From 5b570ad5a08a35cb528bc919eb8d5ea7c394b408 Mon Sep 17 00:00:00 2001
From: Ruben Maher <ruben@maher.fyi>
Date: Sat, 17 Feb 2018 22:17:41 +1030
Subject: [PATCH] dovecot: read dovecot version into nix variable

This allows determining whether it's OK to use particular configuration
variables that will throw errors when used in older versions.
---
 default.nix                     | 10 ----------
 mail-server/dovecot-version.nix | 12 ++++++++++++
 mail-server/dovecot.nix         |  6 +++++-
 mail-server/systemd.nix         |  7 ++++++-
 tests/extern.nix                |  1 -
 tests/intern.nix                |  1 -
 6 files changed, 23 insertions(+), 14 deletions(-)
 create mode 100644 mail-server/dovecot-version.nix

diff --git a/default.nix b/default.nix
index f496144..9631a7b 100644
--- a/default.nix
+++ b/default.nix
@@ -325,16 +325,6 @@ in
       '';
     };
 
-    dovecot23 = mkOption {
-      type = types.bool;
-      default = false;
-      description =
-        ''
-        Activate this if you use Dovecot 2.3, so SSL works.
-        TODO: Remove this!
-        '';
-    };
-
     dhParamBitLength = mkOption {
       type = types.int;
       default = 2048;
diff --git a/mail-server/dovecot-version.nix b/mail-server/dovecot-version.nix
new file mode 100644
index 0000000..4c00972
--- /dev/null
+++ b/mail-server/dovecot-version.nix
@@ -0,0 +1,12 @@
+{ dovecot, gawk, gnused, jq, runCommand }:
+
+runCommand "dovecot-version" {
+  buildInputs = [dovecot gnused jq];
+} ''
+  jq -n  \
+    --arg dovecot_version "$(dovecot --version |
+        sed 's/\([0-9.]*\).*/\1/' |
+        awk -F '.' '{ print $1"."$2"."$3 }')" \
+    '[$dovecot_version | split("."), ["major", "minor", "patch"]]
+       | transpose | map( { (.[1]): .[0] | tonumber }) | add' > $out
+''
diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 722bc9d..7bd52fa 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -24,6 +24,8 @@ let
   # maildir in format "/${domain}/${user}"
   dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n";
 
+  dovecotVersion = builtins.fromJSON
+    (builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
 in
 {
   config = with cfg; lib.mkIf enable {
@@ -61,7 +63,9 @@ in
 
         mail_access_groups = ${vmailGroupName}
         ssl = required
-        ${lib.optionalString dovecot23 "ssl_dh = <${certificateDirectory}/dh.pem"}
+        ${lib.optionalString (dovecotVersion.major == 2 && dovecotVersion.minor >= 3) ''
+          ssl_dh = <${certificateDirectory}/dh.pem
+        ''}
 
         service lmtp {
           unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix
index 88f7baa..a59e8ce 100644
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@@ -91,7 +91,12 @@ in
 
         ${create_certificate}
 
-        ${lib.optionalString cfg.dovecot23 "${createDhParameterFile}"}
+        ${let
+           dovecotVersion = builtins.fromJSON
+             (builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
+          in lib.optionalString
+            (dovecotVersion.major == 2 && dovecotVersion.minor >= 3)
+            createDhParameterFile}
       '';
     };
 
diff --git a/tests/extern.nix b/tests/extern.nix
index 53917f9..f68c2fb 100644
--- a/tests/extern.nix
+++ b/tests/extern.nix
@@ -28,7 +28,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
               fqdn = "mail.example.com";
               domains = [ "example.com" "example2.com" ];
               dhParamBitLength = 512;
-              dovecot23 = true;
 
               loginAccounts = {
                   "user1@example.com" = {
diff --git a/tests/intern.nix b/tests/intern.nix
index 8cff19e..9facc44 100644
--- a/tests/intern.nix
+++ b/tests/intern.nix
@@ -28,7 +28,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
           fqdn = "mail.example.com";
           domains = [ "example.com" ];
           dhParamBitLength = 512;
-          dovecot23 = true;
 
           loginAccounts = {
               "user1@example.com" = {