aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,013 Commits 9 Branches 0 Tags
e5ae7b5b962bfbbea5966701fe4384ecb51e07de
Commit Graph

1013 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martin Weinelt e5ae7b5b96 Merge branch 'sieve-migration' into 'main' 
sieve: move `cfg.sieveDirectory` into home directory of virtual users

See merge request simple-nixos-mailserver/nixos-mailserver!508
 2026-05-24 03:07:38 +00:00
emilylange c60d98a13c sieve: add migration story for cfg.sieveDirectory removal 
Co-authored-by: Martin Weinelt <hexa@darmstadt.ccc.de>
 2026-05-24 05:02:23 +02:00
Martin Weinelt 58ff4da02f Merge branch 'restore-default-index-path' into 'main' 
dovecot: restore default mail_index_path

Closes #359

See merge request simple-nixos-mailserver/nixos-mailserver!525
 2026-05-24 02:12:13 +00:00
Martin Weinelt 4dcd114a2f dovecot: restore default mail_index_path 
Back in 2.3 the index was by default kept in the maildir. This is also
the default in 2.4, but during the migration I put the dovecot home dir
as the default index path, which is a breaking change and could cause
client resyncs.

Fixes: #359
 2026-05-24 04:00:39 +02:00
Martin Weinelt e4e18e01de Merge branch 'ldap-auth-bind' into 'main' 
dovecot: fix non-default `cfg.ldap.attributes.password`, reintroduce LDAP bind auth for passdb

Closes #360

See merge request simple-nixos-mailserver/nixos-mailserver!524
 2026-05-24 00:20:28 +00:00
emilylange eea473ea12 dovecot: reintroduce LDAP bind auth for passdb 
LDAP bind auth used to be enabled by default (and not configurable)
before the dovecot 2.4 migration.

I changed the default option value to match the old Dovecot 2.3
behavior.

The use of authentication bind is required for LDAP servers that simply
do not have such LDAP attribute like Kanidm, or in cases where the
password scheme used is not supported by Dovecot.
 2026-05-24 02:01:55 +02:00
emilylange 57bfae2d7e dovecot: fix non-default cfg.ldap.attributes.password 
The option got recently introduced, but never properly wired.
 2026-05-24 01:30:59 +02:00
Martin Weinelt e5102c5502 Merge branch 'opt-desc-down' into 'main' 
docs: move option description below type, default and example

See merge request simple-nixos-mailserver/nixos-mailserver!522
 2026-05-23 19:43:16 +00:00
Martin Weinelt 1d6f18856a Merge branch 'prek' into 'main' 
pre-commit: migrate to prek

See merge request simple-nixos-mailserver/nixos-mailserver!521
 2026-05-23 18:06:54 +00:00
Martin Weinelt 800bf95755 docs: move option description below type, default and example 
This puts the important facts first and pulls the description way down
to the end of the option documentation.
 2026-05-23 19:41:21 +02:00
Martin Weinelt c0cc5e7eff pre-commit: migrate to prek 
Same functionality with smaller depdency closure.
 2026-05-23 19:35:32 +02:00
Martin Weinelt 61e9c248c5 Merge branch 'flake-update' into 'main' 
flake.lock: Update

See merge request simple-nixos-mailserver/nixos-mailserver!520
 2026-05-21 15:57:25 +00:00
Martin Weinelt 10dce12f73 tests/ldap: check regex match return value 
error[unresolved-attribute]: Attribute `group` is not defined on `None` in union `Match[str] | None`
   --> testScriptWithTypes:152:21
    |
152 |   ldap_table_path = re.match('.* =.*ldap:(.*)', conf).group(1)
    |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
 2026-05-21 17:28:36 +02:00
Martin Weinelt 86a2bb9afd flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/580633fa3fe5fc0379905986543fd7495481913d' (2026-04-07)
  → 'github:cachix/git-hooks.nix/61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a' (2026-05-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9a3a5b8400951b3497d2ef8f239f8451175cf3a1' (2026-04-18)
  → 'github:NixOS/nixpkgs/657e2fa0760e27167cdacb1ec5d84782be312013' (2026-05-21)
 2026-05-21 17:20:31 +02:00
emilylange e4aa2d1517 sieve: move cfg.sieveDirectory into home directory of virtual users 2026-05-02 20:02:31 +02:00
emilylange 260f38128e sieve: offload mailserver.loginAccounts.<name>.sieveScript into /nix/store 
This simplifies the remaining structure of `cfg.sieveDirectory`
a lot and gets us one step closer to removing
`activate-virtual-mail-users.service`.
 2026-05-02 20:00:03 +02:00
emilylange 28bfef89ba tests: test mailserver.loginAccounts.<name>.sieveScript 2026-05-02 19:54:32 +02:00
Martin Weinelt e33fbde199 Merge branch 'push-pxvmorlwmyns' into 'main' 
{rspamd,borgbackup}: use package from upstream NixOS service

