From 851d5d72a3c87d06d26dd78f8b3a421537fc8a52 Mon Sep 17 00:00:00 2001
From: Joachim Schiele <js@lastlog.de>
Date: Wed, 25 Apr 2018 21:18:26 +0000
Subject: dovecot2: added ssl_dh using security.dhparams

The 18.03 channel includes dovecot 2.3, which requires ssl_dh to be set.
-> fixes https://github.com/nixcloud/nixcloud-webservices/issues/21
---
 nixos/modules/services/mail/dovecot.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index 543e732127a5..96e60f9c88ea 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -25,6 +25,7 @@ let
       ssl_cert = <${cfg.sslServerCert}
       ssl_key = <${cfg.sslServerKey}
       ${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
+      ssl_dh = <${config.security.dhparams.path}/dovecot2.pem
       disable_plaintext_auth = yes
     '')
 
@@ -297,10 +298,15 @@ in
 
 
   config = mkIf cfg.enable {
-
     security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
 
-    services.dovecot2.protocols =
+    security.dhparams = mkIf (! isNull cfg.sslServerCert) {
+      enable = true;
+      params = {
+        dovecot2 = 2048;
+      };
+    };
+   services.dovecot2.protocols =
      optional cfg.enableImap "imap"
      ++ optional cfg.enablePop3 "pop3"
      ++ optional cfg.enableLmtp "lmtp";
-- 
cgit 1.4.1