Merge branch 'qol-changes' into 'master'

treewide: inline language instructions, reorganize imports See merge request simple-nixos-mailserver/nixos-mailserver!492
2026-03-12 12:51:08 +00:00
parent 405f2180d4 fdcb28e97e
commit 86579c6715
11 changed files with 606 additions and 538 deletions
@@ -0,0 +1,12 @@
+# Ignore non-functional treewide changes by configuring
+#
+#   $ git config blame.ignoreRevsFile .git-blame-ignore-revs
+#
+# or used temporarily with --ignore-revs-file=
+#
+
+# nixfmt
+1a7f3d718c5a6406b7d5b54f10f5c9c69ed90ef9
+
+# language hints
+06cc71c76eb52dc747704a317ac5e175ebdd2ba8
@@ -1524,6 +1524,9 @@ in
  };

  imports = [
+    ./mail-server
+
+    # NixOS 25.05
    (mkRemovedOptionModule [ "mailserver" "fullTextSearch" "maintenance" "enable" ] ''
      This option is not needed for fts-flatcurve
    '')
@@ -1549,19 +1552,6 @@ in
    (mkRemovedOptionModule [ "mailserver" "rebootAfterKernelUpgrade" "method" ] ''
      Use `system.autoUpgrade` instead.
    '')
-    ./mail-server/assertions.nix
-    ./mail-server/borgbackup.nix
-    ./mail-server/rsnapshot.nix
-    ./mail-server/clamav.nix
-    ./mail-server/monit.nix
-    ./mail-server/users.nix
-    ./mail-server/environment.nix
-    ./mail-server/networking.nix
-    ./mail-server/systemd.nix
-    ./mail-server/dovecot.nix
-    ./mail-server/postfix.nix
-    ./mail-server/rspamd.nix
-    ./mail-server/kresd.nix
    (mkRemovedOptionModule [ "mailserver" "policydSPFExtraConfig" ] ''
      SPF checking has been migrated to Rspamd, which makes this config redundant. Please look into the rspamd config to migrate your settings.
      It may be that they are redundant and are already configured in rspamd like for skip_addresses.
@@ -1575,13 +1565,8 @@ in
    (mkRemovedOptionModule [ "mailserver" "smtpdForbidBareNewline" ] ''
      The workaround for the SMTP Smuggling attack is default enabled in Postfix >3.9. Use `services.postfix.config.smtpd_forbid_bare_newline` if you need to deviate from its default.
    '')
-    (mkRenamedOptionModule [ "mailserver" "dkimSigning" ] [ "mailserver" "dkim" "enable" ])
-    (mkRenamedOptionModule [ "mailserver" "dkimKeyDirectory" ] [ "mailserver" "dkim" "keyDirectory" ])
-    (mkRenamedOptionModule
-      [ "mailserver" "dkimSelector" ]
-      [ "mailserver" "dkim" "defaults" "selector" ]
-    )
-    (mkRenamedOptionModule [ "mailserver" "dkimKeyType" ] [ "mailserver" "dkim" "defaults" "keyType" ])
+
+    # NixOS 25.11
    (mkRenamedOptionModule [ "mailserver" "dmarcReporting" "domain" ] [ "mailserver" "systemDomain" ])
    (mkRenamedOptionModule
      [ "mailserver" "dmarcReporting" "organizationName" ]
@@ -1597,6 +1582,7 @@ in
      The name in the `FROM` field for DMARC report now uses the `mailserver.systemName`.
    '')

+    # NixOS 26.05
    (mkRemovedOptionModule [ "mailserver" "certificateDomains" ] ''
      Configure `security.acme.certs.''${config.mailserver.fqdn}.extraDomains` instead.
    '')
@@ -1607,5 +1593,13 @@ in
    (mkRenamedOptionModule [ "mailserver" "acmeCertificateName" ] [ "mailserver" "x509" "useACMEHost" ])
    (mkRenamedOptionModule [ "mailserver" "certificateFile" ] [ "mailserver" "x509" "certificateFile" ])
    (mkRenamedOptionModule [ "mailserver" "keyFile" ] [ "mailserver" "x509" "privateKeyFile" ])
+
+    (mkRenamedOptionModule [ "mailserver" "dkimSigning" ] [ "mailserver" "dkim" "enable" ])
+    (mkRenamedOptionModule [ "mailserver" "dkimKeyDirectory" ] [ "mailserver" "dkim" "keyDirectory" ])
+    (mkRenamedOptionModule
+      [ "mailserver" "dkimSelector" ]
+      [ "mailserver" "dkim" "defaults" "selector" ]
+    )
+    (mkRenamedOptionModule [ "mailserver" "dkimKeyType" ] [ "mailserver" "dkim" "defaults" "keyType" ])
  ];
 }
@@ -69,7 +69,9 @@ rec {
      passwordFile,
      destination,
    }:
-    pkgs.writeScript "append-ldap-bind-pwd-in-${name}" ''
+    pkgs.writeScript "append-ldap-bind-pwd-in-${name}"
+      # bash
+      ''
        #!${pkgs.stdenv.shell}
        set -euo pipefail

@@ -0,0 +1,17 @@
+{
+  imports = [
+    ./assertions.nix
+    ./borgbackup.nix
+    ./rsnapshot.nix
+    ./clamav.nix
+    ./monit.nix
+    ./users.nix
+    ./environment.nix
+    ./networking.nix
+    ./systemd.nix
+    ./dovecot.nix
+    ./postfix.nix
+    ./rspamd.nix
+    ./kresd.nix
+  ];
+}
@@ -96,7 +96,10 @@ let
    destination = ldapConfFile;
  };

