From 67a8c66f68d9703cd2bf0a706c683de6c362f0d8 Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 10 May 2018 08:29:29 +0200 Subject: [PATCH] nixos/dovecot: Fix usage of dhparams option The pull request that added dhparams (#39507) was made at the time where the dhparams module overhaul (#39526) wasn't done yet, so it's still using the old mechanics of the module. As stated in the release notes: Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). An example usage of this would be: { config, ... }: { security.dhparams.params.myservice = {}; environment.etc."myservice.conf".text = '' dhparams = ${config.security.dhparams.params.myservice.path} ''; } Signed-off-by: aszlig Cc: @qknight, @abbradar, @hrdinka, @leenaars --- nixos/modules/services/mail/dovecot.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 96e60f9c88ea..50477fdd25ba 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -25,7 +25,7 @@ let ssl_cert = <${cfg.sslServerCert} ssl_key = <${cfg.sslServerKey} ${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)} - ssl_dh = <${config.security.dhparams.path}/dovecot2.pem + ssl_dh = <${config.security.dhparams.params.dovecot2.path} disable_plaintext_auth = yes '') @@ -302,9 +302,7 @@ in security.dhparams = mkIf (! isNull cfg.sslServerCert) { enable = true; - params = { - dovecot2 = 2048; - }; + params.dovecot2 = {}; }; services.dovecot2.protocols = optional cfg.enableImap "imap"