diff options
author | Joachim Schiele <js@lastlog.de> | 2018-04-25 21:18:26 +0000 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2018-05-08 15:51:39 +0300 |
commit | 851d5d72a3c87d06d26dd78f8b3a421537fc8a52 (patch) | |
tree | 9e149fc3e9c433fc79b7831ac106cc2db185b863 | |
parent | 9ef306bb4dc930f967678d9a2e9b4d4f2d1d5d03 (diff) | |
download | nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.tar nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.tar.gz nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.tar.bz2 nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.tar.lz nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.tar.xz nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.tar.zst nixlib-851d5d72a3c87d06d26dd78f8b3a421537fc8a52.zip |
dovecot2: added ssl_dh using security.dhparams
The 18.03 channel includes dovecot 2.3, which requires ssl_dh to be set. -> fixes https://github.com/nixcloud/nixcloud-webservices/issues/21
-rw-r--r-- | nixos/modules/services/mail/dovecot.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 543e732127a5..96e60f9c88ea 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -25,6 +25,7 @@ let ssl_cert = <${cfg.sslServerCert} ssl_key = <${cfg.sslServerKey} ${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)} + ssl_dh = <${config.security.dhparams.path}/dovecot2.pem disable_plaintext_auth = yes '') @@ -297,10 +298,15 @@ in config = mkIf cfg.enable { - security.pam.services.dovecot2 = mkIf cfg.enablePAM {}; - services.dovecot2.protocols = + security.dhparams = mkIf (! isNull cfg.sslServerCert) { + enable = true; + params = { + dovecot2 = 2048; + }; + }; + services.dovecot2.protocols = optional cfg.enableImap "imap" ++ optional cfg.enablePop3 "pop3" ++ optional cfg.enableLmtp "lmtp"; |