [ "example.com" ];
# reference an existing ACME configuration
# Reference the existing ACME configuration created by nginx
x509.useACMEHost = config.mailserver.fqdn;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -s'
loginAccounts = {
"user1@example.com" = {
# Reads the password hash from a file on the server
hashedPasswordFile = "/a/file/containing/a/hashed/password";
# Additional addresses delivered to this mailbox
aliases = [ "postmaster@example.com" ];
};
"user2@example.com" = {
# ...
# Provides the password hash inline
hashedPassword = "$y$j9T$JqqefR6flaaJBRjD4KVZc1$QM6h4Spr5.yn/FuIT.ydTV22daEbiVd8ZprV/POtPgB";
};
};
};