{ config, lib, ... }: let mailserverRelease = "26.05"; nixpkgsRelease = lib.trivial.release; releaseMismatch = config.mailserver.enableNixpkgsReleaseCheck && mailserverRelease != nixpkgsRelease; in { warnings = lib.optional releaseMismatch '' You are using NixOS Mailserver version ${mailserverRelease} and Nixpkgs version ${nixpkgsRelease}. Using mismatched versions is likely to cause compatibility issues and may require migrations that make an eventual rollback tricky. It is therefore highly recommended to use a release of NixOS mailserver that corresponds with your chosen release of Nixpkgs. If you insist then you can disable this warning by adding mailserver.enableNixpkgsReleaseCheck = false; to your configuration. ''; # We guard all assertions by requiring mailserver to be actually enabled assertions = lib.optionals config.mailserver.enable ( [ { assertion = config.mailserver.stateVersion != null; message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at."; } { assertion = config.mailserver.x509.useACMEHost != null -> config.mailserver.x509.certificateFile == null && config.mailserver.x509.privateKeyFile == null; message = "Configuring an ACME certificate (`mailserver.x509.useACMEHost`) is not possible while also passing an existing certificate (`mailserver.x509.certificateFile`, `mailserver.x509.privateKeyFile`)."; } { assertion = config.mailserver.x509.useACMEHost != null || ( config.mailserver.x509.certificateFile != null && config.mailserver.x509.privateKeyFile != null ); message = "Configure either an ACME certificate (`mailserver.x509.useACMEHost`) or pass an existing certificate (`mailserver.x509.certificateFile`, `mailserver.x509.privateKeyFile`)."; } ] ++ lib.optionals config.mailserver.dkim.enable ( lib.flatten ( lib.mapAttrsToList ( domain: domainAttrs: lib.mapAttrsToList (selector: selectorAttrs: [ { assertion = selectorAttrs.keyFile != null -> (selectorAttrs.keyType == null && selectorAttrs.keyLength == null); message = "${domain} DKIM selector ${selector} can only use either `keyType`, `keyLength` OR `keyFile` not both."; } ]) domainAttrs.selectors ) config.mailserver.dkim.domains ) ) ++ lib.optionals config.mailserver.ldap.enable [ { assertion = config.mailserver.loginAccounts == { }; message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.loginAccounts"; } { assertion = config.mailserver.extraVirtualAliases == { }; message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.extraVirtualAliases"; } ] ++ lib.optionals (config.mailserver.ldap.enable && config.mailserver.mailDirectory != "/var/vmail") [ { assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 2; message = '' Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.mailDirectory`. Remediation: - Stop the `dovecot.service` - Move `/var/vmail/ldap` below your `mailserver.mailDirectory` - Increase the `stateVersion` to 2. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-ldap-home-directory-migration for more information. ''; } ] ++ [ { assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 3; message = '' Issue: The dovecot mail location for all users has changed and need to be migrated. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-mail-directory-migration for the required remediation steps. ''; } ] ); }