From 226c73e3f59742fd6e90b853f077609aa6857467 Mon Sep 17 00:00:00 2001
From: Mikhail Klementev <blame@dumpstack.io>
Date: Sat, 30 May 2020 10:00:53 +0000
Subject: [PATCH] Use SNM from branch 20.03 and switch NixOS state to 20.03

---
 README.md         |  5 +----
 configuration.nix | 31 ++++++++++++++++++-------------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index 45bce10..55b0124 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,7 @@
 # mail.dumpstack.io
 
 Note:
-1. Comment out fetchTarball and mailserver for initial installation,
-   because of [this bug](https://github.com/NixOS/nix/issues/2405).
-
-2. Some cloud providers disallow outbound SMTP by default. Check it if
+1. Some cloud providers disallow outbound SMTP by default. Check it if
    there'll be issues with outgoing emails.
 
 ## Installation
diff --git a/configuration.nix b/configuration.nix
index a50d84b..7817095 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,14 +1,13 @@
 { config, pkgs, ... }:
 let
   secrets = import ./secrets.nix;
+  domain = "dumpstack.io";
+  branch = "20.03";
 in {
   imports = [
     ./hardware-configuration.nix
-    # check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags
-    # for new releases
     (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
-      sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${branch}/nixos-mailserver-nixos-${branch}.tar.gz";
     })
   ];
 
@@ -20,7 +19,7 @@ in {
   boot.loader.grub.version = 2;
   boot.loader.grub.device = "/dev/vda";
 
-  networking.hostName = "mail.dumpstack.io";
+  networking.hostName = "mail.${domain}";
 
   networking.firewall.allowedTCPPorts = [ 443 ];
 
@@ -28,29 +27,35 @@ in {
     htop
   ];
 
+  security.acme.acceptTerms = true;
+  security.acme.certs."mail.${domain}".email = "letsencrypt@${domain}";
+
   mailserver = {
     enable = true;
-    fqdn = "mail.dumpstack.io";
-    domains = [ "dumpstack.io" ];
+    fqdn = "mail.${domain}";
+    domains = [ "${domain}" ];
     loginAccounts = {
-        "root@dumpstack.io" = {
+        "root@${domain}" = {
             hashedPassword = "${secrets.mailHashedPassword}";
             aliases = secrets.aliases;
-            catchAll = [ "dumpstack.io" ];
+            catchAll = [ "${domain}" ];
         };
     };
 
     certificateScheme = 3;      # Let's Encrypt
     enableImapSsl = true;
-
-    rebootAfterKernelUpgrade.enable = true;
   };
 
   time.timeZone = "UTC";
   services.openssh.enable = true;
 
-  system.autoUpgrade.enable = true;
-  system.stateVersion = "19.09";
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+  };
+
+  # read release notes carefully before changing it
+  system.stateVersion = "20.03";
 
   nix = {
     optimise.automatic = true;