See merge request simple-nixos-mailserver/nixos-mailserver!519
 2026-04-27 10:58:13 +00:00
Michael Hoang fb38d437a5 borgbackup: use package from upstream NixOS service 2026-04-27 12:43:59 +02:00
Michael Hoang f810a804c6 rspamd: use package from upstream NixOS service 2026-04-27 12:23:04 +02:00
Martin Weinelt 583a362c5b Merge branch 'tls-updates' into 'main' 
TLS updates

See merge request simple-nixos-mailserver/nixos-mailserver!518
 2026-04-26 21:48:52 +00:00
Martin Weinelt 3ab15c2e30 docs/release-notes: add tls changes 2026-04-26 01:47:39 +02:00
Martin Weinelt ecbe707330 postfix/dovecot: support SecP256r1MLKME768 key exchange 
Added support means we allow it, but for now we don't prefer it, since it
has not seen much use yet. For Postfix that means it lands below the two
groups that already send a key share and save us a roundtrip.

https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html
 2026-04-26 01:04:33 +02:00
Martin Weinelt 7909eabac2 postfix: require AEAD & ECDHE cipher suites 
This drops ARIA, Camellia and AES-CBC support from TLSv1.2 cipher suites.

When we explicitly restrict the cipherlist in Postfix, then we need to
define TLSv1.3 cipher suites in our OpenSSL config file.
 2026-04-26 01:04:33 +02:00
Martin Weinelt 8d6b14c82c postfix: restrict TLS signing algorithms 
Prunes the list preset and removes SHA-1 to restore compatibility with
NCSC TLS security guidelines.
 2026-04-26 01:04:32 +02:00
Martin Weinelt e6c4a96f50 Merge branch 'fix/overeager-scheme-prepend' into 'main' 
Only prepend {CRYPT} scheme if there is no scheme present

See merge request simple-nixos-mailserver/nixos-mailserver!517
 2026-04-23 13:29:01 +00:00
Charlotte Van Petegem 6e9a4420b3 Only prepend {CRYPT} scheme if there is no scheme present 2026-04-23 14:45:22 +02:00
Martin Weinelt 0b1ca54241 hydra: use nixpkgs-unstable instead of nixos-unstable-small 
We don't need the fast pace of unstable-small, but we still want to stay
current with built packages on unstable for evaluations.
 2026-04-21 15:00:29 +02:00
Martin Weinelt bd5b08681a Merge branch 'dovecot-2.4.3' into 'main' 
dovecot: migrate to dovecot 2.4

See merge request simple-nixos-mailserver/nixos-mailserver!512
 2026-04-20 23:23:08 +00:00
Martin Weinelt 198246f2c2 fts: update docs and defaults 2026-04-21 00:58:58 +02:00
Martin Weinelt f9d1435378 dovecot: migrate to dovecot 2.4 2026-04-20 15:39:36 +02:00
Martin Weinelt 7dce7fbd5a Merge branch 'add-option-custom-reject-sender-message-release-notes' into 'main' 
Add Release Note for rejectSenderMessage and fix typo

See merge request simple-nixos-mailserver/nixos-mailserver!515
 2026-04-19 14:27:24 +00:00
Lennart Mühlenmeier 99a9b6efb7 Add Release Note for rejectSenderMessage and fix typo 
Forgot about adding a Release Note for rejectSenderMessage
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/453,
also fixing a typo in that already merged commit I just noticed.
 2026-04-19 09:32:41 +02:00
Martin Weinelt fdb1be9b50 Merge branch 'update-dovecot-hostname' into 'main' 
dovecot: fix hostname to fqdn

