diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index b03412275d90..d4566dd0e4ff 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -118,8 +118,8 @@ - The Postfix module has been updated and likely requires configuration changes: - The `services.postfix.sslCert` and `sslKey` options were removed and you now need to configure - - [services.postfix.config.smtpd_tls_chain_files](#opt-services.postfix.config.smtpd_tls_chain_files) for server certificates, - - [services.postfix.config.smtp_tls_chain_files](#opt-services.postfix.config) for client certificates. + - [services.postfix.settings.main.smtpd_tls_chain_files](#opt-services.postfix.settings.main.smtpd_tls_chain_files) for server certificates, + - [services.postfix.settings.main.smtp_tls_chain_files](#opt-services.postfix.settings.main) for client certificates. - `vmalert` now supports multiple instances with the option `services.vmalert.instances."".enable` diff --git a/nixos/modules/services/mail/mailman.md b/nixos/modules/services/mail/mailman.md index b1eed2e55581..d5a8e5ba84fa 100644 --- a/nixos/modules/services/mail/mailman.md +++ b/nixos/modules/services/mail/mailman.md @@ -14,7 +14,7 @@ For a basic configuration with Postfix as the MTA, the following settings are su { services.postfix = { enable = true; - config = { + settings.main = { transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; relay_domains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 3a18d097b73f..1b6dae4676e5 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -554,7 +554,7 @@ in ]; services.postfix = lib.mkIf cfg.enablePostfix { - config = { + settings.main = { owner_request_special = "no"; # Mailman handles -owner addresses on its own recipient_delimiter = "+"; # bake recipient addresses in mail envelopes via VERP }; diff --git a/nixos/modules/services/mail/mlmmj.nix b/nixos/modules/services/mail/mlmmj.nix index 9506dfdb66ee..cbc184debf5b 100644 --- a/nixos/modules/services/mail/mlmmj.nix +++ b/nixos/modules/services/mail/mlmmj.nix @@ -120,11 +120,11 @@ in services.postfix = { enable = true; - config = { + settings.main = { recipient_delimiter = "+"; propagate_unmatched_extensions = "virtual"; }; - masterConfig.mlmmj = { + settings.master.mlmmj = { type = "unix"; private = true; privileged = true; diff --git a/nixos/modules/services/mail/pfix-srsd.nix b/nixos/modules/services/mail/pfix-srsd.nix index 035f331dcf6d..be77cacd01f3 100644 --- a/nixos/modules/services/mail/pfix-srsd.nix +++ b/nixos/modules/services/mail/pfix-srsd.nix @@ -51,7 +51,7 @@ in config = lib.mkMerge [ (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) { - services.postfix.config = { + services.postfix.settings.main = { sender_canonical_maps = [ "tcp:127.0.0.1:10001" ]; sender_canonical_classes = [ "envelope_sender" ]; recipient_canonical_maps = [ "tcp:127.0.0.1:10002" ]; diff --git a/nixos/modules/services/mail/postfix-tlspol.nix b/nixos/modules/services/mail/postfix-tlspol.nix index e7104d79b4fe..b85b2d6ea3e6 100644 --- a/nixos/modules/services/mail/postfix-tlspol.nix +++ b/nixos/modules/services/mail/postfix-tlspol.nix @@ -135,7 +135,7 @@ in config = mkMerge [ (mkIf (cfg.enable && config.services.postfix.enable && cfg.configurePostfix) { # https://github.com/Zuplu/postfix-tlspol#postfix-configuration - services.postfix.config = { + services.postfix.settings.main = { smtp_dns_support_level = "dnssec"; smtp_tls_security_level = "dane"; smtp_tls_policy_maps = diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 35a1a8286662..17613475a2e8 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -53,7 +53,7 @@ let mkEntry = name: value: "${escape name} =${mkVal value}"; in lib.concatStringsSep "\n" ( - lib.mapAttrsToList mkEntry (lib.filterAttrsRecursive (_: value: value != null) cfg.config) + lib.mapAttrsToList mkEntry (lib.filterAttrsRecursive (_: value: value != null) cfg.settings.main) ); masterCfOptions = @@ -235,7 +235,7 @@ let "" ]; - masterCf = lib.mapAttrsToList (lib.const (lib.getAttr "rawEntry")) cfg.masterConfig; + masterCf = lib.mapAttrsToList (lib.const (lib.getAttr "rawEntry")) cfg.settings.master; # A list of the maximum width of the columns across all lines and labels maxWidths = @@ -511,229 +511,255 @@ in description = "The format the alias map should have. Use regexp if you want to use regular expressions."; }; - config = lib.mkOption { - type = lib.types.submodule { - freeformType = - with types; - attrsOf ( - nullOr (oneOf [ - bool - int - str - (listOf str) - ]) - ); - options = { - message_size_limit = mkOption { - type = with types; nullOr int; - default = 10240000; # 10 MiB - example = 52428800; # 50 MiB - description = '' - Maximum size of an email message in bytes. - - - ''; - }; - - mydestination = mkOption { - type = - with types; + settings = { + main = lib.mkOption { + type = lib.types.submodule { + freeformType = + with types; + attrsOf ( nullOr (oneOf [ + bool + int str (listOf str) - ]); - default = [ - "$myhostname" - "localhost.$mydomain" - "localhost" - ]; - description = '' - List of domain names intended for local delivery using /etc/passwd and /etc/aliases. + ]) + ); + options = { + message_size_limit = mkOption { + type = with types; nullOr int; + default = 10240000; # 10 MiB + example = 52428800; # 50 MiB + description = '' + Maximum size of an email message in bytes. - ::: {.warning} - Do not include [virtual](https://www.postfix.org/VIRTUAL_README.html) domains in this list. - ::: + + ''; + }; - - ''; + mydestination = mkOption { + type = + with types; + nullOr (oneOf [ + str + (listOf str) + ]); + default = [ + "$myhostname" + "localhost.$mydomain" + "localhost" + ]; + description = '' + List of domain names intended for local delivery using /etc/passwd and /etc/aliases. + + ::: {.warning} + Do not include [virtual](https://www.postfix.org/VIRTUAL_README.html) domains in this list. + ::: + + + ''; + }; + + myhostname = mkOption { + type = with types; nullOr types.str; + default = null; + example = "mail.example.com"; + description = '' + The internet hostname of this mail system. + + Leave unset to default to the system hostname with the {option}`mydomain` suffix. + + + ''; + }; + + mynetworks = mkOption { + type = with types; nullOr (listOf str); + default = null; + example = [ + "127.0.0.0/8" + "::1" + ]; + description = '' + List of trusted remote SMTP clients, that are allowed to relay mail. + + Leave unset to let Postfix populate this list based on the {option}`mynetworks_style` setting. + + + ''; + }; + + mynetworks_style = mkOption { + type = + with types; + nullOr (enum [ + "host" + "subnet" + "class" + ]); + default = "host"; + description = '' + The method used for generating the default value for {option}`mynetworks`, if that option is unset. + + + ''; + }; + + recipient_delimiter = lib.mkOption { + type = with types; nullOr str; + default = ""; + example = "+"; + description = '' + Set of characters used as the delimiters for address extensions. + + This allows creating different forwarding rules per extension. + + + ''; + }; + + relayhost = mkOption { + type = with types; nullOr (listOf str); + default = [ ]; + example = [ "[relay.example.com]:587" ]; + description = '' + List of hosts to use for relaying outbound mail. + + ::: {.note} + Putting the hostname in angled brackets, e.g. `[relay.example.com]`, turns off MX and SRV lookups for the hostname. + ::: + + + ''; + }; + + relay_domains = mkOption { + type = with types; nullOr (listOf str); + default = [ ]; + example = [ "lists.example.com" ]; + description = '' + List of domains delivered via the relay transport. + + + ''; + }; + + smtp_tls_CAfile = mkOption { + type = types.path; + default = config.security.pki.caBundle; + defaultText = literalExpression '' + config.security.pki.caBundle + ''; + example = literalExpression '' + ''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + ''; + description = '' + File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates. + + Defaults to the system CA bundle that is managed through the `security.pki` options. + + + ''; + }; + + smtp_tls_security_level = mkOption { + type = types.enum [ + "none" + "may" + "encrypt" + "dane" + "dane-only" + "fingerprint" + "verify" + "secure" + ]; + default = "may"; + description = '' + The client TLS security level. + + ::: {.tip} + Use `dane` with a local DNSSEC validating DNS resolver enabled. + ::: + + + ''; + }; + + smtpd_tls_chain_files = mkOption { + type = with types; listOf path; + default = [ ]; + example = [ + "/var/lib/acme/mail.example.com/privkey.pem" + "/var/lib/acme/mail.example.com/fullchain.pem" + ]; + description = '' + List of paths to the server private keys and certificates. + + ::: {.caution} + The order of items matters and a private key must always be followed by the corresponding certificate. + ::: + + + ''; + }; + + smtpd_tls_security_level = mkOption { + type = types.enum [ + "none" + "may" + "encrypt" + ]; + default = + if config.services.postfix.settings.main.smtpd_tls_chain_files != [ ] then "may" else "none"; + defaultText = lib.literalExpression '' + if config.services.postfix.settings.main.smtpd_tls_chain_files != [ ] then "may" else "none" + ''; + example = "may"; + description = '' + The server TLS security level. Enable TLS by configuring at least `may`. + + + ''; + }; }; + }; - myhostname = mkOption { - type = with types; nullOr types.str; - default = null; - example = "mail.example.com"; - description = '' - The internet hostname of this mail system. + description = '' + The main.cf configuration file as key value set. - Leave unset to default to the system hostname with the {option}`mydomain` suffix. + Null values will not be rendered. - - ''; - }; - - mynetworks = mkOption { - type = with types; nullOr (listOf str); - default = null; - example = [ - "127.0.0.0/8" - "::1" - ]; - description = '' - List of trusted remote SMTP clients, that are allowed to relay mail. - - Leave unset to let Postfix populate this list based on the {option}`mynetworks_style` setting. - - - ''; - }; - - mynetworks_style = mkOption { - type = - with types; - nullOr (enum [ - "host" - "subnet" - "class" - ]); - default = "host"; - description = '' - The method used for generating the default value for {option}`mynetworks`, if that option is unset. - - - ''; - }; - - recipient_delimiter = lib.mkOption { - type = with types; nullOr str; - default = ""; - example = "+"; - description = '' - Set of characters used as the delimiters for address extensions. - - This allows creating different forwarding rules per extension. - - - ''; - }; - - relayhost = mkOption { - type = with types; nullOr (listOf str); - default = [ ]; - example = [ "[relay.example.com]:587" ]; - description = '' - List of hosts to use for relaying outbound mail. - - ::: {.note} - Putting the hostname in angled brackets, e.g. `[relay.example.com]`, turns off MX and SRV lookups for the hostname. - ::: - - - ''; - }; - - relay_domains = mkOption { - type = with types; nullOr (listOf str); - default = [ ]; - example = [ "lists.example.com" ]; - description = '' - List of domains delivered via the relay transport. - - - ''; - }; - - smtp_tls_CAfile = mkOption { - type = types.path; - default = config.security.pki.caBundle; - defaultText = literalExpression '' - config.security.pki.caBundle - ''; - example = literalExpression '' - ''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt - ''; - description = '' - File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates. - - Defaults to the system CA bundle that is managed through the `security.pki` options. - - - ''; - }; - - smtp_tls_security_level = mkOption { - type = types.enum [ - "none" - "may" - "encrypt" - "dane" - "dane-only" - "fingerprint" - "verify" - "secure" - ]; - default = "may"; - description = '' - The client TLS security level. - - ::: {.tip} - Use `dane` with a local DNSSEC validating DNS resolver enabled. - ::: - - - ''; - }; - - smtpd_tls_chain_files = mkOption { - type = with types; listOf path; - default = [ ]; - example = [ - "/var/lib/acme/mail.example.com/privkey.pem" - "/var/lib/acme/mail.example.com/fullchain.pem" - ]; - description = '' - List of paths to the server private keys and certificates. - - ::: {.caution} - The order of items matters and a private key must always be followed by the corresponding certificate. - ::: - - - ''; - }; - - smtpd_tls_security_level = mkOption { - type = types.enum [ - "none" - "may" - "encrypt" - ]; - default = if config.services.postfix.config.smtpd_tls_chain_files != [ ] then "may" else "none"; - defaultText = lib.literalExpression '' - if config.services.postfix.config.smtpd_tls_chain_files != [ ] then "may" else "none" - ''; - example = "may"; - description = '' - The server TLS security level. Enable TLS by configuring at least `may`. - - - ''; - }; + ::: {.tip} + Check `postconf -d` for the default values of all settings. + ::: + ''; + example = { + mail_owner = "postfix"; + smtp_tls_security_level = "may"; }; }; - description = '' - The main.cf configuration file as key value set. + master = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule masterCfOptions); + default = { }; + example = { + submission = { + type = "inet"; + args = [ + "-o" + "smtpd_tls_security_level=encrypt" + ]; + }; + }; + description = '' + The {file}`master.cf` configuration file as an attribute set of service + defitions - Null values will not be rendered. - - ::: {.tip} - Check `postconf -d` for the default values of all settings. - ::: - ''; - example = { - mail_owner = "postfix"; - smtp_tls_security_level = "may"; + ::: {.tip} + Check for possible settings. + ::: + ''; }; + }; canonical = lib.mkOption { @@ -797,25 +823,6 @@ in description = "contents of check_client_access for overriding dnsBlacklists"; }; - masterConfig = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule masterCfOptions); - default = { }; - example = { - submission = { - type = "inet"; - args = [ - "-o" - "smtpd_tls_security_level=encrypt" - ]; - }; - }; - description = '' - An attribute set of service options, which correspond to the service - definitions usually done within the Postfix - {file}`master.cf` file. - ''; - }; - extraMasterConf = lib.mkOption { type = lib.types.lines; default = ""; @@ -1016,7 +1023,7 @@ in }; }; - services.postfix.config = + services.postfix.settings.main = (lib.mapAttrs (_: v: lib.mkDefault v) { compatibility_level = pkgs.postfix.version; mail_owner = cfg.user; @@ -1057,7 +1064,7 @@ in header_checks = [ "regexp:/etc/postfix/header_checks" ]; }; - services.postfix.masterConfig = { + services.postfix.settings.master = { pickup = { private = false; wakeup = 60; @@ -1216,66 +1223,74 @@ in imports = [ (lib.mkRemovedOptionModule [ "services" "postfix" "sslCACert" ] - "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.config.smtp_tls_CAfile." + "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.settings.main.smtp_tls_CAfile." ) (lib.mkRemovedOptionModule [ "services" "postfix" "sslCert" ] - "services.postfix.sslCert was removed. Use services.postfix.config.smtpd_tls_chain_files for the server certificate, or services.postfix.config.smtp_tls_chain_files for the client certificate." + "services.postfix.sslCert was removed. Use services.postfix.settings.main.smtpd_tls_chain_files for the server certificate, or services.postfix.settings.main.smtp_tls_chain_files for the client certificate." ) (lib.mkRemovedOptionModule [ "services" "postfix" "sslKey" ] - "services.postfix.sslKey was removed. Use services.postfix.config.smtpd_tls_chain_files for server private key, or services.postfix.config.smtp_tls_chain_files for the client private key." + "services.postfix.sslKey was removed. Use services.postfix.settings.main.smtpd_tls_chain_files for server private key, or services.postfix.settings.main.smtp_tls_chain_files for the client private key." ) (lib.mkRemovedOptionModule [ "services" "postfix" "lookupMX" ] - "services.postfix.lookupMX was removed. Use services.postfix.config.relayhost and put the hostname in angled brackets, if you need to turn off MX and SRV lookups." + "services.postfix.lookupMX was removed. Use services.postfix.settings.main.relayhost and put the hostname in angled brackets, if you need to turn off MX and SRV lookups." ) (lib.mkRemovedOptionModule [ "services" "postfix" "relayHost" ] - "services.postfix.relayHost was removed in favor of services.postfix.config.relayhost, which now takes a list of host/port." + "services.postfix.relayHost was removed in favor of services.postfix.settings.main.relayhost, which now takes a list of host/port." ) (lib.mkRemovedOptionModule [ "services" "postfix" "relayPort" ] - "services.postfix.relayHost was removed in favor of services.postfix.config.relayhost, which now takes a list of host/port." + "services.postfix.relayHost was removed in favor of services.postfix.settings.main.relayhost, which now takes a list of host/port." ) (lib.mkRemovedOptionModule [ "services" "postfix" "extraConfig" ] - "services.postfix.extraConfig was replaced by the structured freeform service.postfix.config option." + "services.postfix.extraConfig was replaced by the structured freeform service.postfix.settings.main option." ) (lib.mkRenamedOptionModule [ "services" "postfix" "networks" ] - [ "services" "postfix" "config" "mynetworks" ] + [ "services" "postfix" "settings" "main" "mynetworks" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "networkStyle" ] - [ "services" "postfix" "config" "mynetworks_style" ] + [ "services" "postfix" "settings" "main" "mynetworks_style" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "hostname" ] - [ "services" "postfix" "config" "myhostname" ] + [ "services" "postfix" "settings" "main" "myhostname" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "domain" ] - [ "services" "postfix" "config" "mydomain" ] + [ "services" "postfix" "settings" "main" "mydomain" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "origin" ] - [ "services" "postfix" "config" "myorigin" ] + [ "services" "postfix" "settings" "main" "myorigin" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "destination" ] - [ "services" "postfix" "config" "mydestination" ] + [ "services" "postfix" "settings" "main" "mydestination" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "relayDomains" ] - [ "services" "postfix" "config" "relay_domains" ] + [ "services" "postfix" "settings" "main" "relay_domains" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "recipientDelimiter" ] - [ "services" "postfix" "config" "recipient_delimiter" ] + [ "services" "postfix" "settings" "main" "recipient_delimiter" ] ) (lib.mkRenamedOptionModule [ "services" "postfix" "tlsTrustedAuthoriies" ] - [ "services" "postfix" "config" "smtp_tls_CAfile" ] + [ "services" "postfix" "settings" "main" "smtp_tls_CAfile" ] + ) + (lib.mkRenamedOptionModule + [ "services" "postfix" "config" ] + [ "services" "postfix" "settings" "main" ] + ) + (lib.mkRenamedOptionModule + [ "services" "postfix" "masterConfig" ] + [ "services" "postfix" "settings" "master" ] ) (lib.mkChangedOptionModule [ "services" "postfix" "useDane" ] - [ "services" "postfix" "config" "smtp_tls_security_level" ] + [ "services" "postfix" "settings" "main" "smtp_tls_security_level" ] (config: lib.mkIf config.services.postfix.useDane "dane") ) (lib.mkRenamedOptionModule [ "services" "postfix" "useSrs" ] [ "services" "pfix-srsd" "enable" ]) diff --git a/nixos/modules/services/mail/postsrsd.nix b/nixos/modules/services/mail/postsrsd.nix index cda11576e260..dac11fdea236 100644 --- a/nixos/modules/services/mail/postsrsd.nix +++ b/nixos/modules/services/mail/postsrsd.nix @@ -235,7 +235,7 @@ in config = lib.mkMerge [ (lib.mkIf (cfg.enable && cfg.configurePostfix && config.services.postfix.enable) { - services.postfix.config = { + services.postfix.settings.main = { # https://github.com/roehling/postsrsd#configuration sender_canonical_maps = "socketmap:${cfg.settings.socketmap}:forward"; sender_canonical_classes = "envelope_sender"; diff --git a/nixos/modules/services/mail/public-inbox.nix b/nixos/modules/services/mail/public-inbox.nix index a2b536e29aef..c5cb4b699e43 100644 --- a/nixos/modules/services/mail/public-inbox.nix +++ b/nixos/modules/services/mail/public-inbox.nix @@ -426,7 +426,7 @@ in }; services.postfix = mkIf (cfg.postfix.enable && cfg.mda.enable) { # Not sure limiting to 1 is necessary, but better safe than sorry. - config.public-inbox_destination_recipient_limit = "1"; + settings.main.public-inbox_destination_recipient_limit = "1"; # Register the addresses as existing virtual = concatStringsSep "\n" ( @@ -443,7 +443,7 @@ in ); # The public-inbox transport - masterConfig.public-inbox = { + settings.master.public-inbox = { type = "unix"; privileged = true; # Required for user= command = "pipe"; diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index 323339af97e9..6795de0c868c 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -451,7 +451,7 @@ in ''; }; }; - services.postfix.config = mkIf cfg.postfix.enable cfg.postfix.config; + services.postfix.settings.main = mkIf cfg.postfix.enable cfg.postfix.config; systemd.services.postfix = mkIf cfg.postfix.enable { serviceConfig.SupplementaryGroups = [ postfixCfg.group ]; diff --git a/nixos/modules/services/mail/schleuder.nix b/nixos/modules/services/mail/schleuder.nix index 7fdf43111915..0697eb4407d1 100644 --- a/nixos/modules/services/mail/schleuder.nix +++ b/nixos/modules/services/mail/schleuder.nix @@ -115,7 +115,7 @@ in flags=DRhu user=schleuder argv=/${pkgs.schleuder}/bin/schleuder work ''${recipient} ''; transport = lib.mkIf (cfg.lists != [ ]) (postfixMap (lib.genAttrs cfg.lists (_: "schleuder:"))); - config.schleuder_destination_recipient_limit = 1; + settings.main.schleuder_destination_recipient_limit = 1; # review: does this make sense? localRecipients = lib.mkIf (cfg.lists != [ ]) cfg.lists; }; diff --git a/nixos/modules/services/mail/sympa.nix b/nixos/modules/services/mail/sympa.nix index bfa2f38773d5..2d104e3ed90a 100644 --- a/nixos/modules/services/mail/sympa.nix +++ b/nixos/modules/services/mail/sympa.nix @@ -585,44 +585,46 @@ in services.postfix = lib.mkIf (cfg.mta.type == "postfix") { enable = true; - config = { - recipient_delimiter = "+"; - virtual_alias_maps = [ "hash:${dataDir}/virtual.sympa" ]; - virtual_mailbox_maps = [ - "hash:${dataDir}/transport.sympa" - "hash:${dataDir}/sympa_transport" - "hash:${dataDir}/virtual.sympa" - ]; - virtual_mailbox_domains = [ "hash:${dataDir}/transport.sympa" ]; - transport_maps = [ - "hash:${dataDir}/transport.sympa" - "hash:${dataDir}/sympa_transport" - ]; - }; - masterConfig = { - "sympa" = { - type = "unix"; - privileged = true; - chroot = false; - command = "pipe"; - args = [ - "flags=hqRu" - "user=${user}" - "argv=${pkg}/libexec/queue" - "\${nexthop}" + settings = { + main = { + recipient_delimiter = "+"; + virtual_alias_maps = [ "hash:${dataDir}/virtual.sympa" ]; + virtual_mailbox_maps = [ + "hash:${dataDir}/transport.sympa" + "hash:${dataDir}/sympa_transport" + "hash:${dataDir}/virtual.sympa" + ]; + virtual_mailbox_domains = [ "hash:${dataDir}/transport.sympa" ]; + transport_maps = [ + "hash:${dataDir}/transport.sympa" + "hash:${dataDir}/sympa_transport" ]; }; - "sympabounce" = { - type = "unix"; - privileged = true; - chroot = false; - command = "pipe"; - args = [ - "flags=hqRu" - "user=${user}" - "argv=${pkg}/libexec/bouncequeue" - "\${nexthop}" - ]; + master = { + "sympa" = { + type = "unix"; + privileged = true; + chroot = false; + command = "pipe"; + args = [ + "flags=hqRu" + "user=${user}" + "argv=${pkg}/libexec/queue" + "\${nexthop}" + ]; + }; + "sympabounce" = { + type = "unix"; + privileged = true; + chroot = false; + command = "pipe"; + args = [ + "flags=hqRu" + "user=${user}" + "argv=${pkg}/libexec/bouncequeue" + "\${nexthop}" + ]; + }; }; }; }; diff --git a/nixos/modules/services/mail/zeyple.nix b/nixos/modules/services/mail/zeyple.nix index a763c0aa106b..b238ee0efeff 100644 --- a/nixos/modules/services/mail/zeyple.nix +++ b/nixos/modules/services/mail/zeyple.nix @@ -128,6 +128,6 @@ in -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128 ''; - services.postfix.config.content_filter = "zeyple"; + services.postfix.settings.main.content_filter = "zeyple"; }; } diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index 223290fbf5a5..61bce5726dd4 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -427,7 +427,7 @@ in services.postfix = lib.mkIf cfg.provision.localMail.enable { enable = true; - config = { + settings.main = { myhostname = cfg.provision.localMail.hostname; myorigin = cfg.provision.localMail.hostname; mydestination = cfg.provision.localMail.hostname; diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index a0a24ba96a87..7a5123392ee8 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -1077,7 +1077,7 @@ in services.postfix = lib.mkIf cfg.mail.incoming.enable { enable = true; - config = { + settings.main = { smtpd_recipient_restrictions = "check_policy_service unix:private/discourse-policy"; append_dot_mydomain = lib.mkDefault false; compatibility_level = "2"; @@ -1097,7 +1097,7 @@ in transport = '' ${cfg.hostname} discourse-mail-receiver: ''; - masterConfig = { + settings.master = { "discourse-mail-receiver" = { type = "unix"; privileged = true; diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index c9ed0f21da06..cbe0175ac57a 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -1100,7 +1100,7 @@ in services.postfix = lib.mkIf (cfg.smtp.createLocally && cfg.smtp.host == "127.0.0.1") { enable = true; - config.myhostname = lib.mkDefault "${cfg.localDomain}"; + settings.main.myhostname = lib.mkDefault "${cfg.localDomain}"; }; services.redis.servers.mastodon = lib.mkIf redisActuallyCreateLocally ( diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix index ed3eceac5fd5..309d56e32567 100644 --- a/nixos/modules/services/web-apps/peertube.nix +++ b/nixos/modules/services/web-apps/peertube.nix @@ -959,7 +959,7 @@ in services.postfix = lib.mkIf cfg.smtp.createLocally { enable = true; - config.myhostname = lib.mkDefault "${cfg.localDomain}"; + settings.main.myhostname = lib.mkDefault "${cfg.localDomain}"; }; users.users = lib.mkMerge [ diff --git a/nixos/tests/alps.nix b/nixos/tests/alps.nix index 61c1391ab583..55adcb9f3a19 100644 --- a/nixos/tests/alps.nix +++ b/nixos/tests/alps.nix @@ -28,7 +28,7 @@ in enableSubmission = true; enableSubmissions = true; - config = { + settings.main = { smtp_tls_CAfile = "${certs.ca.cert}"; smtpd_tls_chain_files = [ "${certs.