commit 56674702b0714ed9116c67a870f88e966038649b · pyrox.dev/nixpkgs

+2 -2

nixos/doc/manual/release-notes/rl-2511.section.md

···

       126
       126
        
       

     

       127
       127
        
       - The Postfix module has been updated and likely requires configuration changes:

     

       128
       128
        
         - The `services.postfix.sslCert` and `sslKey` options were removed and you now need to configure

     

       129
       129
       -
           - [services.postfix.config.smtpd_tls_chain_files](#opt-services.postfix.config.smtpd_tls_chain_files) for server certificates,

     

       130
       130
       -
           - [services.postfix.config.smtp_tls_chain_files](#opt-services.postfix.config) for client certificates.

     

       129
       129
       +
           - [services.postfix.settings.main.smtpd_tls_chain_files](#opt-services.postfix.settings.main.smtpd_tls_chain_files) for server certificates,

     

       130
       130
       +
           - [services.postfix.settings.main.smtp_tls_chain_files](#opt-services.postfix.settings.main) for client certificates.

     

       131
       131
        
       

     

       132
       132
        
       - `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable`

     

       133
       133

+6 -4

nixos/modules/services/mail/mailman.md

···

       14
       14
        
       {

     

       15
       15
        
         services.postfix = {

     

       16
       16
        
           enable = true;

     

       17
       17
       -
           relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];

     

       18
       18
       -
           sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";

     

       19
       19
       -
           sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";

     

       20
       20
       -
           config = {

     

       17
       17
       +
           settings.main = {

     

       21
       18
        
             transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];

     

       22
       19
        
             local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];

     

       20
       20
       +
             relay_domains = [ "hash:/var/lib/mailman/data/postfix_domains" ];

     

       21
       21
       +
             smtpd_tls_chain_files = [

     

       22
       22
       +
               config.security.acme.certs."lists.example.org".directory + "/full.pem"

     

       23
       23
       +
               config.security.acme.certs."lists.example.org".directory + "/key.pem"

     

       24
       24
       +
             ];

     

       23
       25
        
           };

     

       24
       26
        
         };

     

       25
       27
        
         services.mailman = {

+2 -2

nixos/modules/services/mail/mailman.nix

···

       554
       554
        
           ];

     

       555
       555
        
       

     

       556
       556
        
           services.postfix = lib.mkIf cfg.enablePostfix {

     

       557
       557
       -
             recipientDelimiter = "+"; # bake recipient addresses in mail envelopes via VERP

     

       558
       558
       -
             config = {

     

       557
       557
       +
             settings.main = {

     

       559
       558
        
               owner_request_special = "no"; # Mailman handles -owner addresses on its own

     

       559
       559
       +
               recipient_delimiter = "+"; # bake recipient addresses in mail envelopes via VERP

     

       560
       560
        
             };

     

       561
       561
        
           };

     

       562
       562

+5 -4

nixos/modules/services/mail/mlmmj.nix

···

       120
       120
        
       

     

       121
       121
        
           services.postfix = {

     

       122
       122
        
             enable = true;

     

       123
       123
       -
             recipientDelimiter = "+";

     

       124
       124
       -
             masterConfig.mlmmj = {

     

       123
       123
       +
             settings.main = {

     

       124
       124
       +
               recipient_delimiter = "+";

     

       125
       125
       +
               propagate_unmatched_extensions = "virtual";

     

       126
       126
       +
             };

     

       127
       127
       +
             settings.master.mlmmj = {

     

       125
       128
        
               type = "unix";

     

       126
       129
        
               private = true;

     

       127
       130
        
               privileged = true;

     
···

       139
       142
        
             };

     

       140
       143
        
       

     

       141
       144
        
             extraAliases = concatMapLines (alias cfg.listDomain) cfg.mailLists;

     

       142
       142
       -
       

     

       143
       143
       -
             extraConfig = "propagate_unmatched_extensions = virtual";

     

       144
       145
        
       

     

       145
       146
        
             virtual = concatMapLines (virtual cfg.listDomain) cfg.mailLists;

     

       146
       147
        
             transport = concatMapLines (transport cfg.listDomain) cfg.mailLists;

+1 -1

nixos/modules/services/mail/pfix-srsd.nix

···

       51
       51
        
       

     

       52
       52
        
         config = lib.mkMerge [

     

       53
       53
        
           (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {

     

       54
       54
       -
             services.postfix.config = {

     

       54
       54
       +
             services.postfix.settings.main = {

     

       55
       55
        
               sender_canonical_maps = [ "tcp:127.0.0.1:10001" ];

     

       56
       56
        
               sender_canonical_classes = [ "envelope_sender" ];

     

       57
       57
        
               recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ];

+1 -1

nixos/modules/services/mail/postfix-tlspol.nix

···

       135
       135
        
         config = mkMerge [

     

       136
       136
        
           (mkIf (cfg.enable && config.services.postfix.enable && cfg.configurePostfix) {

     

       137
       137
        
             # https://github.com/Zuplu/postfix-tlspol#postfix-configuration

     

       138
       138
       -
             services.postfix.config = {

     

       138
       138
       +
             services.postfix.settings.main = {

     

       139
       139
        
               smtp_dns_support_level = "dnssec";

     

       140
       140
        
               smtp_tls_security_level = "dane";

     

       141
       141
        
               smtp_tls_policy_maps =

+337 -221

nixos/modules/services/mail/postfix.nix

···

       6
       6
        
       }:

     

       7
       7
        
       let

     

       8
       8
        
         inherit (lib)

     

       9
       9
       +
           literalExpression

     

       9
       10
        
           mkOption

     

       10
       11
        
           types

     

       11
       12
        
           ;

     
···

       52
       53
        
             mkEntry = name: value: "${escape name} =${mkVal value}";

     

       53
       54
        
           in

     

       54
       55
        
           lib.concatStringsSep "\n" (

     

       55
       55
       -
             lib.mapAttrsToList mkEntry (lib.filterAttrsRecursive (_: value: value != null) cfg.config)

     

       56
       56
       -
           )

     

       57
       57
       -
           + "\n"

     

       58
       58
       -
           + cfg.extraConfig;

     

       56
       56
       +
             lib.mapAttrsToList mkEntry (lib.filterAttrsRecursive (_: value: value != null) cfg.settings.main)

     

       57
       57
       +
           );

     

       59
       58
        
       

     

       60
       59
        
         masterCfOptions =

     

       61
       60
        
           {

     
···

       236
       235
        
               ""

     

       237
       236
        
             ];

     

       238
       237
        
       

     

       239
       239
       -
             masterCf = lib.mapAttrsToList (lib.const (lib.getAttr "rawEntry")) cfg.masterConfig;

     

       238
       238
       +
             masterCf = lib.mapAttrsToList (lib.const (lib.getAttr "rawEntry")) cfg.settings.master;

     

       240
       239
        
       

     

       241
       240
        
             # A list of the maximum width of the columns across all lines and labels

     

       242
       241
        
             maxWidths =

     
···

       341
       340
        
       

     

       342
       341
        
       {

     

       343
       342
        
       

     

       343
       343
       +
         meta.maintainers = with lib.maintainers; [

     

       344
       344
       +
           dotlambda

     

       345
       345
       +
           hexa

     

       346
       346
       +
         ];

     

       347
       347
       +
       

     

       344
       348
        
         ###### interface

     

       345
       349
        
       

     

       346
       350
        
         options = {

     
···

       356
       360
        
             enableSmtp = lib.mkOption {

     

       357
       361
        
               type = lib.types.bool;

     

       358
       362
        
               default = true;

     

       359
       359
       -
               description = "Whether to enable smtp in master.cf.";

     

       363
       363
       +
               description = ''

     

       364
       364
       +
                 Whether to enable the `smtp` service configured in the master.cf.

     

       365
       365
       +
       

     

       366
       366
       +
                 This service listens for plain text SMTP connections on port 25

     

       367
       367
       +
                 and supports explicit TLS via StartTLS.

     

       368
       368
       +
       

     

       369
       369
       +
                 It is the primary port used by SMTP servers to exchange mail.

     

       370
       370
       +
               '';

     

       360
       371
        
             };

     

       361
       372
        
       

     

       362
       373
        
             enableSubmission = lib.mkOption {

     

       363
       374
        
               type = lib.types.bool;

     

       364
       375
        
               default = false;

     

       365
       365
       -
               description = "Whether to enable smtp submission.";

     

       376
       376
       +
               description = "

     

       377
       377
       +
                 Whether to enable the `submission` service configured in master.cf.

