From d11199da1004d8be6242eb0e133923fbc032891b Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 24 Mar 2026 15:08:55 +0100
Subject: [PATCH 1/3] fix(mx): update stale comment in Roundcube config to
 reflect SSL/TLS

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 systems/x86_64-linux/mx/mailserver.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/systems/x86_64-linux/mx/mailserver.nix b/systems/x86_64-linux/mx/mailserver.nix
index 7dd0547..f934698 100644
--- a/systems/x86_64-linux/mx/mailserver.nix
+++ b/systems/x86_64-linux/mx/mailserver.nix
@@ -242,8 +242,7 @@
     hostName = "webmail.hoyer.xyz";
     plugins = [ "managesieve" ];
     extraConfig = ''
-      # starttls needed for authentication, so the fqdn required to match
-      # the certificate
+      # SSL/TLS needed for authentication, so the fqdn must match the certificate
       $config['smtp_server'] = "ssl://${config.mailserver.fqdn}:465";
       $config['smtp_user'] = "%u";
       $config['smtp_pass'] = "%p";

From dc4594333f2277b45e7b1e618865687b2d3d77d7 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 24 Mar 2026 15:09:32 +0100
Subject: [PATCH 2/3] fix(mx): fix check_root email subject and consolidate
 systemd attrsets

The check_root service incorrectly used '/boot Disk Space Alert' as
the email subject instead of '/ Disk Space Alert'. Also merged the
duplicate systemd.services and systemd.timers attribute sets.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 systems/x86_64-linux/mx/default.nix | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/systems/x86_64-linux/mx/default.nix b/systems/x86_64-linux/mx/default.nix
index 3efb22c..493ee7a 100644
--- a/systems/x86_64-linux/mx/default.nix
+++ b/systems/x86_64-linux/mx/default.nix
@@ -118,18 +118,6 @@
       };
       wantedBy = [ "default.target" ];
     };
-  };
-
-  systemd.timers = {
-    check_boot = {
-      timerConfig = {
-        OnCalendar = "daily";
-      };
-      wantedBy = [ "timers.target" ];
-    };
-  };
-
-  systemd.services = {
     check_root = {
       serviceConfig = {
         Type = "oneshot";
@@ -140,7 +128,7 @@
             THRESHOLD=85
 
             if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
-                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
+                ${pkgs.mailutils}/bin/mail -s '/ Disk Space Alert' harald << EOF
             Your root partition remaining free space is critically low. Used: $CURRENT%
             EOF
             fi
@@ -152,6 +140,12 @@
   };
 
   systemd.timers = {
+    check_boot = {
+      timerConfig = {
+        OnCalendar = "daily";
+      };
+      wantedBy = [ "timers.target" ];
+    };
     check_root = {
       timerConfig = {
         OnCalendar = "daily";

From a854caaf1907e24cc9bfdc8be151a2f44bb220fa Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 24 Mar 2026 15:20:26 +0100
Subject: [PATCH 3/3] =?UTF-8?q?feat(mx):=20add=20pg=5Fupgrade=20script=20f?=
 =?UTF-8?q?or=20PostgreSQL=2014=20=E2=86=92=2016=20migration?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Temporary upgrade script following the official NixOS procedure.
Run `upgrade-pg-cluster --jobs 4 --link` on the server, then switch
the package to postgresql_16 and remove the script.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 systems/x86_64-linux/mx/postgresql.nix | 29 ++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/systems/x86_64-linux/mx/postgresql.nix b/systems/x86_64-linux/mx/postgresql.nix
index 584635f..fac6f2b 100644
--- a/systems/x86_64-linux/mx/postgresql.nix
+++ b/systems/x86_64-linux/mx/postgresql.nix
@@ -8,4 +8,33 @@
   services.postgresql = {
     package = pkgs.postgresql_14;
   };
+
+  # Temporary: upgrade script for PostgreSQL 14 → 16 migration.
+  # After upgrading, change package above to postgresql_16 and remove this block.
+  environment.systemPackages = [
+    (
+      let
+        newPostgres = pkgs.postgresql_16;
+        cfg = config.services.postgresql;
+      in
+      pkgs.writeScriptBin "upgrade-pg-cluster" ''
+        set -eux
+        systemctl stop postgresql
+
+        export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
+        export NEWBIN="${newPostgres}/bin"
+        export OLDDATA="${cfg.dataDir}"
+        export OLDBIN="${cfg.finalPackage}/bin"
+
+        install -d -m 0700 -o postgres -g postgres "$NEWDATA"
+        cd "$NEWDATA"
+        sudo -u postgres "$NEWBIN/initdb" -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
+
+        sudo -u postgres "$NEWBIN/pg_upgrade" \
+          --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
+          --old-bindir "$OLDBIN" --new-bindir "$NEWBIN" \
+          "$@"
+      ''
+    )
+  ];
 }