nixos/dovecot: Fix usage of dhparams option

The pull request that added dhparams (#39507) was made at the time where
the dhparams module overhaul (#39526) wasn't done yet, so it's still
using the old mechanics of the module.

As stated in the release notes:

  Module implementers should not set a specific bit size in order to let
  users configure it by themselves if they want to have a different bit
  size than the default (2048).

  An example usage of this would be:

    { config, ... }:

    {
      security.dhparams.params.myservice = {};
      environment.etc."myservice.conf".text = ''
        dhparams = ${config.security.dhparams.params.myservice.path}
      '';
    }

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @qknight, @abbradar, @hrdinka, @leenaars
This commit is contained in:
aszlig 2018-05-10 08:29:29 +02:00
parent fb9f5e4a03
commit 67a8c66f68
No known key found for this signature in database
GPG Key ID: 684089CE67EBB691

View File

@ -25,7 +25,7 @@ let
ssl_cert = <${cfg.sslServerCert}
ssl_key = <${cfg.sslServerKey}
${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
ssl_dh = <${config.security.dhparams.path}/dovecot2.pem
ssl_dh = <${config.security.dhparams.params.dovecot2.path}
disable_plaintext_auth = yes
'')
@ -302,9 +302,7 @@ in
security.dhparams = mkIf (! isNull cfg.sslServerCert) {
enable = true;
params = {
dovecot2 = 2048;
};
params.dovecot2 = {};
};
services.dovecot2.protocols =
optional cfg.enableImap "imap"