     

       378
       378
       +
       

     

       379
       379
       +
                 This service listens for plain text SMTP connections on port 587

     

       380
       380
       +
                 and supports explicit TLS via StartTLS.

     

       381
       381
       +
       

     

       382
       382
       +
                 It is a way for clients to login and submit mails after an inband

     

       383
       383
       +
                 connection upgrade using StartTLS.

     

       384
       384
       +
       

     

       385
       385
       +
                 ::: {.warning}

     

       386
       386
       +
                 [RFC 8314](https://www.rfc-editor.org/rfc/rfc8314) discourages the use

     

       387
       387
       +
                 of explicit TLS for mail submissionn.

     

       388
       388
       +
                 :::

     

       389
       389
       +
               ";

     

       366
       390
        
             };

     

       367
       391
        
       

     

       368
       392
        
             enableSubmissions = lib.mkOption {

     

       369
       393
        
               type = lib.types.bool;

     

       370
       394
        
               default = false;

     

       371
       395
        
               description = ''

     

       372
       372
       -
                 Whether to enable smtp submission via smtps.

     

       396
       396
       +
                 Whether to enable the `submissions` service configured in master.cf.

     

       397
       397
       +
       

     

       398
       398
       +
                 This service listen for implicit TLS connections on port 465.

     

       373
       399
        
       

     

       374
       374
       -
                 According to RFC 8314 this should be preferred

     

       375
       375
       -
                 over STARTTLS for submission of messages by end user clients.

     

       400
       400
       +
                 ::: {.info}

     

       401
       401
       +
                 Per [RFC 8314](https://www.rfc-editor.org/rfc/rfc8314) implicit TLS

     

       402
       402
       +
                 is recommended for mail submission.

     

       403
       403
       +
                 :::

     

       376
       404
        
               '';

     

       377
       405
        
             };

     

       378
       406
        
       

     
···

       444
       472
        
               '';

     

       445
       473
        
             };

     

       446
       474
        
       

     

       447
       447
       -
             networks = lib.mkOption {

     

       448
       448
       -
               type = lib.types.nullOr (lib.types.listOf lib.types.str);

     

       449
       449
       -
               default = null;

     

       450
       450
       -
               example = [ "192.168.0.1/24" ];

     

       451
       451
       -
               description = ''

     

       452
       452
       -
                 Net masks for trusted - allowed to relay mail to third parties -

     

       453
       453
       -
                 hosts. Leave empty to use mynetworks_style configuration or use

     

       454
       454
       -
                 default (localhost-only).

     

       455
       455
       -
               '';

     

       456
       456
       -
             };

     

       457
       457
       -
       

     

       458
       458
       -
             networksStyle = lib.mkOption {

     

       459
       459
       -
               type = lib.types.str;

     

       460
       460
       -
               default = "";

     

       461
       461
       -
               description = ''

     

       462
       462
       -
                 Name of standard way of trusted network specification to use,

     

       463
       463
       -
                 leave blank if you specify it explicitly or if you want to use

     

       464
       464
       -
                 default (localhost-only).

     

       465
       465
       -
               '';

     

       466
       466
       -
             };

     

       467
       467
       -
       

     

       468
       468
       -
             hostname = lib.mkOption {

     

       469
       469
       -
               type = lib.types.str;

     

       470
       470
       -
               default = "";

     

       471
       471
       -
               description = ''

     

       472
       472
       -
                 Hostname to use. Leave blank to use just the hostname of machine.

     

       473
       473
       -
                 It should be FQDN.

     

       474
       474
       -
               '';

     

       475
       475
       -
             };

     

       476
       476
       -
       

     

       477
       477
       -
             domain = lib.mkOption {

     

       478
       478
       -
               type = lib.types.str;

     

       479
       479
       -
               default = "";

     

       480
       480
       -
               description = ''

     

       481
       481
       -
                 Domain to use. Leave blank to use hostname minus first component.

     

       482
       482
       -
               '';

     

       483
       483
       -
             };

     

       484
       484
       -
       

     

       485
       485
       -
             origin = lib.mkOption {

     

       486
       486
       -
               type = lib.types.str;

     

       487
       487
       -
               default = "";

     

       488
       488
       -
               description = ''

     

       489
       489
       -
                 Origin to use in outgoing e-mail. Leave blank to use hostname.

     

       490
       490
       -
               '';

     

       491
       491
       -
             };

     

       492
       492
       -
       

     

       493
       493
       -
             destination = lib.mkOption {

     

       494
       494
       -
               type = lib.types.nullOr (lib.types.listOf lib.types.str);

     

       495
       495
       -
               default = null;

     

       496
       496
       -
               example = [ "localhost" ];

     

       497
       497
       -
               description = ''

     

       498
       498
       -
                 Full (!) list of domains we deliver locally. Leave blank for

     

       499
       499
       -
                 acceptable Postfix default.

     

       500
       500
       -
               '';

     

       501
       501
       -
             };

     

       502
       502
       -
       

     

       503
       503
       -
             relayDomains = lib.mkOption {

     

       504
       504
       -
               type = lib.types.nullOr (lib.types.listOf lib.types.str);

     

       505
       505
       -
               default = null;

     

       506
       506
       -
               example = [ "localdomain" ];

     

       507
       507
       -
               description = ''

     

       508
       508
       -
                 List of domains we agree to relay to. Default is empty.

     

       509
       509
       -
               '';

     

       510
       510
       -
             };

     

       511
       511
       -
       

     

       512
       512
       -
             relayHost = lib.mkOption {

     

       513
       513
       -
               type = lib.types.str;

     

       514
       514
       -
               default = "";

     

       515
       515
       -
               description = ''

     

       516
       516
       -
                 Mail relay for outbound mail.

     

       517
       517
       -
               '';

     

       518
       518
       -
             };

     

       519
       519
       -
       

     

       520
       520
       -
             relayPort = lib.mkOption {

     

       521
       521
       -
               type = lib.types.int;

     

       522
       522
       -
               default = 25;

     

       523
       523
       -
               description = ''

     

       524
       524
       -
                 SMTP port for relay mail relay.

     

       525
       525
       -
               '';

     

       526
       526
       -
             };

     

       527
       527
       -
       

     

       528
       528
       -
             lookupMX = lib.mkOption {

     

       529
       529
       -
               type = lib.types.bool;

     

       530
       530
       -
               default = false;

     

       531
       531
       -
               description = ''

     

       532
       532
       -
                 Whether relay specified is just domain whose MX must be used.

     

       533
       533
       -
               '';

     

       534
       534
       -
             };

     

       535
       535
       -
       

     

       536
       475
        
             postmasterAlias = lib.mkOption {

     

       537
       476
        
               type = lib.types.str;

     

       538
       477
        
               default = "root";

     
···

       572
       511
        
               description = "The format the alias map should have. Use regexp if you want to use regular expressions.";

     

       573
       512
        
             };

     

       574
       513
        
       

     

       575
       575
       -
             config = lib.mkOption {

     

       576
       576
       -
               type = lib.types.submodule {

     

       577
       577
       -
                 freeformType =

     

       578
       578
       -
                   with types;

     

       579
       579
       -
                   attrsOf (

     

       580
       580
       -
                     nullOr (oneOf [

     

       581
       581
       -
                       bool

     

       582
       582
       -
                       int

     

       583
       583
       -
                       str

     

       584
       584
       -
                       (listOf str)

     

       585
       585
       -
                     ])

     

       586
       586
       -
                   );

     

       587
       587
       -
                 options = {

     

       588
       588
       -
                   smtpd_tls_chain_files = mkOption {

     

       589
       589
       -
                     type = with types; listOf path;

     

       590
       590
       -
                     default = [ ];

     

       591
       591
       -
                     example = [

     

       592
       592
       -
                       "/var/lib/acme/mail.example.com/privkey.pem"

     

       593
       593
       -
                       "/var/lib/acme/mail.example.com/fullchain.pem"

     

       594
       594
       -
                     ];

     

       595
       595
       -
                     description = ''

     

       596
       596
       -
                       List of paths to the server private keys and certificates.

