simple-nixos-mailserver

Author	SHA1	Message	Date
Martin Weinelt	03433d472f	flake.nix: enable nixfmt-rfc-style hook and formatter	2025-06-15 03:34:20 +02:00
Martin Weinelt	c7497cd5f6	treewide: remove redundant parenthesis in nix code	2025-06-15 03:28:48 +02:00
Martin Weinelt	5f592b5960	Merge branch 'crypto-v2' into 'master' postfix, dovecot: modernize and comment TLS settings See merge request simple-nixos-mailserver/nixos-mailserver!413	2025-06-14 22:52:29 +00:00
Martin Weinelt	21ce4b4ff8	dovecot: disable Diffie-Hellman support Recommended in the modern recommendation by Mozilla. Support for elliptic curves is widespread and they are much faster.	2025-06-15 00:22:58 +02:00
Martin Weinelt	efebf59b13	dovecot: configure preferred elliptic curves	2025-06-15 00:22:57 +02:00
Martin Weinelt	4fd9508d41	postfix: drop tls_random_source config The setting already defaults to /dev/urandom.	2025-06-15 00:22:57 +02:00
Martin Weinelt	3828b00dea	postfix: configure preferred curves and disable FFDHE This aligns with the intermediate configuration recommended by Mozilla.	2025-06-15 00:22:57 +02:00
Martin Weinelt	e27326d317	postfix: refactor and prune TLS settings - Groups settings between server and client - Uses a range comparator for supported TLS versions - Prune excluded primitives to what affects the supported TLS versions	2025-06-15 00:22:57 +02:00
Martin Weinelt	23cc9a3996	Merge branch 'postfix-cert-key' into 'master' postfix: configure cert/key using smtpd_tls_chain_files Closes #183 See merge request simple-nixos-mailserver/nixos-mailserver!410	2025-06-14 12:47:58 +00:00
Martin Weinelt	e0ab4eeb67	docs/setup-guide: bump example stateVersion to 2 If you do a fresh install now you should be able to skip the first migration step.	2025-06-14 01:20:27 +02:00
Martin Weinelt	8e0074c4e5	Merge branch 'flake-update' into 'master' flake.lock: Update See merge request simple-nixos-mailserver/nixos-mailserver!414	2025-06-13 02:13:15 +00:00
Martin Weinelt	3b7cda8cc5	flake.lock: Update Flake lock file updates: • Updated input 'git-hooks': 'github:cachix/git-hooks.nix/dcf5072734cb576d2b0c59b2ac44f5050b5eac82' (2025-03-22) → 'github:cachix/git-hooks.nix/623c56286de5a3193aa38891a6991b28f9bab056' (2025-06-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/adaa24fbf46737f3f1b5497bf64bae750f82942e' (2025-05-13) → 'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07) • Updated input 'nixpkgs-25_05': 'github:NixOS/nixpkgs/ca49c4304acf0973078db0a9d200fd2bae75676d' (2025-05-18) → 'github:NixOS/nixpkgs/fd487183437963a59ba763c0cc4f27e3447dd6dd' (2025-06-12)	2025-06-13 04:00:52 +02:00
Martin Weinelt	3f1c6960d3	Merge branch 'smptp-smuggling-cleanup' into 'master' postfix: remove option to toggle SMTP smuggling workarounnd See merge request simple-nixos-mailserver/nixos-mailserver!411	2025-06-12 22:57:43 +00:00
Martin Weinelt	54cb3e5784	Merge branch 'crypto' into 'master' postfix: allow client to select the preferred cipher See merge request simple-nixos-mailserver/nixos-mailserver!412	2025-06-12 22:48:04 +00:00
Martin Weinelt	f1bd4b8215	postfix: remove option to toggle SMTP smuggling workarounnd It has been default enabled since Postfix 3.9 and can still be configured from the NixOS option mentioned in the removal warning. Removing the option makes our interface leaner. Information is based on https://www.postfix.org/smtp-smuggling.html#long.	2025-06-13 00:21:16 +02:00
Martin Weinelt	e540dc864c	postfix: configure cert/key using smtpd_tls_chain_files The sslCert and sslKey options are going away, because they do too much, e.g. provision the keypair for client certificate authentication, which is not at all what we want or need.	2025-06-12 01:05:51 +02:00
Martin Weinelt	8b27add088	Merge branch 'backup_spam_db' into 'master' docs: mention spam and ham training data in backup guide See merge request simple-nixos-mailserver/nixos-mailserver!409	2025-06-06 21:16:24 +00:00
Guillaume Girol	49980abd25	mention spam and ham training data in backup guide	2025-06-06 12:00:00 +00:00
Martin Weinelt	f9b15192b8	postfix: allow client to select the preferred cipher As long as all cipher we support are considered safe we can allow clients to select one that suits them best.	2025-06-03 00:45:12 +02:00
Martin Weinelt	d6d6308ba2	Merge branch 'doc-backup-sieve' into 'master' docs/backup-guide: add recommendation for sieveDirectory See merge request simple-nixos-mailserver/nixos-mailserver!405	2025-06-02 14:57:24 +00:00
Tom Herbers	c4628a4c04	docs/backup-guide: add recommendation for sieveDirectory Co-authored-by: Martin Weinelt <martin+gitlab@linuxlounge.net>	2025-06-02 11:27:09 +02:00
Martin Weinelt	8c835feaa7	docs/migrations: Improve title scoping for LDAP home dir migration	2025-06-02 04:31:41 +02:00
Martin Weinelt	c9f61e02ae	docs/howto-develop: fix stateVersion assertion example	2025-05-31 13:06:29 +02:00
Martin Weinelt	145afc5393	Merge branch 'assertions-guard-reformat' into 'master' assertions: guard by enable flag and reformat See merge request simple-nixos-mailserver/nixos-mailserver!407	2025-05-31 10:51:28 +00:00
