remove Diffie Hillman parameter creation as it is handled by the upstream dovecot2 module as of 18.09

This commit is contained in:
plchldr 2018-10-30 17:56:25 +01:00
parent 817d84d36d
commit fa0541b96b
6 changed files with 1 additions and 34 deletions

View File

@ -405,17 +405,6 @@ in
''; '';
}; };
dhParamBitLength = mkOption {
type = types.int;
default = 2048;
description =
''
Length of the Diffie Hillman prime used (in bits). It might be a good
idea to set this to 4096 for security purposed, but it will take a _very_
long time to create this prime on startup.
'';
};
debug = mkOption { debug = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;

View File

@ -97,9 +97,6 @@ in
mail_access_groups = ${vmailGroupName} mail_access_groups = ${vmailGroupName}
ssl = required ssl = required
${lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3") ''
ssl_dh = <${certificateDirectory}/dh.pem
''}
service lmtp { service lmtp {
unix_listener dovecot-lmtp { unix_listener dovecot-lmtp {

View File

@ -18,20 +18,6 @@
let let
cfg = config.mailserver; cfg = config.mailserver;
createDhParameterFile =
lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3")
''
# Create a dh parameter file
if [ ! -s "${cfg.certificateDirectory}/dh.pem" ]
then
mkdir -p "${cfg.certificateDirectory}"
${pkgs.openssl}/bin/openssl \
dhparam ${builtins.toString cfg.dhParamBitLength} \
> "${cfg.certificateDirectory}/dh.pem"
fi
'';
preliminarySelfsigned = config.security.acme.preliminarySelfsigned; preliminarySelfsigned = config.security.acme.preliminarySelfsigned;
acmeWantsTarget = [ "acme-certificates.target" ] acmeWantsTarget = [ "acme-certificates.target" ]
++ (lib.optional preliminarySelfsigned "acme-selfsigned-certificates.target"); ++ (lib.optional preliminarySelfsigned "acme-selfsigned-certificates.target");
@ -74,7 +60,7 @@ in
}; };
}; };
# Create maildir folder and dh parameters before dovecot startup # Create maildir folder before dovecot startup
systemd.services.dovecot2 = { systemd.services.dovecot2 = {
after = [ "mailserver-certificates.target" ]; after = [ "mailserver-certificates.target" ];
wants = [ "mailserver-certificates.target" ]; wants = [ "mailserver-certificates.target" ];
@ -84,8 +70,6 @@ in
mkdir -p "${mailDirectory}" mkdir -p "${mailDirectory}"
chgrp "${vmailGroupName}" "${mailDirectory}" chgrp "${vmailGroupName}" "${mailDirectory}"
chmod 02770 "${mailDirectory}" chmod 02770 "${mailDirectory}"
${createDhParameterFile}
''; '';
}; };

View File

@ -71,7 +71,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
debug = true; debug = true;
fqdn = "mail.example.com"; fqdn = "mail.example.com";
domains = [ "example.com" "example2.com" ]; domains = [ "example.com" "example2.com" ];
dhParamBitLength = 512;
virusScanning = true; virusScanning = true;
loginAccounts = { loginAccounts = {

View File

@ -36,7 +36,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
debug = true; debug = true;
fqdn = "mail.example.com"; fqdn = "mail.example.com";
domains = [ "example.com" "example2.com" ]; domains = [ "example.com" "example2.com" ];
dhParamBitLength = 512;
rewriteMessageId = true; rewriteMessageId = true;
loginAccounts = { loginAccounts = {

View File

@ -27,7 +27,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
enable = true; enable = true;
fqdn = "mail.example.com"; fqdn = "mail.example.com";
domains = [ "example.com" ]; domains = [ "example.com" ];
dhParamBitLength = 512;
loginAccounts = { loginAccounts = {
"user1@example.com" = { "user1@example.com" = {