     

       514
       514
       +
             settings = {

     

       515
       515
       +
               main = lib.mkOption {

     

       516
       516
       +
                 type = lib.types.submodule {

     

       517
       517
       +
                   freeformType =

     

       518
       518
       +
                     with types;

     

       519
       519
       +
                     attrsOf (

     

       520
       520
       +
                       nullOr (oneOf [

     

       521
       521
       +
                         bool

     

       522
       522
       +
                         int

     

       523
       523
       +
                         str

     

       524
       524
       +
                         (listOf str)

     

       525
       525
       +
                       ])

     

       526
       526
       +
                     );

     

       527
       527
       +
                   options = {

     

       528
       528
       +
                     message_size_limit = mkOption {

     

       529
       529
       +
                       type = with types; nullOr int;

     

       530
       530
       +
                       default = 10240000; # 10 MiB

     

       531
       531
       +
                       example = 52428800; # 50 MiB

     

       532
       532
       +
                       description = ''

     

       533
       533
       +
                         Maximum size of an email message in bytes.

     

       534
       534
       +
       

     

       535
       535
       +
                         <https://www.postfix.org/postconf.5.html#message_size_limit>

     

       536
       536
       +
                       '';

     

       537
       537
       +
                     };

     

       538
       538
       +
       

     

       539
       539
       +
                     mydestination = mkOption {

     

       540
       540
       +
                       type =

     

       541
       541
       +
                         with types;

     

       542
       542
       +
                         nullOr (oneOf [

     

       543
       543
       +
                           str

     

       544
       544
       +
                           (listOf str)

     

       545
       545
       +
                         ]);

     

       546
       546
       +
                       default = [

     

       547
       547
       +
                         "$myhostname"

     

       548
       548
       +
                         "localhost.$mydomain"

     

       549
       549
       +
                         "localhost"

     

       550
       550
       +
                       ];

     

       551
       551
       +
                       description = ''

     

       552
       552
       +
                         List of domain names intended for local delivery using /etc/passwd and /etc/aliases.

     

       553
       553
       +
       

     

       554
       554
       +
                         ::: {.warning}

     

       555
       555
       +
                         Do not include [virtual](https://www.postfix.org/VIRTUAL_README.html) domains in this list.

     

       556
       556
       +
                         :::

     

       557
       557
       +
       

     

       558
       558
       +
                         <https://www.postfix.org/postconf.5.html#mydestination>

     

       559
       559
       +
                       '';

     

       560
       560
       +
                     };

     

       561
       561
       +
       

     

       562
       562
       +
                     myhostname = mkOption {

     

       563
       563
       +
                       type = with types; nullOr types.str;

     

       564
       564
       +
                       default = null;

     

       565
       565
       +
                       example = "mail.example.com";

     

       566
       566
       +
                       description = ''

     

       567
       567
       +
                         The internet hostname of this mail system.

     

       568
       568
       +
       

     

       569
       569
       +
                         Leave unset to default to the system hostname with the {option}`mydomain` suffix.

     

       570
       570
       +
       

     

       571
       571
       +
                         <https://www.postfix.org/postconf.5.html#myhostname>

     

       572
       572
       +
                       '';

     

       573
       573
       +
                     };

     

       574
       574
       +
       

     

       575
       575
       +
                     mynetworks = mkOption {

     

       576
       576
       +
                       type = with types; nullOr (listOf str);

     

       577
       577
       +
                       default = null;

     

       578
       578
       +
                       example = [

     

       579
       579
       +
                         "127.0.0.0/8"

     

       580
       580
       +
                         "::1"

     

       581
       581
       +
                       ];

     

       582
       582
       +
                       description = ''

     

       583
       583
       +
                         List of trusted remote SMTP clients, that are allowed to relay mail.

     

       584
       584
       +
       

     

       585
       585
       +
                         Leave unset to let Postfix populate this list based on the {option}`mynetworks_style` setting.

     

       586
       586
       +
       

     

       587
       587
       +
                         <https://www.postfix.org/postconf.5.html#mynetworks>

     

       588
       588
       +
                       '';

     

       589
       589
       +
                     };

     

       590
       590
       +
       

     

       591
       591
       +
                     mynetworks_style = mkOption {

     

       592
       592
       +
                       type =

     

       593
       593
       +
                         with types;

     

       594
       594
       +
                         nullOr (enum [

     

       595
       595
       +
                           "host"

     

       596
       596
       +
                           "subnet"

     

       597
       597
       +
                           "class"

     

       598
       598
       +
                         ]);

     

       599
       599
       +
                       default = "host";

     

       600
       600
       +
                       description = ''

     

       601
       601
       +
                         The method used for generating the default value for {option}`mynetworks`, if that option is unset.

     

       597
       602
        
       

     

       598
       598
       -
                       ::: {.caution}

     

       599
       599
       -
                       The order of items matters and a private key must always be followed by the corresponding certificate.

     

       600
       600
       -
                       :::

     

       603
       603
       +
                         <https://www.postfix.org/postconf.5.html#mynetworks_style>

     

       604
       604
       +
                       '';

     

       605
       605
       +
                     };

     

       601
       606
        
       

     

       602
       602
       -
                       <https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files>

     

       603
       603
       -
                     '';

     

       604
       604
       -
                   };

     

       607
       607
       +
                     recipient_delimiter = lib.mkOption {

     

       608
       608
       +
                       type = with types; nullOr str;

     

       609
       609
       +
                       default = "";

     

       610
       610
       +
                       example = "+";

     

       611
       611
       +
                       description = ''

     

       612
       612
       +
                         Set of characters used as the delimiters for address extensions.

     

       605
       613
        
       

     

       606
       606
       -
                   smtpd_tls_security_level = mkOption {

     

       607
       607
       -
                     type = types.enum [

     

       608
       608
       -
                       "none"

     

       609
       609
       -
                       "may"

     

       610
       610
       -
                       "encrypt"

     

       611
       611
       -
                     ];

     

       612
       612
       -
                     default = if config.services.postfix.config.smtpd_tls_chain_files != [ ] then "may" else "none";

     

       613
       613
       -
                     defaultText = lib.literalExpression ''

     

       614
       614
       -
                       if config.services.postfix.config.smtpd_tls_chain_files != [ ] then "may" else "none"

     

       615
       615
       -
                     '';

     

       616
       616
       -
                     example = "may";

     

       617
       617
       -
                     description = ''

     

       618
       618
       -
                       The server TLS security level. Enable TLS by configuring at least `may`.

     

       614
       614
       +
                         This allows creating different forwarding rules per extension.

     

       619
       615
        
       

     

       620
       620
       -
                       <https://www.postfix.org/postconf.5.html#smtpd_tls_security_level>

     

       621
       621
       -
                     '';

     

       616
       616
       +
                         <https://www.postfix.org/postconf.5.html#recipient_delimiter>

     

       617
       617
       +
                       '';

     

       618
       618
       +
                     };

     

       619
       619
       +
       

     

       620
       620
       +
                     relayhost = mkOption {

     

       621
       621
       +
                       type = with types; nullOr (listOf str);

     

       622
       622
       +
                       default = [ ];

     

       623
       623
       +
                       example = [ "[relay.example.com]:587" ];

     

       624
       624
       +
                       description = ''

     

       625
       625
       +
                         List of hosts to use for relaying outbound mail.

     

       626
       626
       +
       

     

       627
       627
       +
                         ::: {.note}

     

       628
       628
       +
                         Putting the hostname in angled brackets, e.g. `[relay.example.com]`, turns off MX and SRV lookups for the hostname.

     

       629
       629
       +
                         :::

     

       630
       630
       +
       

     

       631
       631
       +
                         <https://www.postfix.org/postconf.5.html#relayhost>

     

       632
       632
       +
                       '';

     

       633
       633
       +
                     };

     

       634
       634
       +
       

     

       635
       635
       +
                     relay_domains = mkOption {

     

       636
       636
       +
                       type = with types; nullOr (listOf str);

     

       637
       637
       +
                       default = [ ];

     

       638
       638
       +
                       example = [ "lists.example.com" ];

     

       639
       639
       +
                       description = ''

     

       640
       640
       +
                         List of domains delivered via the relay transport.

     

       641
       641
       +
       

     

       642
       642
       +
                         <https://www.postfix.org/postconf.5.html#relay_domains>

     

       643
       643
       +
                       '';

     

       644
       644
       +
                     };

     

       645
       645
       +
       

     

       646
       646
       +
                     smtp_tls_CAfile = mkOption {

     

       647
       647
       +
                       type = types.path;

     

       648
       648
       +
                       default = config.security.pki.caBundle;

     

       649
       649
       +
                       defaultText = literalExpression ''

     

       650
       650
       +
                         config.security.pki.caBundle

     

       651
       651
       +
                       '';

     

       652
       652
       +
                       example = literalExpression ''

     

       653
       653
       +
                         ''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt

     

       654
       654
       +
                       '';

     

       655
       655
       +
                       description = ''

     

       656
       656
       +
                         File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates.

