aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
997 Commits 9 Branches 0 Tags
c0cc5e7eff3c286bf85611e34790dc64e1236a16
Commit Graph

997 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Weinelt c0cc5e7eff pre-commit: migrate to prek 
Same functionality with smaller depdency closure.
 2026-05-23 19:35:32 +02:00
Martin Weinelt e33fbde199 Merge branch 'push-pxvmorlwmyns' into 'main' 
{rspamd,borgbackup}: use package from upstream NixOS service

See merge request simple-nixos-mailserver/nixos-mailserver!519
 2026-04-27 10:58:13 +00:00
Michael Hoang fb38d437a5 borgbackup: use package from upstream NixOS service 2026-04-27 12:43:59 +02:00
Michael Hoang f810a804c6 rspamd: use package from upstream NixOS service 2026-04-27 12:23:04 +02:00
Martin Weinelt 583a362c5b Merge branch 'tls-updates' into 'main' 
TLS updates

See merge request simple-nixos-mailserver/nixos-mailserver!518
 2026-04-26 21:48:52 +00:00
Martin Weinelt 3ab15c2e30 docs/release-notes: add tls changes 2026-04-26 01:47:39 +02:00
Martin Weinelt ecbe707330 postfix/dovecot: support SecP256r1MLKME768 key exchange 
Added support means we allow it, but for now we don't prefer it, since it
has not seen much use yet. For Postfix that means it lands below the two
groups that already send a key share and save us a roundtrip.

https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html
 2026-04-26 01:04:33 +02:00
Martin Weinelt 7909eabac2 postfix: require AEAD & ECDHE cipher suites 
This drops ARIA, Camellia and AES-CBC support from TLSv1.2 cipher suites.

When we explicitly restrict the cipherlist in Postfix, then we need to
define TLSv1.3 cipher suites in our OpenSSL config file.
 2026-04-26 01:04:33 +02:00
Martin Weinelt 8d6b14c82c postfix: restrict TLS signing algorithms 
Prunes the list preset and removes SHA-1 to restore compatibility with
NCSC TLS security guidelines.
 2026-04-26 01:04:32 +02:00
Martin Weinelt e6c4a96f50 Merge branch 'fix/overeager-scheme-prepend' into 'main' 
Only prepend {CRYPT} scheme if there is no scheme present

See merge request simple-nixos-mailserver/nixos-mailserver!517
 2026-04-23 13:29:01 +00:00
Charlotte Van Petegem 6e9a4420b3 Only prepend {CRYPT} scheme if there is no scheme present 2026-04-23 14:45:22 +02:00
Martin Weinelt 0b1ca54241 hydra: use nixpkgs-unstable instead of nixos-unstable-small 
We don't need the fast pace of unstable-small, but we still want to stay
current with built packages on unstable for evaluations.
 2026-04-21 15:00:29 +02:00
Martin Weinelt bd5b08681a Merge branch 'dovecot-2.4.3' into 'main' 
dovecot: migrate to dovecot 2.4

See merge request simple-nixos-mailserver/nixos-mailserver!512
 2026-04-20 23:23:08 +00:00
Martin Weinelt 198246f2c2 fts: update docs and defaults 2026-04-21 00:58:58 +02:00
Martin Weinelt f9d1435378 dovecot: migrate to dovecot 2.4 2026-04-20 15:39:36 +02:00
Martin Weinelt 7dce7fbd5a Merge branch 'add-option-custom-reject-sender-message-release-notes' into 'main' 
Add Release Note for rejectSenderMessage and fix typo

See merge request simple-nixos-mailserver/nixos-mailserver!515
 2026-04-19 14:27:24 +00:00
Lennart Mühlenmeier 99a9b6efb7 Add Release Note for rejectSenderMessage and fix typo 
Forgot about adding a Release Note for rejectSenderMessage
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/453,
also fixing a typo in that already merged commit I just noticed.
 2026-04-19 09:32:41 +02:00
Martin Weinelt fdb1be9b50 Merge branch 'update-dovecot-hostname' into 'main' 
dovecot: fix hostname to fqdn

See merge request simple-nixos-mailserver/nixos-mailserver!510
 2026-04-19 00:12:04 +00:00
Martin Weinelt 21399f334c Merge branch 'update-rspamd-headers' into 'main' 
rspamd: add authentication-results header

See merge request simple-nixos-mailserver/nixos-mailserver!513
 2026-04-19 00:02:44 +00:00
Martin Weinelt 7fe61cc1a3 Merge branch 'tests-uds-helper' into 'main' 
tests: migrate to wait_for_open_unix_socket helper

See merge request simple-nixos-mailserver/nixos-mailserver!514
 2026-04-18 21:12:40 +00:00
Martin Weinelt 25fae6f36e tests: migrate to wait_for_open_unix_socket helper 2026-04-18 23:04:09 +02:00
Lafiel 903d0cc8ad rspamd: add authentication-results header 2026-04-18 18:10:00 +03:00
Martin Weinelt e4017308b2 flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a' (2026-03-31)
  → 'github:cachix/git-hooks.nix/580633fa3fe5fc0379905986543fd7495481913d' (2026-04-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c88e63f4caf12c731f61ce71f300680ce73c180e' (2026-04-12)
  → 'github:NixOS/nixpkgs/9a3a5b8400951b3497d2ef8f239f8451175cf3a1' (2026-04-18)
 2026-04-18 16:22:38 +02:00
Martin Weinelt 93b4e5f3cd Merge branch 'quotaUsers' into 'main' 
dovecot: fix quota users assertion

See merge request simple-nixos-mailserver/nixos-mailserver!511
 2026-04-16 00:23:56 +00:00
isabel 10b577c650 dovecot: fix quota users assertion 2026-04-16 01:04:07 +01:00
Lafiel c67cc808ce dovecot: fix hostname to fqdn 2026-04-15 19:30:27 +03:00
Martin Weinelt ceb3f17fe1 Merge branch 'restore-dovecot-hierarchy-separator' into 'main' 
dovecot: restore hierarchy separator setting

See merge request simple-nixos-mailserver/nixos-mailserver!509
 2026-04-14 13:59:05 +00:00
Martin Weinelt bb1728f27c dovecot: restore hierarchy separator setting 
The application of this setting got lost in the structured settings
migration.

