b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #152367 from helsinki-systems/fix/dovecot-ssh_dh

Browse source 
nixos/dovecot: make ssl_dh optional
This commit is contained in:
Guillaume Girol 2022-01-22 18:07:16 +00:00 committed by GitHub
parent bcb7994018 0efda5e2d0
commit 4bbd574b2b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
nixos/modules/services/mail/dovecot.nix
View file

@ -38,7 +38,7 @@ let
ssl_cert = <${cfg.sslServerCert}
ssl_key = <${cfg.sslServerKey}
${optionalString (cfg.sslCACert != null) ("ssl_ca = <" + cfg.sslCACert)}
ssl_dh = <${config.security.dhparams.params.dovecot2.path}
${optionalString cfg.enableDHE ''ssl_dh = <${config.security.dhparams.params.dovecot2.path}''}
disable_plaintext_auth = yes
''
)
@ -169,25 +169,13 @@ in
];
options.services.dovecot2 = {
enable = mkEnableOption "Dovecot 2.x POP3/IMAP server";
enable = mkEnableOption "the dovecot 2.x POP3/IMAP server";
enablePop3 = mkOption {
type = types.bool;
default = false;
description = "Start the POP3 listener (when Dovecot is enabled).";
};
enablePop3 = mkEnableOption "starting the POP3 listener (when Dovecot is enabled).";
enableImap = mkOption {
type = types.bool;
default = true;
description = "Start the IMAP listener (when Dovecot is enabled).";
};
enableImap = mkEnableOption "starting the IMAP listener (when Dovecot is enabled)." // { default = true; };
enableLmtp = mkOption {
type = types.bool;
default = false;
description = "Start the LMTP listener (when Dovecot is enabled).";
};
enableLmtp = mkEnableOption "starting the LMTP listener (when Dovecot is enabled).";
protocols = mkOption {
type = types.listOf types.str;
@ -279,13 +267,9 @@ in
description = "Default group to store mail for virtual users.";
};
createMailUser = mkOption {
type = types.bool;
default = true;
description = ''Whether to automatically create the user
given in <option>services.dovecot.user</option> and the group
given in <option>services.dovecot.group</option>.'';
};
createMailUser = mkEnableOption ''automatically creating the user
given in <option>services.dovecot.user</option> and the group
given in <option>services.dovecot.group</option>.'' // { default = true; };
modules = mkOption {
type = types.listOf types.package;
@ -316,11 +300,9 @@ in
description = "Path to the server's private key.";
};
enablePAM = mkOption {
type = types.bool;
default = true;
description = "Whether to create a own Dovecot PAM service and configure PAM user logins.";
};
enablePAM = mkEnableOption "creating a own Dovecot PAM service and configure PAM user logins." // { default = true; };
enableDHE = mkEnableOption "enable ssl_dh and generation of primes for the key exchange." // { default = true; };
sieveScripts = mkOption {
type = types.attrsOf types.path;
@ -328,11 +310,7 @@ in
description = "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
};
showPAMFailure = mkOption {
type = types.bool;
default = false;
description = "Show the PAM failure message on authentication error (useful for OTPW).";
};
showPAMFailure = mkEnableOption "showing the PAM failure message on authentication error (useful for OTPW).";
mailboxes = mkOption {
type = with types; coercedTo
@ -348,12 +326,7 @@ in
description = "Configure mailboxes and auto create or subscribe them.";
};
enableQuota = mkOption {
type = types.bool;
default = false;
example = true;
description = "Whether to enable the dovecot quota service.";
};
enableQuota = mkEnableOption "the dovecot quota service.";
quotaPort = mkOption {
type = types.str;
@ -376,7 +349,7 @@ in
config = mkIf cfg.enable {
security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
security.dhparams = mkIf (cfg.sslServerCert != null) {
security.dhparams = mkIf (cfg.sslServerCert != null && cfg.enableDHE) {
enable = true;
params.dovecot2 = {};
};