     

       657
       657
       +
       

     

       658
       658
       +
                         Defaults to the system CA bundle that is managed through the `security.pki` options.

     

       659
       659
       +
       

     

       660
       660
       +
                         <https://www.postfix.org/postconf.5.html#smtp_tls_CAfile>

     

       661
       661
       +
                       '';

     

       662
       662
       +
                     };

     

       663
       663
       +
       

     

       664
       664
       +
                     smtp_tls_security_level = mkOption {

     

       665
       665
       +
                       type = types.enum [

     

       666
       666
       +
                         "none"

     

       667
       667
       +
                         "may"

     

       668
       668
       +
                         "encrypt"

     

       669
       669
       +
                         "dane"

     

       670
       670
       +
                         "dane-only"

     

       671
       671
       +
                         "fingerprint"

     

       672
       672
       +
                         "verify"

     

       673
       673
       +
                         "secure"

     

       674
       674
       +
                       ];

     

       675
       675
       +
                       default = "may";

     

       676
       676
       +
                       description = ''

     

       677
       677
       +
                         The client TLS security level.

     

       678
       678
       +
       

     

       679
       679
       +
                         ::: {.tip}

     

       680
       680
       +
                         Use `dane` with a local DNSSEC validating DNS resolver enabled.

     

       681
       681
       +
                         :::

     

       682
       682
       +
       

     

       683
       683
       +
                         <https://www.postfix.org/postconf.5.html#smtp_tls_security_level>

     

       684
       684
       +
                       '';

     

       685
       685
       +
                     };

     

       686
       686
       +
       

     

       687
       687
       +
                     smtpd_tls_chain_files = mkOption {

     

       688
       688
       +
                       type = with types; listOf path;

     

       689
       689
       +
                       default = [ ];

     

       690
       690
       +
                       example = [

     

       691
       691
       +
                         "/var/lib/acme/mail.example.com/privkey.pem"

     

       692
       692
       +
                         "/var/lib/acme/mail.example.com/fullchain.pem"

     

       693
       693
       +
                       ];

     

       694
       694
       +
                       description = ''

     

       695
       695
       +
                         List of paths to the server private keys and certificates.

     

       696
       696
       +
       

     

       697
       697
       +
                         ::: {.caution}

     

       698
       698
       +
                         The order of items matters and a private key must always be followed by the corresponding certificate.

     

       699
       699
       +
                         :::

     

       700
       700
       +
       

     

       701
       701
       +
                         <https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files>

     

       702
       702
       +
                       '';

     

       703
       703
       +
                     };

     

       704
       704
       +
       

     

       705
       705
       +
                     smtpd_tls_security_level = mkOption {

     

       706
       706
       +
                       type = types.enum [

     

       707
       707
       +
                         "none"

     

       708
       708
       +
                         "may"

     

       709
       709
       +
                         "encrypt"

     

       710
       710
       +
                       ];

     

       711
       711
       +
                       default =

     

       712
       712
       +
                         if config.services.postfix.settings.main.smtpd_tls_chain_files != [ ] then "may" else "none";

     

       713
       713
       +
                       defaultText = lib.literalExpression ''

     

       714
       714
       +
                         if config.services.postfix.settings.main.smtpd_tls_chain_files != [ ] then "may" else "none"

     

       715
       715
       +
                       '';

     

       716
       716
       +
                       example = "may";

     

       717
       717
       +
                       description = ''

     

       718
       718
       +
                         The server TLS security level. Enable TLS by configuring at least `may`.

     

       719
       719
       +
       

     

       720
       720
       +
                         <https://www.postfix.org/postconf.5.html#smtpd_tls_security_level>

     

       721
       721
       +
                       '';

     

       722
       722
       +
                     };

     

       622
       723
        
                   };

     

       623
       724
        
                 };

     

       624
       624
       -
               };

     

       625
       725
        
       

     

       626
       626
       -
               description = ''

     

       627
       627
       -
                 The main.cf configuration file as key value set.

     

       726
       726
       +
                 description = ''

     

       727
       727
       +
                   The main.cf configuration file as key value set.

     

       628
       728
        
       

     

       629
       629
       -
                 Null values will not be rendered.

     

       630
       630
       -
               '';

     

       631
       631
       -
               example = {

     

       632
       632
       -
                 mail_owner = "postfix";

     

       633
       633
       -
                 smtp_tls_security_level = "may";

     

       729
       729
       +
                   Null values will not be rendered.

     

       730
       730
       +
       

     

       731
       731
       +
                   ::: {.tip}

     

       732
       732
       +
                   Check `postconf -d` for the default values of all settings.

     

       733
       733
       +
                   :::

     

       734
       734
       +
                 '';

     

       735
       735
       +
                 example = {

     

       736
       736
       +
                   mail_owner = "postfix";

     

       737
       737
       +
                   smtp_tls_security_level = "may";

     

       738
       738
       +
                 };

     

       634
       739
        
               };

     

       635
       635
       -
             };

     

       636
       740
        
       

     

       637
       637
       -
             extraConfig = lib.mkOption {

     

       638
       638
       -
               type = lib.types.lines;

     

       639
       639
       -
               default = "";

     

       640
       640
       -
               description = ''

     

       641
       641
       -
                 Extra lines to be added verbatim to the main.cf configuration file.

     

       642
       642
       -
               '';

     

       643
       643
       -
             };

     

       741
       741
       +
               master = lib.mkOption {

     

       742
       742
       +
                 type = lib.types.attrsOf (lib.types.submodule masterCfOptions);

     

       743
       743
       +
                 default = { };

     

       744
       744
       +
                 example = {

     

       745
       745
       +
                   submission = {

     

       746
       746
       +
                     type = "inet";

     

       747
       747
       +
                     args = [

     

       748
       748
       +
                       "-o"

     

       749
       749
       +
                       "smtpd_tls_security_level=encrypt"

     

       750
       750
       +
                     ];

     

       751
       751
       +
                   };

     

       752
       752
       +
                 };

     

       753
       753
       +
                 description = ''

     

       754
       754
       +
                   The {file}`master.cf` configuration file as an attribute set of service

     

       755
       755
       +
                   defitions

     

       644
       756
        
       

     

       645
       645
       -
             tlsTrustedAuthorities = lib.mkOption {

     

       646
       646
       -
               type = lib.types.str;

     

       647
       647
       -
               default = config.security.pki.caBundle;

     

       648
       648
       -
               defaultText = lib.literalExpression "config.security.pki.caBundle";

     

       649
       649
       -
               example = lib.literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"'';

     

       650
       650
       -
               description = ''

     

       651
       651
       -
                 File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery. This sets [smtp_tls_CAfile](https://www.postfix.org/postconf.5.html#smtp_tls_CAfile). Defaults to system trusted certificates (see `security.pki.*` options).

     

       652
       652
       -
               '';

     

       653
       653
       -
             };

     

       757
       757
       +
                   ::: {.tip}

     

       758
       758
       +
                   Check <https://www.postfix.org/master.5.html> for possible settings.

     

       759
       759
       +
                   :::

     

       760
       760
       +
                 '';

     

       761
       761
       +
               };

     

       654
       762
        
       

     

       655
       655
       -
             recipientDelimiter = lib.mkOption {

     

       656
       656
       -
               type = lib.types.str;

     

       657
       657
       -
               default = "";

     

       658
       658
       -
               example = "+";

     

       659
       659
       -
               description = ''

     

       660
       660
       -
                 Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test

     

       661
       661
       -
               '';

     

       662
       763
        
             };

     

       663
       764
        
       

     

       664
       765
        
             canonical = lib.mkOption {

     
···

       720
       821
        
               default = "";

     

       721
       822
        
               type = lib.types.lines;

     

       722
       823
        
               description = "contents of check_client_access for overriding dnsBlacklists";

     

       723
       723
       -
             };

     

       724
       724
       -
       

     

       725
       725
       -
             masterConfig = lib.mkOption {

     

       726
       726
       -
               type = lib.types.attrsOf (lib.types.submodule masterCfOptions);

     

       727
       727
       -
               default = { };

     

       728
       728
       -
               example = {

     

       729
       729
       -
                 submission = {

     

       730
       730
       -
                   type = "inet";

     

       731
       731
       -
                   args = [

     

       732
       732
       -
                     "-o"

     

       733
       733
       -
                     "smtpd_tls_security_level=encrypt"

     

       734
       734
       -
                   ];

     

       735
       735
       -
                 };

     

       736
       736
       -
               };

     

       737
       737
       -
               description = ''

     

       738
       738
       -
                 An attribute set of service options, which correspond to the service

     

       739
       739
       -
                 definitions usually done within the Postfix

     

       740
       740
       -
                 {file}`master.cf` file.