Ref: 44149c5
 2026-04-14 14:33:29 +02:00
Martin Weinelt 4ddd48b573 Merge branch 'dovecot-rfc42' into 'main' 
dovecot: migrate to settings option

See merge request simple-nixos-mailserver/nixos-mailserver!498
 2026-04-12 23:25:29 +00:00
Martin Weinelt f1e4af7184 dovecot: run lmtp service under storage owner user 
Previously it ran as root, which is not required since we use a single
uid/gid for all mail storage.
 2026-04-13 01:19:14 +02:00
Martin Weinelt 0da8e2b197 quota: expose global quota settings 
With the options in the upstream dovecot module gone the quota support
and its option now live in our downstream module.

The only behavior change this introduces is not setting a global per
user default instead of the previous 100G per user.

Diabling quota support and setting per user quotas now raises an
assertion:

````
Failed assertions:
- Without quota support enabled, per-user quotas cannot be applied to the following accounts:

  - lowquota@example.com

  Either remove per user quota settings or re-enable `mailserver.quota.enable`.
````
 2026-04-13 01:19:14 +02:00
Martin Weinelt 44149c527e dovecot: migrate to settings option 2026-04-13 01:19:14 +02:00
Martin Weinelt ffb64609a5 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6' (2026-03-31)
  → 'github:NixOS/nixpkgs/c88e63f4caf12c731f61ce71f300680ce73c180e' (2026-04-12)
 2026-04-13 01:19:14 +02:00
Martin Weinelt d98a6302f1 ci: run on main branch 2026-04-12 03:59:39 +02:00
Martin Weinelt 5688b25151 hydra: drop nixos-25.05 branch 2026-04-12 03:54:42 +02:00
Martin Weinelt 3277481550 hydra: migrate tests from master to main 2026-04-12 03:54:42 +02:00
Martin Weinelt 1b33655bcb Switch default branch to main 2026-04-12 03:54:39 +02:00
Martin Weinelt 44c63067d4 hydra: run declarative jobset against unstable-small 
This is a moving target. Before we were sitting on a commit from 2020.
 2026-04-12 01:58:08 +02:00
Martin Weinelt c45a1e4385 docs: bump stateVersion in setup-example 
The setup example is for new users who don't need to do any migrations
just yet.
 2026-04-03 21:25:24 +02:00
Martin Weinelt 493f0ff8a7 Merge branch 'ldap-uuid-attr-crash' into 'master' 
dovecot: drop redundant uuid mapping in user_attrs

Closes #352

See merge request simple-nixos-mailserver/nixos-mailserver!506
 2026-03-31 23:21:42 +00:00
Martin Weinelt 42650aad4d dovecot: drop redundant uuid mapping in user_attrs 
This was redundant at best and crashing Dovecot at worst, due to multiple
requests for the uuid field name.

Closes: #352
 2026-03-31 23:17:08 +02:00
Martin Weinelt f18985058e flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/f799ae951fde0627157f40aec28dec27b22076d0' (2026-03-21)
  → 'github:cachix/git-hooks.nix/c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a' (2026-03-31)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2cb1420c66c8e634314ce0abf70680208177f5b4' (2026-03-22)
  → 'github:NixOS/nixpkgs/2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6' (2026-03-31)
 2026-03-31 16:18:10 +02:00
Martin Weinelt 0e176193a2 Fix various issues in the storage option descriptiosn 
Especially a mistake where I confused rst and markdown syntax for
referencing options.
 2026-03-25 18:32:54 +01:00
Martin Weinelt 07e82e06d8 Merge branch 'cleanup' into 'master' 
Rename loginAccounts and group storage related settings

See merge request simple-nixos-mailserver/nixos-mailserver!501
 2026-03-24 22:56:11 +00:00
Martin Weinelt 20f0e767cb users: remove unused common import 2026-03-24 01:58:37 +01:00
Martin Weinelt e13736db67 Group storage and vmail user options at mailserver.storage 
Create a nicer option structure that deals with the mail storage and its
owner, uid, group and gid. Also includes the directory layout as a
property of how mails are stored..
 2026-03-24 01:57:31 +01:00
Martin Weinelt 6826d11c58 users: remove global with config.mailserver 2026-03-24 01:35:48 +01:00
Martin Weinelt e9337b346f Rename mailserver.loginAccounts to mailserver.accounts 
The "login" prefix makes this option more confusing rather than clearer,
because what other account types are there? LDAP ones for example, but
you can login with those too, so the prefix is pointless.
 2026-03-24 01:35:48 +01:00
Martin Weinelt 5fdb686c66 docs: improve login account options 2026-03-24 01:35:48 +01:00
Martin Weinelt 3a1de3713c Merge branch 'ldap-storage-regression' into 'master' 
dovecot: fix storage basedir regression in ldap home

See merge request simple-nixos-mailserver/nixos-mailserver!505
 2026-03-24 00:35:35 +00:00