Merge branch 'master' into dev

Author: foxcpp

.github/workflows/cicd.yml

@@ -10,11 +10,13 @@ on:
 jobs:
   build-and-test:
     name: "Build and test"
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
     - name: "Install libpam"
-      run: sudo apt-get install -y libpam-dev
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y libpam-dev
     - uses: actions/cache@v2
       with:
         path: |
@@ -24,7 +26,7 @@ jobs:
         restore-keys: ${{ runner.os }}-go-
     - uses: actions/setup-go@v2
       with:
-        go-version: 1.18.9
+        go-version: 1.19
     - name: "Verify build.sh"
       run: |
         ./build.sh

.mkdocs.yml

@@ -60,7 +60,7 @@ nav:
           - reference/table/sql_query.md
           - reference/table/chain.md
           - reference/table/email_localpart.md
-          - reference/table/email_with_domains.md
+          - reference/table/email_with_domain.md
           - reference/table/auth.md
       - Authentication providers:
           - reference/auth/pass_table.md

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.18-alpine AS build-env
+FROM golang:1.19-alpine AS build-env
 
 RUN set -ex && \
     apk upgrade --no-cache --available && \
@@ -14,7 +14,7 @@ RUN mkdir -p /pkg/data && \
     cp maddy.conf.docker /pkg/data/maddy.conf && \
     ./build.sh --builddir /tmp --destdir /pkg/ --tags docker build install
 
-FROM alpine:3.17.0
+FROM alpine:3.18.4
 LABEL maintainer="fox.cpp@disroot.org"
 LABEL org.opencontainers.image.source=https://github.com/foxcpp/maddy
 

README.md

@@ -15,8 +15,8 @@ daemon with uniform configuration and minimal maintenance cost.
 feature-packed implementation you may want to use Dovecot instead. maddy still
 can handle message delivery business.
 
-[![CI status](https://img.shields.io/github/workflow/status/foxcpp/maddy/Testing%20and%20release%20preparation?style=flat-square)](https://github.com/foxcpp/maddy/actions/workflows/cicd.yml)
-[![Issues tracker](https://img.shields.io/github/issues/foxcpp/maddy)](https://github.com/foxcpp/maddy)
+[![CI status](https://img.shields.io/github/actions/workflow/status/foxcpp/maddy/cicd.yml?style=flat-square)](https://github.com/foxcpp/maddy/actions/workflows/cicd.yml)
+[![Issues tracker](https://img.shields.io/github/issues/foxcpp/maddy?style=flat-square)](https://github.com/foxcpp/maddy)
 
 * [Setup tutorial](https://maddy.email/tutorials/setting-up/)
 * [Documentation](https://maddy.email/)

build.sh

@@ -146,10 +146,23 @@ install() {
 	# Attempt to install systemd units only for Linux.
 	# Check is done using GOOS instead of uname -s to account for possible
 	# package cross-compilation.
-	if [ "$(go env GOOS)" = "linux" ]; then
-		command install -m 0755 -d "${destdir}/${prefix}/lib/systemd/system/"
-		command install -m 0644 "${builddir}"/systemd/*.service "${destdir}/${prefix}/lib/systemd/system/"
-	fi
+	# Though go command might be unavailable if build.sh is run
+	# with sudo and go installation is user-specific, so fallback
+	# to using uname -s in the end.
+	set +e
+  if command -v go >/dev/null 2>/dev/null; then
+    set -e
+    if [ "$(go env GOOS)" = "linux" ]; then
+    		command install -m 0755 -d "${destdir}/${prefix}/lib/systemd/system/"
+    		command install -m 0644 "${builddir}"/systemd/*.service "${destdir}/${prefix}/lib/systemd/system/"
+    fi
+  else
+    set -e
+    if [ "$(uname -s)" = "Linux" ]; then
+        		command install -m 0755 -d "${destdir}/${prefix}/lib/systemd/system/"
+        		command install -m 0644 "${builddir}"/systemd/*.service "${destdir}/${prefix}/lib/systemd/system/"
+        fi
+  fi
 
 	if [ -e "${builddir}"/man ]; then
 		command install -m 0755 -d "${destdir}/${prefix}/share/man/man1/"

contrib/kubernetes/chart/README.md

@@ -9,7 +9,7 @@ load balancer in front of the nodes.
 
 ## Requirement
 
-In order to run maddy properly, you need to have TLS secret undet name maddy present in the cluster. If you have commercial
+In order to run maddy properly, you need to have TLS secret under name maddy present in the cluster. If you have commercial
 certificate, you can create it by the following command:
 
 ```sh
@@ -20,9 +20,9 @@ If you use cert-manager, just create the secret under name maddy.
 
 ## Replication
 
-Default for this chart is 1 replica of maddy. If you try to increse this, you will probably get an error because of
+Default for this chart is 1 replica of maddy. If you try to increase this, you will probably get an error because of
 the busy ports 25, 143, 587, etc. We do not support this feature at the moment, so please use just 1 replica. Like said
-at the begining of this document, multiple replicas would probably require to switch do DaemonSet which would further require
+at the beginning of this document, multiple replicas would probably require to switch do DaemonSet which would further require
 to have TCP load balancer and shared storage between all replicas. This is not supported by this chart, sorry.
 This chart is used on one node cluster and then installation is straight forward, like described bellow, but if you have
 multiple node cluster, please use taints and tolerations to select the desired node. This chart supports tolerations to

dist/README.md

@@ -22,7 +22,7 @@ Additionally, unit files apply strict sandboxing, limiting maddy permissions on
 the system to a bare minimum. Subset of these options makes it impossible for
 privileged authentication helper binaries to gain required permissions, so you
 may have to disable it when using system account-based authentication with
-maddy running as a unprivilieged user.
+maddy running as a unprivileged user.
 
 ## fail2ban configuration
 

dist/systemd/maddy.service

@@ -3,7 +3,7 @@ Description=maddy mail server
 Documentation=man:maddy(1)
 Documentation=man:maddy.conf(5)
 Documentation=https://maddy.email
-After=network.target
+After=network-online.target
 
 [Service]
 Type=notify
@@ -54,8 +54,9 @@ KillSignal=SIGTERM
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
-# Force all files created by maddy to be only readable by it.
-UMask=0027
+# Force all files created by maddy to be only readable by it
+# and maddy group.
+UMask=0007
 
 # Bump FD limitations. Even idle mail server can have a lot of FDs open (think
 # of idle IMAP connections, especially ones abandoned on the other end and

dist/systemd/maddy@.service

@@ -3,7 +3,7 @@ Description=maddy mail server (using %i.conf)
 Documentation=man:maddy(1)
 Documentation=man:maddy.conf(5)
 Documentation=https://maddy.email
-After=network.target
+After=network-online.target
 
 [Service]
 Type=notify
@@ -50,8 +50,9 @@ KillSignal=SIGTERM
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
-# Force all files created by maddy to be only readable by it.
-UMask=0027
+# Force all files created by maddy to be only readable by it and
+# maddy group.
+UMask=0007
 
 # Bump FD limitations. Even idle mail server can have a lot of FDs open (think
 # of idle IMAP connections, especially ones abandoned on the other end and

docs/docker.md

@@ -72,4 +72,4 @@ docker run \
 
 It will fail on first startup. Copy TLS certificate to /data/tls/fullchain.pem
 and key to /data/tls/privkey.pem. Run the server again. Finish DNS configuration
-(DKIM keys, etc) as described in [tutorials/setting-up/](tutorials/setting-up/).
+(DKIM keys, etc) as described in [tutorials/setting-up/](../tutorials/setting-up/).