emilylange
147 lines
5.6 KiB
Nix
147 lines
5.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
mailserverRelease = "26.05";
|
|
nixpkgsRelease = lib.trivial.release;
|
|
releaseMismatch =
|
|
config.mailserver.enableNixpkgsReleaseCheck && mailserverRelease != nixpkgsRelease;
|
|
in
|
|
|
|
{
|
|
warnings =
|
|
lib.optionals releaseMismatch [
|
|
''
|
|
You are using
|
|
|
|
NixOS Mailserver version ${mailserverRelease} and
|
|
Nixpkgs version ${nixpkgsRelease}.
|
|
|
|
Using mismatched versions is likely to cause compatibility issues
|
|
and may require migrations that make an eventual rollback tricky.
|
|
|
|
It is therefore highly recommended to use a release of
|
|
NixOS mailserver that corresponds with your chosen release of Nixpkgs.
|
|
|
|
If you insist then you can disable this warning by adding
|
|
|
|
mailserver.enableNixpkgsReleaseCheck = false;
|
|
|
|
to your configuration.
|
|
''
|
|
]
|
|
++ lib.optionals config.mailserver.borgbackup.enable [
|
|
''
|
|
`mailserver.borgbackup` will be removed after 26.05.
|
|
|
|
The borgbackup integration will be removed with the recommendation to
|
|
migrate to the upstream `services.borgbackup` module, which receives far
|
|
superior maintenance and testing.
|
|
|
|
NixOS manual: https://nixos.org/manual/nixos/stable/#module-borgbase
|
|
''
|
|
]
|
|
++ lib.optionals config.mailserver.backup.enable [
|
|
''
|
|
`mailserver.backup` will be removed after 26.05.
|
|
|
|
The rsnapshot integration will be removed due to lack of maintenance,
|
|
expertise and tests to make sure it still works. Please use the upstream
|
|
module directly instead.
|
|
''
|
|
]
|
|
++ lib.optionals config.mailserver.monitoring.enable [
|
|
''
|
|
`mailserver.monitoring` will be removed after 26.05.
|
|
|
|
The monit integration will be removed due to lack of maintenance,
|
|
expertise and tests to make sure it still works.
|
|
''
|
|
];
|
|
|
|
# We guard all assertions by requiring mailserver to be actually enabled
|
|
assertions = lib.optionals config.mailserver.enable (
|
|
[
|
|
{
|
|
assertion = config.mailserver.stateVersion != null;
|
|
message = "The `mailserver.stateVersion` option is not set. Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html to determine the proper value to initialize it at.";
|
|
}
|
|
{
|
|
assertion =
|
|
config.mailserver.x509.useACMEHost != null
|
|
-> config.mailserver.x509.certificateFile == null && config.mailserver.x509.privateKeyFile == null;
|
|
message = "Configuring an ACME certificate (`mailserver.x509.useACMEHost`) is not possible while also passing an existing certificate (`mailserver.x509.certificateFile`, `mailserver.x509.privateKeyFile`).";
|
|
}
|
|
{
|
|
assertion =
|
|
config.mailserver.x509.useACMEHost != null
|
|
|| (
|
|
config.mailserver.x509.certificateFile != null && config.mailserver.x509.privateKeyFile != null
|
|
);
|
|
message = "Configure either an ACME certificate (`mailserver.x509.useACMEHost`) or pass an existing certificate (`mailserver.x509.certificateFile`, `mailserver.x509.privateKeyFile`).";
|
|
}
|
|
]
|
|
++ lib.optionals config.mailserver.dkim.enable (
|
|
lib.flatten (
|
|
lib.mapAttrsToList (
|
|
domain: domainAttrs:
|
|
lib.mapAttrsToList (selector: selectorAttrs: [
|
|
{
|
|
assertion =
|
|
selectorAttrs.keyFile != null -> (selectorAttrs.keyType == null && selectorAttrs.keyLength == null);
|
|
message = "${domain} DKIM selector ${selector} can only use either `keyType`, `keyLength` OR `keyFile` not both.";
|
|
}
|
|
]) domainAttrs.selectors
|
|
) config.mailserver.dkim.domains
|
|
)
|
|
)
|
|
++ lib.optionals (config.mailserver.ldap.enable && config.mailserver.storage.path != "/var/vmail") [
|
|
{
|
|
assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 2;
|
|
message = ''
|
|
Issue: The dovecot homedir for LDAP users was previously not respecting `mailserver.storage.path`.
|
|
Remediation:
|
|
- Stop the `dovecot.service`
|
|
- Move `/var/vmail/ldap` below your `mailserver.storage.path`
|
|
- Increase the `stateVersion` to 2.
|
|
|
|
Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-ldap-home-directory-migration for more information.
|
|
'';
|
|
}
|
|
]
|
|
++ [
|
|
{
|
|
assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 3;
|
|
message = ''
|
|
Issue: The dovecot mail location for all users has changed and need to be migrated.
|
|
|
|
Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-mail-directory-migration for the required remediation steps.
|
|
'';
|
|
}
|
|
]
|
|
++ lib.optionals (config.mailserver.ldap.enable) [
|
|
{
|
|
assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 4;
|
|
message = ''
|
|
NixOS Mailserver requires migrating LDAP home directories to UUID scheme
|
|
|
|
Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-ldap-uuid-based-home-directories for required migration steps.
|
|
'';
|
|
}
|
|
]
|
|
++ lib.optionals (config.mailserver.enableManageSieve) [
|
|
{
|
|
assertion = config.mailserver.stateVersion != null -> config.mailserver.stateVersion >= 5;
|
|
message = ''
|
|
NixOS Mailserver requires moving the Sieve script directories into Dovecot home directories.
|
|
|
|
Check https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#sieve-script-directory-migration for required migration steps.
|
|
'';
|
|
}
|
|
]
|
|
);
|
|
}
|