77205f744e
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!489
2026-03-09 12:36:54 +00:00
3758b622f2
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/39f53203a8458c330f61cc0759fe243f0ac0d198' (2026-03-04)
→ 'github:cachix/git-hooks.nix/8baab586afc9c9b57645a734c820e4ac0a604af9' (2026-03-07)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/d2acf504d602c98f5ec2518dacea4f35e5a4e50f' (2026-03-05)
→ 'github:NixOS/nixpkgs/0c6c0dd2469abaa216599bb19bbf77a328af6564' (2026-03-09)
2026-03-09 13:27:02 +01:00
c292d31ee7
Merge branch 'dkim-dns-binding-no-service' into 'master'
...
docs: remove service type key from DKIM DNS binding
See merge request simple-nixos-mailserver/nixos-mailserver!487
2026-03-08 21:56:45 +00:00
6cee3e2360
docs: remove service type key from DKIM DNS binding
...
Stop explicitly restriciting us to email services. This would require
an update for tlsrpt (s=email:tlsrpt) use but the benefit of restricting
key use like that has limited practical benefit, when there are so very\
few services defined.
Not setting the service type key defaults it to all services (s=*).
2026-03-08 22:53:11 +01:00
80ce71e236
docs/advanced-cofnigurations: expand recommendations
...
Mention FTS and TLSRPT and explain what these setups are good for and
when they might be required.
2026-03-08 04:36:58 +01:00
e193287dc1
Fix inline code block in mailserver.forwards option description
...
It should surround the whole attribute set, not leave out the opening
bracket.
Closes : #345
2026-03-08 03:03:41 +01:00
c04152fa90
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!485
2026-03-06 02:11:56 +00:00
b600abd389
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/a8ca480175326551d6c4121498316261cbb5b260' (2026-02-01)
→ 'github:cachix/git-hooks.nix/39f53203a8458c330f61cc0759fe243f0ac0d198' (2026-03-04)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/fff0554c67696d76a0cdd9cfe14403fbdbf1f378' (2026-02-09)
→ 'github:NixOS/nixpkgs/d2acf504d602c98f5ec2518dacea4f35e5a4e50f' (2026-03-05)
2026-03-06 03:05:29 +01:00
3938a7518a
docs: fix typo and wording in release notes
2026-03-05 15:51:57 +01:00
e458653769
Merge branch 'docs-update' into 'master'
...
Update release notes
See merge request simple-nixos-mailserver/nixos-mailserver!483
2026-03-05 12:22:17 +00:00
85967440af
docs: configure ACME HTTP-01 with nginx in setup example
2026-03-05 12:52:04 +01:00
c300fdeb63
docs: mention password file option in release notes
2026-03-05 12:51:45 +01:00
9b5e4d9753
Merge branch 'unhashed-password' into 'master'
...
Add support for plaintext password files
See merge request simple-nixos-mailserver/nixos-mailserver!474
2026-03-05 11:16:40 +00:00
12ae5dd89b
support unhashed password files
2026-03-05 11:06:01 +00:00
e1afec5b08
tests: wait for rspamd-milter.sock in ldap and internal tests
...
I've hit more races in these tests recently while running the test suite
on a much faster host system.
2026-03-04 16:02:47 +01:00
ff91d3cf68
pre-commit: fix nixfmt-rfc-style name deprecation
...
> warning: nixfmt-rfc-style is now the same as pkgs.nixfmt which should
> be used instead.
2026-03-04 16:01:52 +01:00
25eae48a09
tests: fix eicar test string escape
...
This fixes a warning issued by the Lix evaluator:
> warning: \P is an ill-defined escape. You can drop the \ and simply
> write P instead. Use --extra-deprecated-features broken-string-escape
> to silence this warning.
2026-03-04 15:53:30 +01:00
ea4dc17f4b
Merge branch 'setup-guide-spf-mx' into 'master'
...
docs: suggest mx to refer to mailserver in spf record
See merge request simple-nixos-mailserver/nixos-mailserver!481
2026-02-26 00:13:36 +00:00
bd03afc003
Merge branch 'rspamd-duplicate-systemd' into 'master'
...
postfix: fix duplicate systemd dependencies on rspamd
See merge request simple-nixos-mailserver/nixos-mailserver!479
2026-02-26 00:10:48 +00:00
034ca15318
docs: suggest mx to refer to mailserver in spf record
...
Much more foolproof in simple setups, because it allows all servers
mentioned in a domains MX record to also send out mail, without having to
track them here manually again.
2026-02-26 01:03:53 +01:00
781e833633
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!480
2026-02-09 17:51:47 +00:00
9a104e245d
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/50b9238891e388c9fdc6a5c49e49c42533a1b5ce' (2025-11-24)
→ 'github:cachix/git-hooks.nix/a8ca480175326551d6c4121498316261cbb5b260' (2026-02-01)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/6a49303095abc094ee77dc243a9e351b642e8e75' (2025-11-28)
→ 'github:NixOS/nixpkgs/fff0554c67696d76a0cdd9cfe14403fbdbf1f378' (2026-02-09)
2026-02-09 18:39:47 +01:00
4345460d30
flake.nix: Update flake-compat repo
2026-01-29 19:14:06 +01:00
9b90a9837a
rspamd: fix duplicate systemd dependencies
...
These are also declared in mail-server/systemd.nix.
