simple-nixos-mailserver

Author	SHA1	Message	Date
Martin Weinelt	3ad66c854d	README: add 26.05 release info Prune old and deprecated releases at the same time. Also reword the section intro to mention version compat requirements.	2026-05-24 21:03:47 +02:00
Martin Weinelt	9764b64190	hydra: create nixos-26.05 jobset	2026-05-24 21:03:47 +02:00
Martin Weinelt	a6bb0dde9b	docs: rewrite 26.05 release notes	2026-05-24 21:03:47 +02:00
Martin Weinelt	2e3a2d0980	docs/setup-guide: fix grammer in SMTP port requirement	2026-05-24 14:30:18 +02:00
Martin Weinelt	f8e3955323	docs/setup-example: enable nginx Nginx requires explicit enablement or ACME won't work.	2026-05-24 14:27:21 +02:00
Martin Weinelt	7aeb1d7d76	docs: add missing dig +short flags in setup guide	2026-05-24 13:28:47 +02:00
Martin Weinelt	e5ae7b5b96	Merge branch 'sieve-migration' into 'main' sieve: move `cfg.sieveDirectory` into home directory of virtual users See merge request simple-nixos-mailserver/nixos-mailserver!508	2026-05-24 03:07:38 +00:00
emilylange	c60d98a13c	sieve: add migration story for `cfg.sieveDirectory` removal Co-authored-by: Martin Weinelt <hexa@darmstadt.ccc.de>	2026-05-24 05:02:23 +02:00
Martin Weinelt	58ff4da02f	Merge branch 'restore-default-index-path' into 'main' dovecot: restore default mail_index_path Closes #359 See merge request simple-nixos-mailserver/nixos-mailserver!525	2026-05-24 02:12:13 +00:00
Martin Weinelt	4dcd114a2f	dovecot: restore default mail_index_path Back in 2.3 the index was by default kept in the maildir. This is also the default in 2.4, but during the migration I put the dovecot home dir as the default index path, which is a breaking change and could cause client resyncs. Fixes: #359	2026-05-24 04:00:39 +02:00
Martin Weinelt	e4e18e01de	Merge branch 'ldap-auth-bind' into 'main' dovecot: fix non-default `cfg.ldap.attributes.password`, reintroduce LDAP bind auth for passdb Closes #360 See merge request simple-nixos-mailserver/nixos-mailserver!524	2026-05-24 00:20:28 +00:00
emilylange	eea473ea12	dovecot: reintroduce LDAP bind auth for passdb LDAP bind auth used to be enabled by default (and not configurable) before the dovecot 2.4 migration. I changed the default option value to match the old Dovecot 2.3 behavior. The use of authentication bind is required for LDAP servers that simply do not have such LDAP attribute like Kanidm, or in cases where the password scheme used is not supported by Dovecot.	2026-05-24 02:01:55 +02:00
emilylange	57bfae2d7e	dovecot: fix non-default `cfg.ldap.attributes.password` The option got recently introduced, but never properly wired.	2026-05-24 01:30:59 +02:00
Martin Weinelt	e5102c5502	Merge branch 'opt-desc-down' into 'main' docs: move option description below type, default and example See merge request simple-nixos-mailserver/nixos-mailserver!522	2026-05-23 19:43:16 +00:00
Martin Weinelt	1d6f18856a	Merge branch 'prek' into 'main' pre-commit: migrate to prek See merge request simple-nixos-mailserver/nixos-mailserver!521	2026-05-23 18:06:54 +00:00
Martin Weinelt	800bf95755	docs: move option description below type, default and example This puts the important facts first and pulls the description way down to the end of the option documentation.	2026-05-23 19:41:21 +02:00
Martin Weinelt	c0cc5e7eff	pre-commit: migrate to prek Same functionality with smaller depdency closure.	2026-05-23 19:35:32 +02:00