     

       741
       741
       -
               '';

     

       742
       824
        
             };

     

       743
       825
        
       

     

       744
       826
        
             extraMasterConf = lib.mkOption {

     
···

       941
       1023
        
                 };

     

       942
       1024
        
               };

     

       943
       1025
        
       

     

       944
       944
       -
               services.postfix.config =

     

       1026
       1026
       +
               services.postfix.settings.main =

     

       945
       1027
        
                 (lib.mapAttrs (_: v: lib.mkDefault v) {

     

       946
       1028
        
                   compatibility_level = pkgs.postfix.version;

     

       947
       1029
        
                   mail_owner = cfg.user;

     
···

       966
       1048
        
                   mail_spool_directory = "/var/spool/mail/";

     

       967
       1049
        
                   setgid_group = cfg.setgidGroup;

     

       968
       1050
        
                 })

     

       969
       969
       -
                 // lib.optionalAttrs (cfg.relayHost != "") {

     

       970
       970
       -
                   relayhost =

     

       971
       971
       -
                     if cfg.lookupMX then

     

       972
       972
       -
                       "${cfg.relayHost}:${toString cfg.relayPort}"

     

       973
       973
       -
                     else

     

       974
       974
       -
                       "[${cfg.relayHost}]:${toString cfg.relayPort}";

     

       975
       975
       -
                 }

     

       976
       976
       -
                 // lib.optionalAttrs (!config.networking.enableIPv6) { inet_protocols = lib.mkDefault "ipv4"; }

     

       977
       977
       -
                 // lib.optionalAttrs (cfg.networks != null) { mynetworks = cfg.networks; }

     

       978
       978
       -
                 // lib.optionalAttrs (cfg.networksStyle != "") { mynetworks_style = cfg.networksStyle; }

     

       979
       979
       -
                 // lib.optionalAttrs (cfg.hostname != "") { myhostname = cfg.hostname; }

     

       980
       980
       -
                 // lib.optionalAttrs (cfg.domain != "") { mydomain = cfg.domain; }

     

       981
       981
       -
                 // lib.optionalAttrs (cfg.origin != "") { myorigin = cfg.origin; }

     

       982
       982
       -
                 // lib.optionalAttrs (cfg.destination != null) { mydestination = cfg.destination; }

     

       983
       983
       -
                 // lib.optionalAttrs (cfg.relayDomains != null) { relay_domains = cfg.relayDomains; }

     

       984
       984
       -
                 // lib.optionalAttrs (cfg.recipientDelimiter != "") {

     

       985
       985
       -
                   recipient_delimiter = cfg.recipientDelimiter;

     

       986
       986
       -
                 }

     

       987
       1051
        
                 // lib.optionalAttrs haveAliases { alias_maps = [ "${cfg.aliasMapType}:/etc/postfix/aliases" ]; }

     

       988
       1052
        
                 // lib.optionalAttrs haveTransport { transport_maps = [ "hash:/etc/postfix/transport" ]; }

     

       989
       1053
        
                 // lib.optionalAttrs haveVirtual {

     
···

       998
       1062
        
                 // lib.optionalAttrs (cfg.dnsBlacklists != [ ]) { smtpd_client_restrictions = clientRestrictions; }

     

       999
       1063
        
                 // lib.optionalAttrs cfg.enableHeaderChecks {

     

       1000
       1064
        
                   header_checks = [ "regexp:/etc/postfix/header_checks" ];

     

       1001
       1001
       -
                 }

     

       1002
       1002
       -
                 // lib.optionalAttrs (cfg.tlsTrustedAuthorities != "") {

     

       1003
       1003
       -
                   smtp_tls_CAfile = cfg.tlsTrustedAuthorities;

     

       1004
       1004
       -
                   smtp_tls_security_level = lib.mkDefault "may";

     

       1005
       1065
        
                 };

     

       1006
       1066
        
       

     

       1007
       1007
       -
               services.postfix.masterConfig = {

     

       1067
       1067
       +
               services.postfix.settings.master = {

     

       1008
       1068
        
                 pickup = {

     

       1009
       1069
        
                   private = false;

     

       1010
       1070
        
                   wakeup = 60;

     
···

       1163
       1223
        
       

     

       1164
       1224
        
         imports = [

     

       1165
       1225
        
           (lib.mkRemovedOptionModule [ "services" "postfix" "sslCACert" ]

     

       1166
       1166
       -
             "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig."

     

       1226
       1226
       +
             "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.settings.main.smtp_tls_CAfile."

     

       1167
       1227
        
           )

     

       1168
       1228
        
           (lib.mkRemovedOptionModule [ "services" "postfix" "sslCert" ]

     

       1169
       1169
       -
             "services.postfix.sslCert was removed. Use services.postfix.config.smtpd_tls_chain_files for the server certificate, or services.postfix.config.smtp_tls_chain_files for the client certificate."

     

       1229
       1229
       +
             "services.postfix.sslCert was removed. Use services.postfix.settings.main.smtpd_tls_chain_files for the server certificate, or services.postfix.settings.main.smtp_tls_chain_files for the client certificate."

     

       1170
       1230
        
           )

     

       1171
       1231
        
           (lib.mkRemovedOptionModule [ "services" "postfix" "sslKey" ]

     

       1172
       1172
       -
             "services.postfix.sslKey was removed. Use services.postfix.config.smtpd_tls_chain_files for server private key, or services.postfix.config.smtp_tls_chain_files for the client private key."

     

       1232
       1232
       +
             "services.postfix.sslKey was removed. Use services.postfix.settings.main.smtpd_tls_chain_files for server private key, or services.postfix.settings.main.smtp_tls_chain_files for the client private key."

     

       1233
       1233
       +
           )

     

       1234
       1234
       +
           (lib.mkRemovedOptionModule [ "services" "postfix" "lookupMX" ]

     

       1235
       1235
       +
             "services.postfix.lookupMX was removed. Use services.postfix.settings.main.relayhost and put the hostname in angled brackets, if you need to turn off MX and SRV lookups."

     

       1236
       1236
       +
           )

     

       1237
       1237
       +
           (lib.mkRemovedOptionModule [ "services" "postfix" "relayHost" ]

     

       1238
       1238
       +
             "services.postfix.relayHost was removed in favor of services.postfix.settings.main.relayhost, which now takes a list of host/port."

     

       1239
       1239
       +
           )

     

       1240
       1240
       +
           (lib.mkRemovedOptionModule [ "services" "postfix" "relayPort" ]

     

       1241
       1241
       +
             "services.postfix.relayHost was removed in favor of services.postfix.settings.main.relayhost, which now takes a list of host/port."

     

       1242
       1242
       +
           )

     

       1243
       1243
       +
           (lib.mkRemovedOptionModule [ "services" "postfix" "extraConfig" ]

     

       1244
       1244
       +
             "services.postfix.extraConfig was replaced by the structured freeform service.postfix.settings.main option."

