postfix: add useDane config option
This commit is contained in:
parent
a45f68ccac
commit
a45f1453eb
@ -25,6 +25,8 @@ let
|
||||
|
||||
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
|
||||
|
||||
smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may";
|
||||
|
||||
mainCf = let
|
||||
escape = replaceStrings ["$"] ["$$"];
|
||||
mkList = items: "\n " + concatStringsSep ",\n " items;
|
||||
@ -508,6 +510,14 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
useDane = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details.
|
||||
'';
|
||||
};
|
||||
|
||||
sslCert = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
@ -809,13 +819,13 @@ in
|
||||
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; }
|
||||
// optionalAttrs (cfg.tlsTrustedAuthorities != "") {
|
||||
smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
|
||||
smtp_tls_security_level = "may";
|
||||
smtp_tls_security_level = smtpTlsSecurityLevel;
|
||||
}
|
||||
// optionalAttrs (cfg.sslCert != "") {
|
||||
smtp_tls_cert_file = cfg.sslCert;
|
||||
smtp_tls_key_file = cfg.sslKey;
|
||||
|
||||
smtp_tls_security_level = "may";
|
||||
smtp_tls_security_level = smtpTlsSecurityLevel;
|
||||
|
||||
smtpd_tls_cert_file = cfg.sslCert;
|
||||
smtpd_tls_key_file = cfg.sslKey;
|
||||
|
Loading…
Reference in New Issue
Block a user