Martin Weinelt	61e9c248c5	Merge branch 'flake-update' into 'main' flake.lock: Update See merge request simple-nixos-mailserver/nixos-mailserver!520	2026-05-21 15:57:25 +00:00
Martin Weinelt	10dce12f73	tests/ldap: check regex match return value error[unresolved-attribute]: Attribute `group` is not defined on `None` in union `Match[str] \| None` --> testScriptWithTypes:152:21 \| 152 \| ldap_table_path = re.match('.* =.ldap:(.)', conf).group(1) \| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ \|	2026-05-21 17:28:36 +02:00
Martin Weinelt	86a2bb9afd	flake.lock: Update Flake lock file updates: • Updated input 'git-hooks': 'github:cachix/git-hooks.nix/580633fa3fe5fc0379905986543fd7495481913d' (2026-04-07) → 'github:cachix/git-hooks.nix/61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a' (2026-05-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9a3a5b8400951b3497d2ef8f239f8451175cf3a1' (2026-04-18) → 'github:NixOS/nixpkgs/657e2fa0760e27167cdacb1ec5d84782be312013' (2026-05-21)	2026-05-21 17:20:31 +02:00
emilylange	e4aa2d1517	sieve: move `cfg.sieveDirectory` into home directory of virtual users	2026-05-02 20:02:31 +02:00
emilylange	260f38128e	sieve: offload `mailserver.loginAccounts.<name>.sieveScript` into `/nix/store` This simplifies the remaining structure of `cfg.sieveDirectory` a lot and gets us one step closer to removing `activate-virtual-mail-users.service`.	2026-05-02 20:00:03 +02:00
emilylange	28bfef89ba	tests: test `mailserver.loginAccounts.<name>.sieveScript`	2026-05-02 19:54:32 +02:00
Martin Weinelt	e33fbde199	Merge branch 'push-pxvmorlwmyns' into 'main' {rspamd,borgbackup}: use package from upstream NixOS service See merge request simple-nixos-mailserver/nixos-mailserver!519	2026-04-27 10:58:13 +00:00
Michael Hoang	fb38d437a5	borgbackup: use package from upstream NixOS service	2026-04-27 12:43:59 +02:00
Michael Hoang	f810a804c6	rspamd: use package from upstream NixOS service	2026-04-27 12:23:04 +02:00
Martin Weinelt	583a362c5b	Merge branch 'tls-updates' into 'main' TLS updates See merge request simple-nixos-mailserver/nixos-mailserver!518	2026-04-26 21:48:52 +00:00
Martin Weinelt	3ab15c2e30	docs/release-notes: add tls changes	2026-04-26 01:47:39 +02:00
Martin Weinelt	ecbe707330	postfix/dovecot: support SecP256r1MLKME768 key exchange Added support means we allow it, but for now we don't prefer it, since it has not seen much use yet. For Postfix that means it lands below the two groups that already send a key share and save us a roundtrip. https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html	2026-04-26 01:04:33 +02:00
Martin Weinelt	7909eabac2	postfix: require AEAD & ECDHE cipher suites This drops ARIA, Camellia and AES-CBC support from TLSv1.2 cipher suites. When we explicitly restrict the cipherlist in Postfix, then we need to define TLSv1.3 cipher suites in our OpenSSL config file.	2026-04-26 01:04:33 +02:00
Martin Weinelt	8d6b14c82c	postfix: restrict TLS signing algorithms Prunes the list preset and removes SHA-1 to restore compatibility with NCSC TLS security guidelines.	2026-04-26 01:04:32 +02:00
Martin Weinelt	e6c4a96f50	Merge branch 'fix/overeager-scheme-prepend' into 'main' Only prepend {CRYPT} scheme if there is no scheme present See merge request simple-nixos-mailserver/nixos-mailserver!517	2026-04-23 13:29:01 +00:00