     

       1245
       1245
       +
           )

     

       1246
       1246
       +
           (lib.mkRenamedOptionModule

     

       1247
       1247
       +
             [ "services" "postfix" "networks" ]

     

       1248
       1248
       +
             [ "services" "postfix" "settings" "main" "mynetworks" ]

     

       1249
       1249
       +
           )

     

       1250
       1250
       +
           (lib.mkRenamedOptionModule

     

       1251
       1251
       +
             [ "services" "postfix" "networkStyle" ]

     

       1252
       1252
       +
             [ "services" "postfix" "settings" "main" "mynetworks_style" ]

     

       1253
       1253
       +
           )

     

       1254
       1254
       +
           (lib.mkRenamedOptionModule

     

       1255
       1255
       +
             [ "services" "postfix" "hostname" ]

     

       1256
       1256
       +
             [ "services" "postfix" "settings" "main" "myhostname" ]

     

       1257
       1257
       +
           )

     

       1258
       1258
       +
           (lib.mkRenamedOptionModule

     

       1259
       1259
       +
             [ "services" "postfix" "domain" ]

     

       1260
       1260
       +
             [ "services" "postfix" "settings" "main" "mydomain" ]

     

       1261
       1261
       +
           )

     

       1262
       1262
       +
           (lib.mkRenamedOptionModule

     

       1263
       1263
       +
             [ "services" "postfix" "origin" ]

     

       1264
       1264
       +
             [ "services" "postfix" "settings" "main" "myorigin" ]

     

       1265
       1265
       +
           )

     

       1266
       1266
       +
           (lib.mkRenamedOptionModule

     

       1267
       1267
       +
             [ "services" "postfix" "destination" ]

     

       1268
       1268
       +
             [ "services" "postfix" "settings" "main" "mydestination" ]

     

       1269
       1269
       +
           )

     

       1270
       1270
       +
           (lib.mkRenamedOptionModule

     

       1271
       1271
       +
             [ "services" "postfix" "relayDomains" ]

     

       1272
       1272
       +
             [ "services" "postfix" "settings" "main" "relay_domains" ]

     

       1273
       1273
       +
           )

     

       1274
       1274
       +
           (lib.mkRenamedOptionModule

     

       1275
       1275
       +
             [ "services" "postfix" "recipientDelimiter" ]

     

       1276
       1276
       +
             [ "services" "postfix" "settings" "main" "recipient_delimiter" ]

     

       1277
       1277
       +
           )

     

       1278
       1278
       +
           (lib.mkRenamedOptionModule

     

       1279
       1279
       +
             [ "services" "postfix" "tlsTrustedAuthoriies" ]

     

       1280
       1280
       +
             [ "services" "postfix" "settings" "main" "smtp_tls_CAfile" ]

     

       1281
       1281
       +
           )

     

       1282
       1282
       +
           (lib.mkRenamedOptionModule

     

       1283
       1283
       +
             [ "services" "postfix" "config" ]

     

       1284
       1284
       +
             [ "services" "postfix" "settings" "main" ]

     

       1285
       1285
       +
           )

     

       1286
       1286
       +
           (lib.mkRenamedOptionModule

     

       1287
       1287
       +
             [ "services" "postfix" "masterConfig" ]

     

       1288
       1288
       +
             [ "services" "postfix" "settings" "master" ]

     

       1173
       1289
        
           )

     

       1174
       1290
        
       

     

       1175
       1291
        
           (lib.mkChangedOptionModule

     

       1176
       1292
        
             [ "services" "postfix" "useDane" ]

     

       1177
       1177
       -
             [ "services" "postfix" "config" "smtp_tls_security_level" ]

     

       1293
       1293
       +
             [ "services" "postfix" "settings" "main" "smtp_tls_security_level" ]

     

       1178
       1294
        
             (config: lib.mkIf config.services.postfix.useDane "dane")

     

       1179
       1295
        
           )

     

       1180
       1296
        
           (lib.mkRenamedOptionModule [ "services" "postfix" "useSrs" ] [ "services" "pfix-srsd" "enable" ])

+1 -1

nixos/modules/services/mail/postsrsd.nix

···

       235
       235
        
       

     

       236
       236
        
         config = lib.mkMerge [

     

       237
       237
        
           (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) {

     

       238
       238
       -
             services.postfix.config = {

     

       238
       238
       +
             services.postfix.settings.main = {

     

       239
       239
        
               # https://github.com/roehling/postsrsd#configuration

     

       240
       240
        
               sender_canonical_maps = "socketmap:${cfg.settings.socketmap}:forward";

     

       241
       241
        
               sender_canonical_classes = "envelope_sender";

+2 -2

nixos/modules/services/mail/public-inbox.nix

···

       426
       426
        
           };

     

       427
       427
        
           services.postfix = mkIf (cfg.postfix.enable && cfg.mda.enable) {

     

       428
       428
        
             # Not sure limiting to 1 is necessary, but better safe than sorry.

     

       429
       429
       -
             config.public-inbox_destination_recipient_limit = "1";

     

       429
       429
       +
             settings.main.public-inbox_destination_recipient_limit = "1";

     

       430
       430
        
       

     

       431
       431
        
             # Register the addresses as existing

     

       432
       432
        
             virtual = concatStringsSep "\n" (

     
···

       443
       443
        
             );

     

       444
       444
        
       

     

       445
       445
        
             # The public-inbox transport

     

       446
       446
       -
             masterConfig.public-inbox = {

     

       446
       446
       +
             settings.master.public-inbox = {

     

       447
       447
        
               type = "unix";

     

       448
       448
        
               privileged = true; # Required for user=

     

       449
       449
        
               command = "pipe";

+1 -1

nixos/modules/services/mail/rspamd.nix

···

       451
       451
        
               '';

     

       452
       452
        
             };

     

       453
       453
        
           };

     

       454
       454
       -
           services.postfix.config = mkIf cfg.postfix.enable cfg.postfix.config;

     

       454
       454
       +
           services.postfix.settings.main = mkIf cfg.postfix.enable cfg.postfix.config;

     

       455
       455
        
       

     

       456
       456
        
           systemd.services.postfix = mkIf cfg.postfix.enable {

     

       457
       457
        
             serviceConfig.SupplementaryGroups = [ postfixCfg.group ];

+1 -3

nixos/modules/services/mail/schleuder.nix

···

       115
       115
        
                 flags=DRhu user=schleuder argv=/${pkgs.schleuder}/bin/schleuder work ''${recipient}

     

       116
       116
        
             '';

     

       117
       117
        
             transport = lib.mkIf (cfg.lists != [ ]) (postfixMap (lib.genAttrs cfg.lists (_: "schleuder:")));

     

       118
       118
       -
             extraConfig = ''

     

       119
       119
       -
               schleuder_destination_recipient_limit = 1

     

       120
       120
       -
             '';

     

       118
       118
       +
             settings.main.schleuder_destination_recipient_limit = 1;

     

       121
       119
        
             # review: does this make sense?

     

       122
       120
        
             localRecipients = lib.mkIf (cfg.lists != [ ]) cfg.lists;

     

       123
       121
        
           };

+38 -36

nixos/modules/services/mail/sympa.nix

···

       585
       585
        
       

     

       586
       586
        
           services.postfix = lib.mkIf (cfg.mta.type == "postfix") {

     

       587
       587
        
             enable = true;

     

       588
       588
       -
             recipientDelimiter = "+";

     

       589
       589
       -
             config = {

     

       590
       590
       -
               virtual_alias_maps = [ "hash:${dataDir}/virtual.sympa" ];

     

       591
       591
       -
               virtual_mailbox_maps = [

     

       592
       592
       -
                 "hash:${dataDir}/transport.sympa"

     

       593
       593
       -
                 "hash:${dataDir}/sympa_transport"

     

       594
       594
       -
                 "hash:${dataDir}/virtual.sympa"

     

       595
       595
       -
               ];

     

       596
       596
       -
               virtual_mailbox_domains = [ "hash:${dataDir}/transport.sympa" ];

     

       597
       597
       -
               transport_maps = [

     

       598
       598
       -
                 "hash:${dataDir}/transport.sympa"

     

       599
       599
       -
                 "hash:${dataDir}/sympa_transport"

     

       600
       600
       -
               ];

     

       601
       601
       -
             };

     

       602
       602
       -
             masterConfig = {

     

       603
       603
       -
               "sympa" = {

     

       604
       604
       -
                 type = "unix";

     

       605
       605
       -
                 privileged = true;

     

       606
       606
       -
                 chroot = false;

     

       607
       607
       -
                 command = "pipe";

     

       608
       608
       -
                 args = [

     

       609
       609
       -
                   "flags=hqRu"

     

       610
       610
       -
                   "user=${user}"

     

       611
       611
       -
                   "argv=${pkg}/libexec/queue"

     

       612
       612
       -
                   "\${nexthop}"

     

       588
       588
       +
             settings = {

     

       589
       589
       +
               main = {

     

       590
       590
       +
                 recipient_delimiter = "+";

     

       591
       591
       +
                 virtual_alias_maps = [ "hash:${dataDir}/virtual.sympa" ];

     

       592
       592
       +
                 virtual_mailbox_maps = [

     

       593
       593
       +
                   "hash:${dataDir}/transport.sympa"