2025-12-28 20:40:33 +01:00
7d433bf898
Merge branch 'dovecot-hybrid-curve' into 'master'
...
dovecot: update TLS requirements
See merge request simple-nixos-mailserver/nixos-mailserver!477
2025-12-21 12:54:46 +00:00
3579eb0001
dovecot: restrict TLS cipher suites
2025-12-19 04:00:47 +01:00
1415623586
dovecot: support X25519MLKEM768 hybrid kex
2025-12-19 03:13:47 +01:00
616a57af55
Merge branch 'certmgmt-next' into 'master'
...
Switch to NixOS ACME module for certificate management
Closes #256 and #267
See merge request simple-nixos-mailserver/nixos-mailserver!457
2025-12-19 01:58:52 +00:00
e437760341
treewide: replace/remove dovecot2 service name
...
The unit name is now dovecot.service.
2025-12-19 02:52:55 +01:00
4bbe0d7bab
Fix option reference in aliasesRegExp option
2025-12-19 02:36:28 +01:00
ff9b046f0f
Stop recommending bcrypt everywhere
...
By passing no method to mkpasswd we make it select the strongest cipher
that libxcrypt recommends.
Replaces the example hashes with yescrypt hashes, which is the current
default.
2025-12-19 02:36:28 +01:00
33ba1ff52b
Switch to NixOS ACME module for certificate management
...
Drop most of the existing certificate handling, because we're effectively
duplicating functionality that NixOS offers for free with better
design, testing and maintainance than what we could provide downstream.
The remaining two options are to reference an
existing `security.acme.certs` configuration through
`mailserver.x509.useACMEHost` or to provide existing key material via
`mailserver.x509.certificateFile` and `mailserver.x509.privateKeyFile`.
Support for automatic creation of self-signed certificates has been
removed, because it is undesirable in public mail setups.
The updated setup guide now displays the recommended configuration that
relies on the NixOS ACME module, but requires further customization to
select a suitable challenge.
Co-Authored-By: Emily <git@emilylange.de >
2025-12-19 02:36:28 +01:00
18ee2a44ed
docs: extract setup example into .nix file and include
...
That way we get linting of the code for free.
2025-12-19 02:17:32 +01:00
e2a99f33ea
docs: allow referencing module options
2025-12-15 16:02:24 +01:00
1ccd57f177
Merge branch 'dkim-ed25519-warn' into 'master'
...
Warn about ED25519 DKIM usage
See merge request simple-nixos-mailserver/nixos-mailserver!473
2025-12-03 12:02:16 +00:00
0d27ef2912
Merge branch 'master' into 'master'
...
docs: fix some typos in migrations guide
See merge request simple-nixos-mailserver/nixos-mailserver!472
2025-12-01 22:17:23 +00:00
7d359e3ff5
Warn about ED25519 DKIM usage
...
There currently seems to be mixed support out there and we need to
support dual-signing first before we can recommend rolling out ED25519
DKIM keys.
2025-12-01 23:16:02 +01:00
f67ed85b3f
docs: fix some typos
2025-12-01 22:16:18 +01:00
76bd7a85e7
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!471
2025-11-29 01:50:08 +00:00
e04e5b7ea6
assertions: bump mailserver version for release check
2025-11-29 02:43:16 +01:00
b8bffc8317
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/798ce8bfd0567bbd12ee633a88e53737969ec7d9' (2025-11-25)
→ 'github:NixOS/nixpkgs/6a49303095abc094ee77dc243a9e351b642e8e75' (2025-11-28)
2025-11-29 02:42:26 +01:00
1d1a590e91
Merge branch 'docs-roundcube' into 'master'
...
docs: update roundcube example to use implicit TLS
Closes #336
See merge request simple-nixos-mailserver/nixos-mailserver!470
2025-11-29 01:31:35 +00:00
b47decd71a
docs: update roundcube example to use implicit TLS
...
instead of explicit TLS (STARTTLS).
We disabled STARTTLS for IMAP by default in 54f37811dd
2025-11-28 21:53:41 +01:00
0696fcbe9b
migrations: strongly indicate dry runs
2025-11-26 20:21:56 +01:00
a38e14460f
docs: don't recommend sudo to run the migration script
...
The migration script tries switching EUID by itself and will error out
with a recommendation to try sudo if it cannot.
2025-11-26 20:18:58 +01:00
039389ee04
docs: recommend wcurl to grab the migration script
2025-11-26 19:57:31 +01:00
9c22ac0154
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!469
2025-11-25 13:19:18 +00:00
760c23fb25
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/7275fa67fbbb75891c16d9dee7d88e58aea2d761' (2025-11-16)
→ 'github:cachix/git-hooks.nix/50b9238891e388c9fdc6a5c49e49c42533a1b5ce' (2025-11-24)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/094318ea16502a7a81ce90dd3638697020f030a2' (2025-11-19)
→ 'github:NixOS/nixpkgs/798ce8bfd0567bbd12ee633a88e53737969ec7d9' (2025-11-25)
2025-11-25 14:05:20 +01:00
8d35f004ee
Release 25.11
2025-11-25 13:56:52 +01:00
4987d275a9
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!468
2025-11-19 15:06:18 +00:00
Martin Weinelt
Martin Weinelt
Ryan Gibb
teutat3s
yeoldegrove
emilylange