JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dovecot2: added ssl_dh using security.dhparams

Browse Source 
The 18.03 channel includes dovecot 2.3, which requires ssl_dh to be set.
-> fixes https://github.com/nixcloud/nixcloud-webservices/issues/21
This commit is contained in:
Joachim Schiele 2018-04-25 21:18:26 +00:00 committed by Nikolay Amiantov
parent 9ef306bb4d
commit 851d5d72a3
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/modules/services/mail/dovecot.nix
View File

@ -25,6 +25,7 @@ let
ssl_cert = <${cfg.sslServerCert} ssl_cert = <${cfg.sslServerCert}
ssl_key = <${cfg.sslServerKey} ssl_key = <${cfg.sslServerKey}
${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)} ${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
ssl_dh = <${config.security.dhparams.path}/dovecot2.pem
disable_plaintext_auth = yes disable_plaintext_auth = yes
'') '')
@ -297,10 +298,15 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.pam.services.dovecot2 = mkIf cfg.enablePAM {}; security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
services.dovecot2.protocols = security.dhparams = mkIf (! isNull cfg.sslServerCert) {
enable = true;
params = {
dovecot2 = 2048;
};
};
services.dovecot2.protocols =
optional cfg.enableImap "imap" optional cfg.enableImap "imap"
++ optional cfg.enablePop3 "pop3" ++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp"; ++ optional cfg.enableLmtp "lmtp";