-  genPasswdScript = pkgs.writeScript "generate-password-file" ''
+  genPasswdScript =
+    pkgs.writeScript "generate-password-file"
+      # bash
+      ''
        #!${pkgs.stdenv.shell}

        set -euo pipefail
@@ -43,7 +43,10 @@ let
    group = vmailGroupName;
  };

-  virtualMailUsersActivationScript = pkgs.writeScript "activate-virtual-mail-users" ''
+  virtualMailUsersActivationScript =
+    pkgs.writeScript "activate-virtual-mail-users"
+      # bash
+      ''
        #!${pkgs.stdenv.shell}

        set -euo pipefail
@@ -144,7 +144,9 @@
              password       user2
            '';
          };
-          "root/virus-email".text = ''
+          "root/virus-email".text =
+            # mail
+            ''
              From: User2 <user@example2.com>
              Content-Type: multipart/mixed;
                boundary="Apple-Mail=_2689C63E-FD18-4E4D-8822-54797BDA9607"
@@ -180,7 +182,9 @@
              X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
              --Apple-Mail=_2689C63E-FD18-4E4D-8822-54797BDA9607--
            '';
-          "root/safe-email".text = ''
+          "root/safe-email".text =
+            # mail
+            ''
              From: User <user@example2.com>
              To: User1 <user1@example.com>
              Cc:
@@ -198,7 +202,9 @@
      };
  };

-  testScript = ''
+  testScript =
+    # python
+    ''
      start_all()

      server.wait_for_unit("multi-user.target")
@@ -121,7 +121,10 @@
          echo grep '^Message-ID:.*@mail.example.com>$' "$@" >&2
          exec grep '^Message-ID:.*@mail.example.com>$' "$@"
        '';
-        test-imap-spam = pkgs.writeScriptBin "imap-mark-spam" ''
+        test-imap-spam =
+          pkgs.writeScriptBin "imap-mark-spam"
+            # python
+            ''
              #!${pkgs.python3.interpreter}
              import imaplib

@@ -148,7 +151,10 @@

                imap.close()
            '';
-        test-imap-ham = pkgs.writeScriptBin "imap-mark-ham" ''
+        test-imap-ham =
+          pkgs.writeScriptBin "imap-mark-ham"
+            # python
+            ''
              #!${pkgs.python3.interpreter}
              import imaplib

@@ -175,7 +181,10 @@

                imap.close()
            '';
-        search = pkgs.writeScriptBin "search" ''
+        search =
+          pkgs.writeScriptBin "search"
+            # python
+            ''
              #!${pkgs.python3.interpreter}
              import imaplib
              import sys
@@ -269,7 +278,9 @@
              password       user1
            '';
          };
-          "root/email1".text = ''
+          "root/email1".text =
+            # mail
+            ''
              Message-ID: <12345qwerty@host.local.network>
              From: User2 <user2@example.com>
              To: User1 <user1@example.com>
@@ -282,7 +293,9 @@

              how are you doing today?
            '';
-          "root/email2".text = ''
+          "root/email2".text =
+            # mail
+            ''
              Message-ID: <232323abc@host.local.network>
              From: User <user@example2.com>
              To: User1 <user1@example.com>
@@ -297,7 +310,9 @@

              XOXO User1
            '';
-          "root/email3".text = ''
+          "root/email3".text =
+            # mail
+            ''
              Message-ID: <asdfghjkl42@host.local.network>
              From: Postmaster <postmaster@example.com>
              To: Chuck <chuck@example.com>
@@ -311,7 +326,9 @@
              I think I may have misconfigured the mail server
              XOXO Postmaster
            '';
-          "root/email4".text = ''
+          "root/email4".text =
+            # mail
+            ''
              Message-ID: <sdfsdf@host.local.network>
              From: Single Alias <single-alias@example.com>
              To: User1 <user1@example.com>
@@ -326,7 +343,9 @@

              XOXO User1 aka Single Alias
            '';
-          "root/email5".text = ''
+          "root/email5".text =
+            # mail
+            ''
              Message-ID: <789asdf@host.local.network>
              From: User2 <user2@example.com>
              To: Multi Alias <multi-alias@example.com>
@@ -341,7 +360,9 @@

              XOXO User1
            '';
-          "root/email6".text = ''
+          "root/email6".text =
+            # mail
+            ''
              Message-ID: <123457qwerty@host.local.network>
              From: User2 <user2@example.com>
              To: User1 <user1@example.com>
@@ -355,7 +376,9 @@
              this email contains the needle:
              576a4565b70f5a4c1a0925cabdb587a6
            '';
-          "root/email7".text = ''
+          "root/email7".text =
+            # mail
+            ''
              Message-ID: <1234578qwerty@host.local.network>
              From: User2 <user2@example.com>
              To: User1 <user1@example.com>
@@ -372,7 +395,9 @@
      };
  };

-  testScript = ''
+  testScript =
+    # python
+    ''
      start_all()

      server.wait_for_unit("multi-user.target")
@@ -122,6 +122,7 @@ in
      nodes,
      ...
    }:
+    # python
    ''
      machine.start()
      machine.wait_for_unit("multi-user.target")
@@ -53,7 +53,9 @@ in
              };
            };
          };
-          declarativeContents."dc=example" = ''
+          declarativeContents."dc=example" =
+            #ldif
+            ''
              dn: dc=example
              objectClass: domain
              dc: example
@@ -121,6 +123,7 @@ in
      nodes,
      ...
    }:
+    # python
    ''
      import sys
      import re
@@ -90,7 +90,9 @@ in
        ];
      };
  };
-  testScript = ''
+  testScript =
+    # python
+    ''
      start_all()

      for domain in [domain1, domain2]: