Simple nixos mail server configuration

nerf commented

2023-09-24 22:47:28 +00:00

Owner

This is a issue to discuss how the simple nixos mail server on nyarlathotep should be configured.

Here is the default.nix of that project
containing all the direct options. Of course the options of the postfix, rspamd, opendkim and dovecot2 modules can also still
be set by hand. Also for reference maralorns config.

How do we manage users? There are multiple ways of doing that, we can put them into the nixos config. That would be relative static.
Appropriate if we want only mailboxes for thing like, vorstand, fsr, and so on.

(Answering this question is blocking progress)

There is an option to role ldap. If we want to reuse these logins for multiple things that might be the way to go.

For all the options please read the documentation snm

This is a issue to discuss how the simple nixos mail server on nyarlathotep should be configured. Here is the [default.nix](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/blob/master/default.nix) of that project containing all the direct options. Of course the options of the postfix, rspamd, opendkim and dovecot2 modules can also still be set by hand. Also for reference [maralorns config](https://code.maralorn.de/maralorn/config/src/branch/main/nixos/machines/hera/mail.nix). How do we manage users? There are multiple ways of doing that, we can put them into the nixos config. That would be relative static. Appropriate if we want only mailboxes for thing like, vorstand, fsr, and so on. (Answering this question is blocking progress) There is an option to role ldap. If we want to reuse these logins for multiple things that might be the way to go. For all the options please read the documentation [snm](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/tree/master)

nerf added this to the GOING LIVE milestone 2023-09-24 22:47:28 +00:00

nerf added the

Kind/Feature

label 2023-09-24 22:47:28 +00:00

nerf added this to the New mail on Nyarlathotep project 2023-09-24 22:47:29 +00:00

nerf added a new dependency 2023-09-24 22:48:07 +00:00

#2 Getting the new mail system live

nerf added the

Status

Need More Info

label 2023-09-27 10:05:41 +00:00

Gonne commented

2023-10-06 07:16:50 +00:00

Owner

Let's collect some arguments.

Advocating function-only mailboxes (like FBR, Verein, Ball, …):

We handle less personal data.
We have a good overview over existing accounts.
We have more control over disk usage.
We handle less private data.
Config is presumably simpler.
…?

Advocating mailboxes for everyone:

More service for everyone
Possibly more federation of mail
We have enough disk space.
More intuitive configuration of clients that want to send from their @mathebau.de address
…?

Let's collect some arguments. Advocating function-only mailboxes (like FBR, Verein, Ball, …): - We handle less personal data. - We have a good overview over existing accounts. - We have more control over disk usage. - We handle less private data. - Config is presumably simpler. - …? Advocating mailboxes for everyone: - More service for everyone - Possibly more federation of mail - We have enough disk space. - More intuitive configuration of clients that want to send from their @mathebau.de address - …?

nerf commented

2023-10-06 08:49:42 +00:00

Author

Owner

More intuitive configuration of clients that want to send from their @mathebau.de address

…?

We need to differentiate between authentication and mailboxes. (I'm unsure how to configure that), but we just need to authenticate
people that want to send from the @mathebau addresses, and don't need to give them mailboxes. That is from the organizational point of view
the hard problem (authentication sucks), but we don't need disk space for them. We still can forward their incoming mails.

(This is really only a small remark, because this discussion is more about how to organize the config, and authentication is really the thing that matters)

> - More intuitive configuration of clients that want to send from their @mathebau.de address > - …? We need to differentiate between authentication and mailboxes. (I'm unsure how to configure that), but we just need to authenticate people that want to send from the @mathebau addresses, and don't need to give them mailboxes. That is from the organizational point of view the hard problem (authentication sucks), but we don't need disk space for them. We still can forward their incoming mails. (This is really only a small remark, because this discussion is more about how to organize the config, and authentication is really the thing that matters)

Gonne commented

2023-10-08 10:59:28 +00:00

Owner

I think we should start with with function-only accounts.

Gonne commented

2024-01-04 14:53:19 +00:00

Owner

In der FaSer-Diskussion sind wir der Meinung, gerne Mailboxen für alle Menschen haben zu wollen, die einen benötigen. Das fällt aus der sinnvollen Rechteverwaltung von Funktionskonten hoffentlich einfach heraus.

Eventuell ist es sinnvoll, trotzdem erstmal die existierenden Mailboxen hartzucoden.

In der FaSer-Diskussion sind wir der Meinung, gerne Mailboxen für alle Menschen haben zu wollen, die einen benötigen. Das fällt aus der sinnvollen Rechteverwaltung von Funktionskonten hoffentlich einfach heraus. Eventuell ist es sinnvoll, trotzdem erstmal die existierenden Mailboxen hartzucoden.

Gonne commented

2024-01-20 12:41:25 +00:00

Owner

Perhaps I will start by aiming at replacing the existing functionality by a Nix machine first. That seems more achievable to me and afterwards I may have learnt enough about Nix to try the rest.

Especially concerning our currently broken mailman web interface that would be an improvement.

Perhaps I will start by aiming at replacing the existing functionality by a Nix machine first. That seems more achievable to me and afterwards I may have learnt enough about Nix to try the rest. Especially concerning our currently broken mailman web interface that would be an improvement.

Simple nixos mail server configuration #4