See merge request simple-nixos-mailserver/nixos-mailserver!510
 2026-04-19 00:12:04 +00:00
Martin Weinelt 21399f334c Merge branch 'update-rspamd-headers' into 'main' 
rspamd: add authentication-results header

See merge request simple-nixos-mailserver/nixos-mailserver!513
 2026-04-19 00:02:44 +00:00
Martin Weinelt 7fe61cc1a3 Merge branch 'tests-uds-helper' into 'main' 
tests: migrate to wait_for_open_unix_socket helper

See merge request simple-nixos-mailserver/nixos-mailserver!514
 2026-04-18 21:12:40 +00:00
Martin Weinelt 25fae6f36e tests: migrate to wait_for_open_unix_socket helper 2026-04-18 23:04:09 +02:00
Lafiel 903d0cc8ad rspamd: add authentication-results header 2026-04-18 18:10:00 +03:00
Martin Weinelt e4017308b2 flake.lock: Update 
Flake lock file updates:

• Updated input 'git-hooks':
    'github:cachix/git-hooks.nix/c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a' (2026-03-31)
  → 'github:cachix/git-hooks.nix/580633fa3fe5fc0379905986543fd7495481913d' (2026-04-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c88e63f4caf12c731f61ce71f300680ce73c180e' (2026-04-12)
  → 'github:NixOS/nixpkgs/9a3a5b8400951b3497d2ef8f239f8451175cf3a1' (2026-04-18)
 2026-04-18 16:22:38 +02:00
Martin Weinelt 93b4e5f3cd Merge branch 'quotaUsers' into 'main' 
dovecot: fix quota users assertion

See merge request simple-nixos-mailserver/nixos-mailserver!511
 2026-04-16 00:23:56 +00:00
isabel 10b577c650 dovecot: fix quota users assertion 2026-04-16 01:04:07 +01:00
Lafiel c67cc808ce dovecot: fix hostname to fqdn 2026-04-15 19:30:27 +03:00
Martin Weinelt ceb3f17fe1 Merge branch 'restore-dovecot-hierarchy-separator' into 'main' 
dovecot: restore hierarchy separator setting

See merge request simple-nixos-mailserver/nixos-mailserver!509
 2026-04-14 13:59:05 +00:00
Martin Weinelt bb1728f27c dovecot: restore hierarchy separator setting 
The application of this setting got lost in the structured settings
migration.

Ref: 44149c5
 2026-04-14 14:33:29 +02:00
Martin Weinelt 4ddd48b573 Merge branch 'dovecot-rfc42' into 'main' 
dovecot: migrate to settings option

See merge request simple-nixos-mailserver/nixos-mailserver!498
 2026-04-12 23:25:29 +00:00
Martin Weinelt f1e4af7184 dovecot: run lmtp service under storage owner user 
Previously it ran as root, which is not required since we use a single
uid/gid for all mail storage.
 2026-04-13 01:19:14 +02:00
Martin Weinelt 0da8e2b197 quota: expose global quota settings 
With the options in the upstream dovecot module gone the quota support
and its option now live in our downstream module.

The only behavior change this introduces is not setting a global per
user default instead of the previous 100G per user.

Diabling quota support and setting per user quotas now raises an
assertion:

````
Failed assertions:
- Without quota support enabled, per-user quotas cannot be applied to the following accounts:

  - lowquota@example.com

  Either remove per user quota settings or re-enable `mailserver.quota.enable`.
````
 2026-04-13 01:19:14 +02:00
Martin Weinelt 44149c527e dovecot: migrate to settings option 2026-04-13 01:19:14 +02:00
Martin Weinelt ffb64609a5 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6' (2026-03-31)
  → 'github:NixOS/nixpkgs/c88e63f4caf12c731f61ce71f300680ce73c180e' (2026-04-12)
 2026-04-13 01:19:14 +02:00
Martin Weinelt d98a6302f1 ci: run on main branch 2026-04-12 03:59:39 +02:00