flake.nix: Update NixOS release to 25.11

2025-12-08 22:34:53 +01:00 · 2025-12-08 22:34:53 +01:00 · 54f84355ee
commit 54f84355ee
parent 95d920ae67
8 changed files with 22 additions and 20 deletions
--- a/flake.lock
+++ b/flake.lock
@ -96,16 +96,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1748162331,
-        "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=",
+        "lastModified": 1764983851,
+        "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
+        "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "An opinionated Nixos Mailsystem";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
    treefmt-nix.url = "github:numtide/treefmt-nix";
--- a/mailsystem/dovecot.nix
+++ b/mailsystem/dovecot.nix
@ -261,7 +261,7 @@ in {

    security.dhparams.params.dovecot2.bits = cfg.dovecot.dhparamSize;

-    systemd.services.dovecot2 = {
+    systemd.services.dovecot = {
      preStart = ''
        ${genAuthDbsScript}
        ${genMaildirScript}
--- a/mailsystem/postfix.nix
+++ b/mailsystem/postfix.nix
@ -63,9 +63,6 @@ in {
      hostname = "${cfg.reverseFqdn}";
      networksStyle = "host";

-      sslCert = sslCertPath;
-      sslKey = sslKeyPath;
-
      enableSubmissions = true;

      mapFiles."virtual_aliases" = aliases_file;
@ -85,12 +82,17 @@ in {
        cleanup_service_name = "submission-header-cleanup";
      };

-      config = {
+      settings.main = {
        mydestination = "";
        recipient_delimiter = "+";
        smtpd_banner = "${cfg.fqdn} ESMTP NO UCE";
        disable_vrfy_command = true;
-        message_size_limit = toString cfg.messageSizeLimit;
+        message_size_limit = cfg.messageSizeLimit;
+
+        smtpd_tls_chain_files = [
+          sslKeyPath
+          sslCertPath
+        ];

        virtual_uid_maps = "static:${toString cfg.vmailUID}";
        virtual_gid_maps = "static:${toString cfg.vmailUID}";
@ -165,7 +167,7 @@ in {
        smtpd_forbid_bare_newline_exclusions = "$mynetworks";
      };

-      masterConfig = {
+      settings.master = {
        "lmtp" = {
          # Add headers when delivering, see http://www.postfix.org/smtp.8.html
          # D => Delivered-To, O => X-Original-To, R => Return-Path
--- a/tests/aliases.nix
+++ b/tests/aliases.nix
@ -32,7 +32,7 @@ with (import ./common/lib.nix {inherit pkgs;}); let
    };
  };
 in
-  pkgs.nixosTest {
+  pkgs.testers.nixosTest {
    name = "aliases";
    nodes = {
      server = {pkgs, ...}: {
--- a/tests/basic.nix
+++ b/tests/basic.nix
@ -16,7 +16,7 @@ with (import ./common/lib.nix {inherit pkgs;}); let
    };
  };
 in
-  pkgs.nixosTest {
+  pkgs.testers.nixosTest {
    name = "basic";
    nodes = {
      server = {pkgs, ...}: {
--- a/tests/internal.nix
+++ b/tests/internal.nix
@ -1,5 +1,5 @@
 {pkgs, ...}:
-pkgs.nixosTest {
+pkgs.testers.nixosTest {
  name = "internal";
  nodes.machine = {...}: {
    imports = [./common/server.nix];
--- a/tests/rspamd.nix
+++ b/tests/rspamd.nix
@ -30,7 +30,7 @@ with (import ./common/lib.nix {inherit pkgs;}); let
      domains
    );
 in
-  pkgs.nixosTest {
+  pkgs.testers.nixosTest {
    name = "rspamd";
    nodes = {
      server = {pkgs, ...}: {
@ -151,12 +151,12 @@ in
          server.wait_until_fails('${pendingPostqueue}')

          client.succeed("${test-mark-spam "normal2"} >&2")
-          server.wait_until_succeeds("journalctl -u dovecot2 | grep -i learn-spam.sh >&2")
-          server.fail("journalctl -u dovecot2 | grep -i learn-spam.sh | grep -i error >&2")
+          server.wait_until_succeeds("journalctl -u dovecot | grep -i learn-spam.sh >&2")
+          server.fail("journalctl -u dovecot | grep -i learn-spam.sh | grep -i error >&2")

          client.succeed("${test-mark-ham "normal2"} >&2")
-          server.wait_until_succeeds("journalctl -u dovecot2 | grep -i learn-ham.sh >&2")
-          server.fail("journalctl -u dovecot2 | grep -i learn-ham.sh | grep -i error >&2")
+          server.wait_until_succeeds("journalctl -u dovecot | grep -i learn-ham.sh >&2")
+          server.fail("journalctl -u dovecot | grep -i learn-ham.sh | grep -i error >&2")

      with subtest("dkim signing"):
          client.succeed("${sendMail "normal2" "" accounts."normal".address ''