Charlotte Van Petegem	6e9a4420b3	Only prepend {CRYPT} scheme if there is no scheme present	2026-04-23 14:45:22 +02:00
Martin Weinelt	0b1ca54241	hydra: use nixpkgs-unstable instead of nixos-unstable-small We don't need the fast pace of unstable-small, but we still want to stay current with built packages on unstable for evaluations.	2026-04-21 15:00:29 +02:00
Martin Weinelt	bd5b08681a	Merge branch 'dovecot-2.4.3' into 'main' dovecot: migrate to dovecot 2.4 See merge request simple-nixos-mailserver/nixos-mailserver!512	2026-04-20 23:23:08 +00:00
Martin Weinelt	198246f2c2	fts: update docs and defaults	2026-04-21 00:58:58 +02:00
Martin Weinelt	f9d1435378	dovecot: migrate to dovecot 2.4	2026-04-20 15:39:36 +02:00
Martin Weinelt	7dce7fbd5a	Merge branch 'add-option-custom-reject-sender-message-release-notes' into 'main' Add Release Note for rejectSenderMessage and fix typo See merge request simple-nixos-mailserver/nixos-mailserver!515	2026-04-19 14:27:24 +00:00
Lennart Mühlenmeier	99a9b6efb7	Add Release Note for rejectSenderMessage and fix typo Forgot about adding a Release Note for rejectSenderMessage https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/453, also fixing a typo in that already merged commit I just noticed.	2026-04-19 09:32:41 +02:00
Martin Weinelt	fdb1be9b50	Merge branch 'update-dovecot-hostname' into 'main' dovecot: fix hostname to fqdn See merge request simple-nixos-mailserver/nixos-mailserver!510	2026-04-19 00:12:04 +00:00
Martin Weinelt	21399f334c	Merge branch 'update-rspamd-headers' into 'main' rspamd: add authentication-results header See merge request simple-nixos-mailserver/nixos-mailserver!513	2026-04-19 00:02:44 +00:00
Martin Weinelt	7fe61cc1a3	Merge branch 'tests-uds-helper' into 'main' tests: migrate to wait_for_open_unix_socket helper See merge request simple-nixos-mailserver/nixos-mailserver!514	2026-04-18 21:12:40 +00:00
Martin Weinelt	25fae6f36e	tests: migrate to wait_for_open_unix_socket helper	2026-04-18 23:04:09 +02:00
Lafiel	903d0cc8ad	rspamd: add authentication-results header	2026-04-18 18:10:00 +03:00
Martin Weinelt	e4017308b2	flake.lock: Update Flake lock file updates: • Updated input 'git-hooks': 'github:cachix/git-hooks.nix/c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a' (2026-03-31) → 'github:cachix/git-hooks.nix/580633fa3fe5fc0379905986543fd7495481913d' (2026-04-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c88e63f4caf12c731f61ce71f300680ce73c180e' (2026-04-12) → 'github:NixOS/nixpkgs/9a3a5b8400951b3497d2ef8f239f8451175cf3a1' (2026-04-18)	2026-04-18 16:22:38 +02:00
Martin Weinelt	93b4e5f3cd	Merge branch 'quotaUsers' into 'main' dovecot: fix quota users assertion See merge request simple-nixos-mailserver/nixos-mailserver!511	2026-04-16 00:23:56 +00:00
isabel	10b577c650	dovecot: fix quota users assertion	2026-04-16 01:04:07 +01:00
Lafiel	c67cc808ce	dovecot: fix hostname to fqdn	2026-04-15 19:30:27 +03:00
Martin Weinelt	ceb3f17fe1	Merge branch 'restore-dovecot-hierarchy-separator' into 'main' dovecot: restore hierarchy separator setting See merge request simple-nixos-mailserver/nixos-mailserver!509	2026-04-14 13:59:05 +00:00
Martin Weinelt	bb1728f27c	dovecot: restore hierarchy separator setting The application of this setting got lost in the structured settings migration. Ref: `44149c5`	2026-04-14 14:33:29 +02:00

1 2 3 4 5 ...

1019 Commits