ffb64609a5
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6' (2026-03-31)
→ 'github:NixOS/nixpkgs/c88e63f4caf12c731f61ce71f300680ce73c180e' (2026-04-12)
2026-04-13 01:19:14 +02:00
d98a6302f1
ci: run on main branch
2026-04-12 03:59:39 +02:00
5688b25151
hydra: drop nixos-25.05 branch
2026-04-12 03:54:42 +02:00
3277481550
hydra: migrate tests from master to main
2026-04-12 03:54:42 +02:00
1b33655bcb
Switch default branch to main
2026-04-12 03:54:39 +02:00
44c63067d4
hydra: run declarative jobset against unstable-small
...
This is a moving target. Before we were sitting on a commit from 2020.
2026-04-12 01:58:08 +02:00
c45a1e4385
docs: bump stateVersion in setup-example
...
The setup example is for new users who don't need to do any migrations
just yet.
2026-04-03 21:25:24 +02:00
493f0ff8a7
Merge branch 'ldap-uuid-attr-crash' into 'master'
...
dovecot: drop redundant uuid mapping in user_attrs
Closes #352
See merge request simple-nixos-mailserver/nixos-mailserver!506
2026-03-31 23:21:42 +00:00
42650aad4d
dovecot: drop redundant uuid mapping in user_attrs
...
This was redundant at best and crashing Dovecot at worst, due to multiple
requests for the uuid field name.
Closes : #352
2026-03-31 23:17:08 +02:00
f18985058e
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/f799ae951fde0627157f40aec28dec27b22076d0' (2026-03-21)
→ 'github:cachix/git-hooks.nix/c06f90f1eb6569bdaf6a4a10cb7e66db4454ac2a' (2026-03-31)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/2cb1420c66c8e634314ce0abf70680208177f5b4' (2026-03-22)
→ 'github:NixOS/nixpkgs/2f4fd5e1abf9bac8c1d22750c701a7a5e6b524c6' (2026-03-31)
2026-03-31 16:18:10 +02:00
0e176193a2
Fix various issues in the storage option descriptiosn
...
Especially a mistake where I confused rst and markdown syntax for
referencing options.
2026-03-25 18:32:54 +01:00
07e82e06d8
Merge branch 'cleanup' into 'master'
...
Rename loginAccounts and group storage related settings
See merge request simple-nixos-mailserver/nixos-mailserver!501
2026-03-24 22:56:11 +00:00
20f0e767cb
users: remove unused common import
2026-03-24 01:58:37 +01:00
e13736db67
Group storage and vmail user options at mailserver.storage
...
Create a nicer option structure that deals with the mail storage and its
owner, uid, group and gid. Also includes the directory layout as a
property of how mails are stored..
2026-03-24 01:57:31 +01:00
6826d11c58
users: remove global with config.mailserver
2026-03-24 01:35:48 +01:00
e9337b346f
Rename mailserver.loginAccounts to mailserver.accounts
...
The "login" prefix makes this option more confusing rather than clearer,
because what other account types are there? LDAP ones for example, but
you can login with those too, so the prefix is pointless.
2026-03-24 01:35:48 +01:00
5fdb686c66
docs: improve login account options
2026-03-24 01:35:48 +01:00
3a1de3713c
Merge branch 'ldap-storage-regression' into 'master'
...
dovecot: fix storage basedir regression in ldap home
See merge request simple-nixos-mailserver/nixos-mailserver!505
2026-03-24 00:35:35 +00:00
854cb3ad3a
tests: add regression test for custom ldap storage path
...
By setting a custom mail storage path the home dir lookups will fail and
signal something is wrong.
2026-03-24 01:29:27 +01:00
4f3d21f386
dovecot: fix storage basedir regression in ldap home
...
During the rewrite of the LDAP userdb field lookups the default path for
the mail storage directory accidentally leaked into the home directory
path.
2026-03-24 01:11:09 +01:00
2410c89f61
Merge branch 'ldap-local-coex' into 'master'
...
ldap: allow coexistence with local accounts
See merge request simple-nixos-mailserver/nixos-mailserver!502
2026-03-23 23:26:33 +00:00
ff5efdeeb6
Update forwards option description
...
Mixing examples and description in the description makes it very noisy
and unfocused.
2026-03-23 16:26:32 +01:00
31c7607ef4
Rename extraVirtualAliases to aliases and update description
...
The extra and virtual parts are redundant and Postfix specific and not
at all required. Compare forwards for example.
2026-03-23 16:26:32 +01:00
23364b04e8
ldap: allow local accounts and aliases with ldap enabled
...
In conflicts between local addresses and LDAP addresses the local one
will always take priority in mail routing.
This is something we now document and guarantee through tests.
2026-03-23 16:25:50 +01:00
86d256870b
postfix: prune virtual delivery agent settings
...
We exclusively rely on delivery via dovecot-lmtp, so these are redundant.
2026-03-23 13:23:01 +01:00
14717e52a0
Merge branch 'flake-update' into 'master'
...
flake.lock: Update
See merge request simple-nixos-mailserver/nixos-mailserver!504
2026-03-23 01:40:03 +00:00
2e6711bbdd
docs: remove email from acme default configuration
...
This is not required any longer since
https://github.com/NixOS/nixpkgs/pull/489983
2026-03-23 02:31:14 +01:00
569ed84e4b
flake.lock: Update
...
