remove Diffie Hillman parameter creation as it is handled by the upstream dovecot2 module as of 18.09
This commit is contained in:
parent
817d84d36d
commit
fa0541b96b
11
default.nix
11
default.nix
|
@ -405,17 +405,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
dhParamBitLength = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 2048;
|
|
||||||
description =
|
|
||||||
''
|
|
||||||
Length of the Diffie Hillman prime used (in bits). It might be a good
|
|
||||||
idea to set this to 4096 for security purposed, but it will take a _very_
|
|
||||||
long time to create this prime on startup.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
debug = mkOption {
|
debug = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
|
|
@ -97,9 +97,6 @@ in
|
||||||
|
|
||||||
mail_access_groups = ${vmailGroupName}
|
mail_access_groups = ${vmailGroupName}
|
||||||
ssl = required
|
ssl = required
|
||||||
${lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3") ''
|
|
||||||
ssl_dh = <${certificateDirectory}/dh.pem
|
|
||||||
''}
|
|
||||||
|
|
||||||
service lmtp {
|
service lmtp {
|
||||||
unix_listener dovecot-lmtp {
|
unix_listener dovecot-lmtp {
|
||||||
|
|
|
@ -18,20 +18,6 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.mailserver;
|
cfg = config.mailserver;
|
||||||
|
|
||||||
createDhParameterFile =
|
|
||||||
lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3")
|
|
||||||
''
|
|
||||||
# Create a dh parameter file
|
|
||||||
if [ ! -s "${cfg.certificateDirectory}/dh.pem" ]
|
|
||||||
then
|
|
||||||
mkdir -p "${cfg.certificateDirectory}"
|
|
||||||
${pkgs.openssl}/bin/openssl \
|
|
||||||
dhparam ${builtins.toString cfg.dhParamBitLength} \
|
|
||||||
> "${cfg.certificateDirectory}/dh.pem"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
preliminarySelfsigned = config.security.acme.preliminarySelfsigned;
|
preliminarySelfsigned = config.security.acme.preliminarySelfsigned;
|
||||||
acmeWantsTarget = [ "acme-certificates.target" ]
|
acmeWantsTarget = [ "acme-certificates.target" ]
|
||||||
++ (lib.optional preliminarySelfsigned "acme-selfsigned-certificates.target");
|
++ (lib.optional preliminarySelfsigned "acme-selfsigned-certificates.target");
|
||||||
|
@ -74,7 +60,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Create maildir folder and dh parameters before dovecot startup
|
# Create maildir folder before dovecot startup
|
||||||
systemd.services.dovecot2 = {
|
systemd.services.dovecot2 = {
|
||||||
after = [ "mailserver-certificates.target" ];
|
after = [ "mailserver-certificates.target" ];
|
||||||
wants = [ "mailserver-certificates.target" ];
|
wants = [ "mailserver-certificates.target" ];
|
||||||
|
@ -84,8 +70,6 @@ in
|
||||||
mkdir -p "${mailDirectory}"
|
mkdir -p "${mailDirectory}"
|
||||||
chgrp "${vmailGroupName}" "${mailDirectory}"
|
chgrp "${vmailGroupName}" "${mailDirectory}"
|
||||||
chmod 02770 "${mailDirectory}"
|
chmod 02770 "${mailDirectory}"
|
||||||
|
|
||||||
${createDhParameterFile}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
debug = true;
|
debug = true;
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" "example2.com" ];
|
domains = [ "example.com" "example2.com" ];
|
||||||
dhParamBitLength = 512;
|
|
||||||
virusScanning = true;
|
virusScanning = true;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
|
|
|
@ -36,7 +36,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
debug = true;
|
debug = true;
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" "example2.com" ];
|
domains = [ "example.com" "example2.com" ];
|
||||||
dhParamBitLength = 512;
|
|
||||||
rewriteMessageId = true;
|
rewriteMessageId = true;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
|
|
|
@ -27,7 +27,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" ];
|
domains = [ "example.com" ];
|
||||||
dhParamBitLength = 512;
|
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
|
|
Loading…
Reference in New Issue