${domain}.key}" diff --git a/nixos/tests/discourse.nix b/nixos/tests/discourse.nix index 3506510b862f..e76d0a3862ba 100644 --- a/nixos/tests/discourse.nix +++ b/nixos/tests/discourse.nix @@ -107,7 +107,7 @@ in services.postfix = { enable = true; - config = { + settings.main = { compatibility_level = "2"; mydestination = [ clientDomain ]; myhostname = clientDomain; diff --git a/nixos/tests/mailman.nix b/nixos/tests/mailman.nix index 8338d552f5d7..79d74ac5cb32 100644 --- a/nixos/tests/mailman.nix +++ b/nixos/tests/mailman.nix @@ -13,16 +13,18 @@ services.mailman.webHosts = [ "example.com" ]; services.postfix.enable = true; - services.postfix.config.mydestination = [ - "example.com" - "example.net" - ]; - services.postfix.config.relay_domains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; - services.postfix.config.local_recipient_maps = [ - "hash:/var/lib/mailman/data/postfix_lmtp" - "proxy:unix:passwd.byname" - ]; - services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + services.postfix.settings.main = { + mydestination = [ + "example.com" + "example.net" + ]; + relay_domains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; + local_recipient_maps = [ + "hash:/var/lib/mailman/data/postfix_lmtp" + "proxy:unix:passwd.byname" + ]; + transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + }; users.users.user = { isNormalUser = true; diff --git a/nixos/tests/matrix/synapse.nix b/nixos/tests/matrix/synapse.nix index 88a34487242a..1f67f158fd56 100644 --- a/nixos/tests/matrix/synapse.nix +++ b/nixos/tests/matrix/synapse.nix @@ -187,7 +187,7 @@ in # blackhole transport transport = "example.com discard:silently"; - config = { + settings.main = { myhostname = "${mailerDomain}"; # open relay for subnet mynetworks_style = "subnet"; diff --git a/nixos/tests/parsedmarc/default.nix b/nixos/tests/parsedmarc/default.nix index 41464b90e15b..571fe1d5f75f 100644 --- a/nixos/tests/parsedmarc/default.nix +++ b/nixos/tests/parsedmarc/default.nix @@ -184,7 +184,7 @@ in services.postfix = { enable = true; origin = mailDomain; - config = { + settings.main = { myhostname = mailDomain; mydestination = mailDomain; }; diff --git a/nixos/tests/postfix.nix b/nixos/tests/postfix.nix index af63a7a4d8a7..9a64c768417c 100644 --- a/nixos/tests/postfix.nix +++ b/nixos/tests/postfix.nix @@ -13,7 +13,7 @@ import ./make-test-python.nix { enable = true; enableSubmission = true; enableSubmissions = true; - config = { + settings.main = { smtp_tls_CAfile = "${certs.ca.cert}"; smtpd_tls_chain_files = [ certs.${domain}.key diff --git a/nixos/tests/public-inbox.nix b/nixos/tests/public-inbox.nix index f0d9ecaea706..a8ea4298126d 100644 --- a/nixos/tests/public-inbox.nix +++ b/nixos/tests/public-inbox.nix @@ -166,7 +166,7 @@ in setSendmail = true; #sslCert = "${tls-cert}/cert.pem"; #sslKey = "${tls-cert}/key.pem"; - config.recipient_delimiter = "+"; + settings.main.recipient_delimiter = "+"; }; environment.systemPackages = [ diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix index 79429eaa459f..f384094fee74 100644 --- a/nixos/tests/rspamd.nix +++ b/nixos/tests/rspamd.nix @@ -293,7 +293,7 @@ in }; services.postfix = { enable = true; - config.mydestination = [ "example.com" ]; + settings.main.mydestination = [ "example.com" ]; }; services.rspamd = { enable = true; diff --git a/nixos/tests/schleuder.nix b/nixos/tests/schleuder.nix index b42006729f26..13bd079a29e4 100644 --- a/nixos/tests/schleuder.nix +++ b/nixos/tests/schleuder.nix @@ -11,7 +11,7 @@ in services.postfix = { enable = true; enableSubmission = true; - config = { + settings.main = { mydomain = domain; destination = domain; smtp_tls_CAfile = "${certs.ca.cert}";