Flake lock file updates:
• Updated input 'git-hooks':
'github:cachix/git-hooks.nix/8baab586afc9c9b57645a734c820e4ac0a604af9' (2026-03-07)
→ 'github:cachix/git-hooks.nix/f799ae951fde0627157f40aec28dec27b22076d0' (2026-03-21)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/0c6c0dd2469abaa216599bb19bbf77a328af6564' (2026-03-09)
→ 'github:NixOS/nixpkgs/2cb1420c66c8e634314ce0abf70680208177f5b4' (2026-03-22)
2026-03-23 02:29:28 +01:00
148c2f9beb
Merge branch 'typos-hook' into 'master'
...
Check for obvious typos in pre-commit
See merge request simple-nixos-mailserver/nixos-mailserver!503
2026-03-23 00:43:46 +00:00
4ef8541b11
treewide: fix typos
2026-03-23 01:35:59 +01:00
625d607365
Check for obvious typos in pre-commit
2026-03-23 01:35:27 +01:00
097219b2dd
docs: fix download url for migration script
2026-03-23 00:52:08 +01:00
5d715c4ce8
assertions: adjust docs url for migration #4
2026-03-22 15:03:18 +01:00
4b6a7450e8
Merge branch 'ldap-updates' into 'master'
...
LDAP: UUID based homedirs, username based login, group attribute options, docs
Closes #323 and #342
See merge request simple-nixos-mailserver/nixos-mailserver!493
2026-03-22 13:57:37 +00:00
98acd76bbf
Add migration story for LDAP UUID home directories
2026-03-21 22:34:50 +01:00
59eae7f3d0
tests/ldap: remove redundant settings
...
All of thsese are already option defaults.
2026-03-21 22:34:50 +01:00
a70ae543cb
docs: add baseline ldap documentation
...
within the new account backends nav section.
2026-03-21 22:34:50 +01:00
63365fb1a8
postfix: document ldap map purposes
2026-03-21 01:38:04 +01:00
762f553643
ldap: make uid the default account name
...
I fail to understand how mail became the uidAttribute way back when LDAP
support was introduced, but it was unintentional and clearly a mistake.
The uid attribute is the standard system login name per RFC4519 2.39 and
what we default to going forward.
2026-03-21 01:38:04 +01:00
a87d01ea79
ldap: reorganize and regroup options
...
Now that we have more experience with how we use the LDAP module options
we can make smarter decisions in how to organize them. We can also
explain much better what these options imply, which results in more
extensive option documentation.
2026-03-21 01:38:04 +01:00
609fd80936
dovecot: make sure vid/gid are not overridable
...
The only storage scheme we support is a single declarative user with
fixed uid/gid. The default_fields are overridable if these fields leak
in from LDAP, so promote them to override_fields instead.
2026-03-21 00:47:59 +01:00
af480dba87
ldap: replace pass_attrs option with password attr option
...
The passdb only checks password access, so instead of customizing the
whole pass_attrs setting we now allow customization of the password field
used.
2026-03-21 00:47:59 +01:00
091eda1ed2
ldap: migrate to UUID based Dovecot home directories
...
The LDAP support was not in a good shape when it was merged. This is a
breaking change and course correction to apply best practices going
forward.
This fixes various issues experienced with the Dovecot LDAP home
directory.
The gravest issue is that the `homeDirectory` attribute from
the `posixAccount` schema would overwrite the Dovecot home directory and
cause permission errors. This was possible because we defined the home
variable in `default_fields` that is inherently mutable and just a preset
if no other value gets transmitted from LDAP. This did not surface in
tests, because our LDAP schema was too minimal compared to a common
production dataset.
The most annoying issue and the actual breaking change is that we now
default to UUID based home directories. Every entry in an IDM that
supports LDAP comes with a unique identifier that does not change upon
account name changes. We want those to enable simple account name
migrations that don't require any manual data migration.
To migrate existing dovecot home directories a migration script is
included, which will be backported to the 25.11 release, so the migration
can already be started from the previous release version.
2026-03-21 00:47:59 +01:00
fa0d5c9694
tests/ldap: fail fast if openldap schema is broken
...
This helps so much during development as it tells me openldap failed and
doesn't require me to do a root cause analysis on a postmap failure much
later in during the test.
2026-03-21 00:47:59 +01:00
05968d7978
Merge branch 'add-option-custom-reject-sender-message' into 'master'
...
Add rejectSenderMessage option
See merge request simple-nixos-mailserver/nixos-mailserver!453
2026-03-20 10:16:09 +00:00
5544b0fa70
Add rejectSenderMessage option
2026-03-20 10:16:09 +00:00
fb3350c188
Merge branch 'roundcube-doc-plugin-maxsize-fix' into 'master'
...
docs/roundcube: fix mistakes in the example and add examples for caddy and managesieve
See merge request simple-nixos-mailserver/nixos-mailserver!499
2026-03-19 20:32:02 +00:00
3dc19d30d1
docs/roundcube: add caddy example
2026-03-19 13:36:00 +01:00
cbf450f06c
docs/roundcube: fix typo in nginx vhost
2026-03-19 13:36:00 +01:00
bf481fd2e5
docs/roundcube: add managesieve example
2026-03-19 13:36:00 +01:00
Martin Weinelt
Martin Weinelt
lennart
headpats