Martin Weinelt	ea1b0f8e2b	assertions: guard by enable flag and reformat None of these should trigger when you've not enabled mailserver.	2025-05-30 18:28:16 +02:00
Martin Weinelt	c8bc3e4f1f	Merge branch 'ldap-mail-directory-assertion' into 'master' Fix assertion for ldap mail directory See merge request simple-nixos-mailserver/nixos-mailserver!406	2025-05-30 13:14:11 +00:00
Charlotte Van Petegem	519a85a801	Fix assertion for ldap mail directory	2025-05-30 12:49:02 +00:00
Martin Weinelt	ffd0e6f8f2	Merge branch 'dont-hardcode-ldap-home-base' into 'master' dovecot: respect the mailDirectory base for LDAP home directories See merge request simple-nixos-mailserver/nixos-mailserver!400	2025-05-29 21:14:25 +00:00
Martin Weinelt	7cb61e6e3a	dovecot: respect the mailDirectory base for LDAP home directories This change is safe, if you have not altered the default value of the `mailserver.mailDirectory` setting.	2025-05-29 23:10:33 +02:00
Martin Weinelt	a1e9276656	Merge branch 'remove-dovecot-module-workaround' into 'master' dovecot: remove workaround for services.dovecot2.modules removal See merge request simple-nixos-mailserver/nixos-mailserver!404	2025-05-29 17:41:37 +00:00
Martin Weinelt	233c5e1a70	dovecot: remove workaround for services.dovecot2.modules removal	2025-05-29 14:06:34 +02:00
Martin Weinelt	506c6151d6	Merge branch 'various-things' into 'master' Cleanup See merge request simple-nixos-mailserver/nixos-mailserver!403	2025-05-29 06:58:39 +00:00
Martin Weinelt	11bfdbf136	tests: drop dhparam default length configuration This has been the default value since the option was introduced back in 2018[0]. [0] https://github.com/NixOS/nixpkgs/commit/81fc2c35097f81ecb29a576148486cc1ce5a5bcc	2025-05-29 08:49:37 +02:00
Martin Weinelt	10cccc7706	docs: fix code block syntax in migration init	2025-05-29 08:48:56 +02:00
Martin Weinelt	6a78dc3375	Merge branch 'stateVersion' into 'master' Introduce stateVersion concept See merge request simple-nixos-mailserver/nixos-mailserver!401	2025-05-29 06:14:17 +00:00
Martin Weinelt	792225e256	Introduce stateVersion concept With upcoming changes to the dovecot home and maildirectories we need to introduce a way to nudge users to inform themselves about manual migration steps they might need to carry out. The idea here is to allow us to safely make breaking changes and notify the user of required migration steps at eval time, so they can make the necessary changes in time.	2025-05-27 23:54:15 +02:00
Martin Weinelt	53007af63f	Merge branch 'release-25.05' into 'master' Release 25.05 See merge request simple-nixos-mailserver/nixos-mailserver!399	2025-05-23 01:53:51 +00:00
Martin Weinelt	51d48f1492	Release 25.11	2025-05-22 01:31:46 +02:00
Martin Weinelt	b4ae17d224	Reformat release notes	2025-05-21 00:58:06 +02:00
Martin Weinelt	f7a221bc69	flake.nix: expose packages for custom pre-commit hooks in devshell	2025-05-21 00:56:01 +02:00
Martin Weinelt	dceb60ea7d	Merge branch 'master-dovecot-fts-flatcurve' into 'master' dovecot/fts: switch to fts-flatcurve Closes #239 See merge request simple-nixos-mailserver/nixos-mailserver!361	2025-05-19 22:44:15 +00:00
euxane	826a3b2fcf	tests/external: ignore time adjustments warnings Seems to be happening randomly during tests: dovecot: master: Warning: Time moved forwards by 0.101534 seconds - adjusting timeouts.	2025-05-19 17:15:36 +02:00
euxane	0cbdf465e4	dovecot/fts: warn on stopwords filter with multiple languages	2025-05-19 16:45:09 +02:00
euxane	e287d83ab1	release-notes: mention switch to fts-flatcurve for FTS	2025-05-19 16:45:09 +02:00
euxane	2ed7a94782	dovecot/fts: switch to fts-flatcurve This switches the full-text search plugin from fts-xapian to fts-flatcurve, the now preferred indexer still powered by Xapian, which will be integrated into Dovecot core 2.4. This sets a sane minimal configuration for the plugin with international language support. The plugin options marked as "advanced" in Dovecot's documentation aren't re-exposed for simplicity. They can nevertheless be overridden by module consumers by directly setting keys with `services.dovecot2.pluginSettings.fts_*`. The `fullTextSearch.maintenance` option is removed as the index is now incrementally optimised in the background. GitLab: closes https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/239	2025-05-19 16:45:09 +02:00
Martin Weinelt	433520257a	Merge branch 'pre-commit' into 'master' Pre-Commit Hook See merge request simple-nixos-mailserver/nixos-mailserver!385	2025-05-15 14:47:14 +00:00
Martin Weinelt	aa8366d234	treewide: remove dead nix references	2025-05-15 16:41:30 +02:00
Martin Weinelt	9a6190ceea	rspamd: remove indirection in path to runtime directory	2025-05-15 16:29:06 +02:00
Martin Weinelt	1e51a503b1	dovecot: drop unused pipe scripts Leftovers from `d507bd9c95`	2025-05-15 16:29:05 +02:00
Martin Weinelt	fce540024a	docs/howto-develop: document the devshell	2025-05-15 16:29:05 +02:00

1 2 3 4 5 ...

831 Commits