diff options
author | aszlig <aszlig@nix.build> | 2018-05-10 08:29:29 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-05-10 08:29:29 +0200 |
commit | 67a8c66f68d9703cd2bf0a706c683de6c362f0d8 (patch) | |
tree | 927dc58dfc4f57585c84365032c106b4dfdf16bd /nixos/modules/services/mail | |
parent | fb9f5e4a0322da74201145a3ecbc816525972ab3 (diff) | |
download | nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.tar nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.tar.gz nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.tar.bz2 nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.tar.lz nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.tar.xz nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.tar.zst nixlib-67a8c66f68d9703cd2bf0a706c683de6c362f0d8.zip |
nixos/dovecot: Fix usage of dhparams option
The pull request that added dhparams (#39507) was made at the time where the dhparams module overhaul (#39526) wasn't done yet, so it's still using the old mechanics of the module. As stated in the release notes: Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). An example usage of this would be: { config, ... }: { security.dhparams.params.myservice = {}; environment.etc."myservice.conf".text = '' dhparams = ${config.security.dhparams.params.myservice.path} ''; } Signed-off-by: aszlig <aszlig@nix.build> Cc: @qknight, @abbradar, @hrdinka, @leenaars
Diffstat (limited to 'nixos/modules/services/mail')
-rw-r--r-- | nixos/modules/services/mail/dovecot.nix | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix index 96e60f9c88ea..50477fdd25ba 100644 --- a/nixos/modules/services/mail/dovecot.nix +++ b/nixos/modules/services/mail/dovecot.nix @@ -25,7 +25,7 @@ let ssl_cert = <${cfg.sslServerCert} ssl_key = <${cfg.sslServerKey} ${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)} - ssl_dh = <${config.security.dhparams.path}/dovecot2.pem + ssl_dh = <${config.security.dhparams.params.dovecot2.path} disable_plaintext_auth = yes '') @@ -302,9 +302,7 @@ in security.dhparams = mkIf (! isNull cfg.sslServerCert) { enable = true; - params = { - dovecot2 = 2048; - }; + params.dovecot2 = {}; }; services.dovecot2.protocols = optional cfg.enableImap "imap" |