     

       594
       594
       +
                   "hash:${dataDir}/sympa_transport"

     

       595
       595
       +
                   "hash:${dataDir}/virtual.sympa"

     

       613
       596
        
                 ];

     

       614
       614
       -
               };

     

       615
       615
       -
               "sympabounce" = {

     

       616
       616
       -
                 type = "unix";

     

       617
       617
       -
                 privileged = true;

     

       618
       618
       -
                 chroot = false;

     

       619
       619
       -
                 command = "pipe";

     

       620
       620
       -
                 args = [

     

       621
       621
       -
                   "flags=hqRu"

     

       622
       622
       -
                   "user=${user}"

     

       623
       623
       -
                   "argv=${pkg}/libexec/bouncequeue"

     

       624
       624
       -
                   "\${nexthop}"

     

       597
       597
       +
                 virtual_mailbox_domains = [ "hash:${dataDir}/transport.sympa" ];

     

       598
       598
       +
                 transport_maps = [

     

       599
       599
       +
                   "hash:${dataDir}/transport.sympa"

     

       600
       600
       +
                   "hash:${dataDir}/sympa_transport"

     

       625
       601
        
                 ];

     

       602
       602
       +
               };

     

       603
       603
       +
               master = {

     

       604
       604
       +
                 "sympa" = {

     

       605
       605
       +
                   type = "unix";

     

       606
       606
       +
                   privileged = true;

     

       607
       607
       +
                   chroot = false;

     

       608
       608
       +
                   command = "pipe";

     

       609
       609
       +
                   args = [

     

       610
       610
       +
                     "flags=hqRu"

     

       611
       611
       +
                     "user=${user}"

     

       612
       612
       +
                     "argv=${pkg}/libexec/queue"

     

       613
       613
       +
                     "\${nexthop}"

     

       614
       614
       +
                   ];

     

       615
       615
       +
                 };

     

       616
       616
       +
                 "sympabounce" = {

     

       617
       617
       +
                   type = "unix";

     

       618
       618
       +
                   privileged = true;

     

       619
       619
       +
                   chroot = false;

     

       620
       620
       +
                   command = "pipe";

     

       621
       621
       +
                   args = [

     

       622
       622
       +
                     "flags=hqRu"

     

       623
       623
       +
                     "user=${user}"

     

       624
       624
       +
                     "argv=${pkg}/libexec/bouncequeue"

     

       625
       625
       +
                     "\${nexthop}"

     

       626
       626
       +
                   ];

     

       627
       627
       +
                 };

     

       626
       628
        
               };

     

       627
       629
        
             };

     

       628
       630
        
           };

+1 -1

nixos/modules/services/mail/zeyple.nix

···

       128
       128
        
               -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128

     

       129
       129
        
           '';

     

       130
       130
        
       

     

       131
       131
       -
           services.postfix.extraConfig = "content_filter = zeyple";

     

       131
       131
       +
           services.postfix.settings.main.content_filter = "zeyple";

     

       132
       132
        
         };

     

       133
       133
        
       }

+2 -2

nixos/modules/services/monitoring/parsedmarc.nix

···

       427
       427
        
       

     

       428
       428
        
           services.postfix = lib.mkIf cfg.provision.localMail.enable {

     

       429
       429
        
             enable = true;

     

       430
       430
       -
             origin = cfg.provision.localMail.hostname;

     

       431
       431
       -
             config = {

     

       430
       430
       +
             settings.main = {

     

       432
       431
        
               myhostname = cfg.provision.localMail.hostname;

     

       432
       432
       +
               myorigin = cfg.provision.localMail.hostname;

     

       433
       433
        
               mydestination = cfg.provision.localMail.hostname;

     

       434
       434
        
             };

     

       435
       435
        
           };

+10 -6

nixos/modules/services/web-apps/discourse.nix

···

       1076
       1076
        
       

     

       1077
       1077
        
           services.postfix = lib.mkIf cfg.mail.incoming.enable {

     

       1078
       1078
        
             enable = true;

     

       1079
       1079
       -
             sslCert = lib.optionalString (cfg.sslCertificate != null) cfg.sslCertificate;

     

       1080
       1080
       -
             sslKey = lib.optionalString (cfg.sslCertificateKey != null) cfg.sslCertificateKey;

     

       1081
       1079
        
       

     

       1082
       1082
       -
             origin = cfg.hostname;

     

       1083
       1083
       -
             relayDomains = [ cfg.hostname ];

     

       1084
       1084
       -
             config = {

     

       1080
       1080
       +
             settings.main = {

     

       1085
       1081
        
               smtpd_recipient_restrictions = "check_policy_service unix:private/discourse-policy";

     

       1086
       1082
        
               append_dot_mydomain = lib.mkDefault false;

     

       1087
       1083
        
               compatibility_level = "2";

     

       1088
       1084
        
               smtputf8_enable = false;

     

       1089
       1085
        
               smtpd_banner = lib.mkDefault "ESMTP server";

     

       1086
       1086
       +
               smtpd_tls_chain_files =

     

       1087
       1087
       +
                 lib.optionals (cfg.sslCertificate != null && cfg.sslCertificateKey != null)

     

       1088
       1088
       +
                   [

     

       1089
       1089
       +
                     cfg.sslCertificateKey

     

       1090
       1090
       +
                     cfg.sslCertificate

     

       1091
       1091
       +
                   ];

     

       1090
       1092
        
               myhostname = lib.mkDefault cfg.hostname;

     

       1091
       1093
        
               mydestination = lib.mkDefault "localhost";

     

       1094
       1094
       +
               myorigin = cfg.hostname;

     

       1095
       1095
       +
               relay_domains = [ cfg.hostname ];

     

       1092
       1096
        
             };

     

       1093
       1097
        
             transport = ''

     

       1094
       1098
        
               ${cfg.hostname} discourse-mail-receiver:

     

       1095
       1099
        
             '';

     

       1096
       1096
       -
             masterConfig = {

     

       1100
       1100
       +
             settings.master = {

     

       1097
       1101
        
               "discourse-mail-receiver" = {

     

       1098
       1102
        
                 type = "unix";

     

       1099
       1103
        
                 privileged = true;

+1 -1

nixos/modules/services/web-apps/mastodon.nix

···

       1100
       1100
        
       

     

       1101
       1101
        
               services.postfix = lib.mkIf (cfg.smtp.createLocally && cfg.smtp.host == "127.0.0.1") {

     

       1102
       1102
        
                 enable = true;

     

       1103
       1103
       -
                 hostname = lib.mkDefault "${cfg.localDomain}";

     

       1103
       1103
       +
                 settings.main.myhostname = lib.mkDefault "${cfg.localDomain}";

     

       1104
       1104
        
               };

     

       1105
       1105
        
       

     

       1106
       1106
        
               services.redis.servers.mastodon = lib.mkIf redisActuallyCreateLocally (

+1 -1

nixos/modules/services/web-apps/peertube.nix

···

       959
       959
        
       

     

       960
       960
        
           services.postfix = lib.mkIf cfg.smtp.createLocally {

     

       961
       961
        
             enable = true;

     

       962
       962
       -
             hostname = lib.mkDefault "${cfg.localDomain}";

     

       962
       962
       +
             settings.main.myhostname = lib.mkDefault "${cfg.localDomain}";

     

       963
       963
        
           };

     

       964
       964
        
       

     

       965
       965
        
           users.users = lib.mkMerge [

+8 -5

nixos/tests/alps.nix

···

       27
       27
        
               enable = true;

     

       28
       28
        
               enableSubmission = true;

     

       29
       29
        
               enableSubmissions = true;

     

       30
       30
       -
               tlsTrustedAuthorities = "${certs.ca.cert}";

     

       31
       31
       -
               config.smtpd_tls_chain_files = [

     

       32
       32
       -
                 "${certs.${domain}.key}"

     

       33
       33
       -
                 "${certs.${domain}.cert}"

     

       34
       34
       -
               ];

     

       30
       30
       +
       

     

       31
       31
       +
               settings.main = {

     

       32
       32
       +
                 smtp_tls_CAfile = "${certs.ca.cert}";

     

       33
       33
       +
                 smtpd_tls_chain_files = [

     

       34
       34
       +
                   "${certs.${domain}.key}"

     

       35
       35
       +
                   "${certs.${domain}.cert}"

     

       36
       36
       +
                 ];

     

       37
       37
       +
               };

     

       35
       38
        
             };

     

       36
       39
        
             services.dovecot2 = {

     

       37
       40
        
               enable = true;

+5 -5

nixos/tests/discourse.nix

···

       107
       107
        
       

     

       108
       108
        
             services.postfix = {

     

       109
       109
        
               enable = true;

     

       110
       110
       -
               origin = clientDomain;

     

       111
       111
       -
               relayDomains = [ clientDomain ];

     

       112
       112
       -
               config = {

     

       110
       110
       +
               settings.main = {

     

       113
       111
        
                 compatibility_level = "2";

     

       114
       114
       -
                 smtpd_banner = "ESMTP server";

     

       112
       112
       +
                 mydestination = [ clientDomain ];

     

       115
       113
        
                 myhostname = clientDomain;

     

       116
       116
       -
                 mydestination = clientDomain;

     

       114
       114
       +
                 origin = clientDomain;

     

       115
       115
       +
                 relay_domains = [ clientDomain ];

     

       116
       116
       +
                 smtpd_banner = "ESMTP server";

     

       117
       117
        
               };

     

       118
       118
        
             };

     

       119
       119

+12 -10

nixos/tests/mailman.nix

···

       13
       13
        
             services.mailman.webHosts = [ "example.com" ];

     

       14
       14
        
       

     

       15
       15
        
             services.postfix.enable = true;

     

       16
       16
       -
             services.postfix.destination = [

     

       17
       17
       -
               "example.com"

     

       18
       18
       -
               "example.net"

     

       19
       19
       -
             ];

     

       20
       20
       -
             services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];

     

       21
       21
       -
             services.postfix.config.local_recipient_maps = [

     

       22
       22
       -
               "hash:/var/lib/mailman/data/postfix_lmtp"

     

       23
       23
       -
               "proxy:unix:passwd.byname"

     

       24
       24
       -
             ];

     

       25
       25
       -
             services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];

     

       16
       16
       +
             services.postfix.settings.main = {

     

       17
       17
       +
               mydestination = [

     

       18
       18
       +
                 "example.com"

     

       19
       19
       +
                 "example.net"

     

       20
       20
       +
               ];

     

       21
       21
       +
               relay_domains = [ "hash:/var/lib/mailman/data/postfix_domains" ];

     

       22
       22
       +
               local_recipient_maps = [

     

       23
       23
       +
                 "hash:/var/lib/mailman/data/postfix_lmtp"

     

       24
       24
       +
                 "proxy:unix:passwd.byname"

     

       25
       25
       +
               ];

     

       26
       26
       +
               transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];

     

       27
       27
       +
             };

     

       26
       28
        
       

     

       27
       29
        
             users.users.user = {

     

       28
       30
        
               isNormalUser = true;

+4 -5

nixos/tests/matrix/synapse.nix

···

       182
       182
        
       

     

       183
       183
        
               services.postfix = {

     

       184
       184
        
                 enable = true;

     

       185
       185
       -
                 hostname = "${mailerDomain}";

     

       186
       186
       -
                 # open relay for subnet

     

       187
       187
       -
                 networksStyle = "subnet";

     

       188
       185
        
                 enableSubmission = true;

     

       189
       189
       -
                 tlsTrustedAuthorities = "${mailerCerts.ca.cert}";

     

       190
       186
        
       

     

       191
       187
        
                 # blackhole transport

     

       192
       188
        
                 transport = "example.com discard:silently";

     

       193
       189
        
       

     

       194
       194
       -
                 config = {

     

       190
       190
       +
                 settings.main = {

     

       191
       191
       +
                   myhostname = "${mailerDomain}";

     

       192
       192
       +
                   # open relay for subnet

     

       193
       193
       +
                   mynetworks_style = "subnet";

     

       195
       194
        
                   debug_peer_level = "10";

     

       196
       195
        
                   smtpd_relay_restrictions = [

     

       197
       196
        
                     "permit_mynetworks"

+1 -1

nixos/tests/parsedmarc/default.nix

···

       184
       184
        
                   services.postfix = {

     

       185
       185
        
                     enable = true;

     

       186
       186
        
                     origin = mailDomain;

     

       187
       187
       -
                     config = {

     

       187
       187
       +
                     settings.main = {

     

       188
       188
        
                       myhostname = mailDomain;

     

       189
       189
        
                       mydestination = mailDomain;

     

       190
       190
        
                     };

+7 -5

nixos/tests/postfix.nix

···

       13
       13
        
               enable = true;

     

       14
       14
        
               enableSubmission = true;

     

       15
       15
        
               enableSubmissions = true;

     

       16
       16
       -
               tlsTrustedAuthorities = "${certs.ca.cert}";

     

       17
       17
       -
               config.smtpd_tls_chain_files = [

     

       18
       18
       -
                 certs.${domain}.key

     

       19
       19
       -
                 certs.${domain}.cert

     

       20
       20
       -
               ];

     

       16
       16
       +
               settings.main = {

     

       17
       17
       +
                 smtp_tls_CAfile = "${certs.ca.cert}";

     

       18
       18
       +
                 smtpd_tls_chain_files = [

     

       19
       19
       +
                   certs.${domain}.key

     

       20
       20
       +
                   certs.${domain}.cert

     

       21
       21
       +
                 ];

     

       22
       22
       +
               };

     

       21
       23
        
               submissionsOptions = {

     

       22
       24
        
                 smtpd_sasl_auth_enable = "yes";

     

       23
       25
        
                 smtpd_client_restrictions = "permit";

+1 -1

nixos/tests/public-inbox.nix

···

       166
       166
        
               setSendmail = true;

     

       167
       167
        
               #sslCert = "${tls-cert}/cert.pem";

     

       168
       168
        
               #sslKey = "${tls-cert}/key.pem";

     

       169
       169
       -
               recipientDelimiter = "+";

     

       169
       169
       +
               settings.main.recipient_delimiter = "+";

     

       170
       170
        
             };

     

       171
       171
        
       

     

       172
       172
        
             environment.systemPackages = [

+1 -1

nixos/tests/rspamd.nix

···

       293
       293
        
             };

     

       294
       294
        
             services.postfix = {

     

       295
       295
        
               enable = true;

     

       296
       296
       -
               destination = [ "example.com" ];

     

       296
       296
       +
               settings.main.mydestination = [ "example.com" ];

     

       297
       297
        
             };

     

       298
       298
        
             services.rspamd = {

     

       299
       299
        
               enable = true;

+9 -7

nixos/tests/schleuder.nix

···

       11
       11
        
             services.postfix = {

     

       12
       12
        
               enable = true;

     

       13
       13
        
               enableSubmission = true;

     

       14
       14
       -
               tlsTrustedAuthorities = "${certs.ca.cert}";

     

       15
       15
       -
               config.smtpd_tls_chain_files = [

     

       16
       16
       -
                 "${certs.${domain}.key}"

     

       17
       17
       -
                 "${certs.${domain}.cert}"

     

       18
       18
       -
               ];

     

       19
       19
       -
               inherit domain;

     

       20
       20
       -
               destination = [ domain ];

     

       14
       14
       +
               settings.main = {

     

       15
       15
       +
                 mydomain = domain;

     

       16
       16
       +
                 destination = domain;

     

       17
       17
       +
                 smtp_tls_CAfile = "${certs.ca.cert}";

     

       18
       18
       +
                 smtpd_tls_chain_files = [

     

       19
       19
       +
                   "${certs.${domain}.key}"

     

       20
       20
       +
                   "${certs.${domain}.cert}"

     

       21
       21
       +
                 ];

     

       22
       22
       +
               };

     

       21
       23
        
               localRecipients = [

     

       22
       24
        
                 "root"

     

       23
       25
        
                 "alice"

+1 -1

pkgs/by-name/po/postfix/update.sh

···

       5
       5
        
       

     

       6
       6
        
       # Expect the text in format of '<a href="official/postfix-3.7.4.tar.gz">Source code</a> |'

     

       7
       7
        
       # Stable release goes first.

     

       8
       8
       -
       new_version="$(curl -s http://cdn.postfix.johnriley.me/mirrors/postfix-release/index.html |

     

       8
       8
       +
       new_version="$(curl -s https://postfix-mirror.horus-it.com/postfix-release/index.html |

     

       9
       9
        
           pcregrep -o1 '"official/postfix-([0-9.]+)[.]tar[.]gz">' | head -n1)"

     

       10
       10
        
       update-source-version postfix "$new_version"