Merge pull request #78 from r-raymond/dovecot23

Dovecot23
This commit is contained in:
Robin Raymond 2018-02-17 18:43:46 +01:00 committed by GitHub
commit 49951d6ac4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 45 additions and 0 deletions

View file

@ -325,6 +325,17 @@ in
''; '';
}; };
dhParamBitLength = mkOption {
type = types.int;
default = 2048;
description =
''
Length of the Diffie Hillman prime used (in bits). It might be a good
idea to set this to 4096 for security purposed, but it will take a _very_
long time to create this prime on startup.
'';
};
debug = mkOption { debug = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;

View file

@ -0,0 +1,12 @@
{ dovecot, gawk, gnused, jq, runCommand }:
runCommand "dovecot-version" {
buildInputs = [dovecot gnused jq];
} ''
jq -n \
--arg dovecot_version "$(dovecot --version |
sed 's/\([0-9.]*\).*/\1/' |
awk -F '.' '{ print $1"."$2"."$3 }')" \
'[$dovecot_version | split("."), ["major", "minor", "patch"]]
| transpose | map( { (.[1]): .[0] | tonumber }) | add' > $out
''

View file

@ -24,6 +24,8 @@ let
# maildir in format "/${domain}/${user}" # maildir in format "/${domain}/${user}"
dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n"; dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n";
dovecotVersion = builtins.fromJSON
(builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
in in
{ {
config = with cfg; lib.mkIf enable { config = with cfg; lib.mkIf enable {
@ -61,6 +63,9 @@ in
mail_access_groups = ${vmailGroupName} mail_access_groups = ${vmailGroupName}
ssl = required ssl = required
${lib.optionalString (dovecotVersion.major == 2 && dovecotVersion.minor >= 3) ''
ssl_dh = <${certificateDirectory}/dh.pem
''}
service lmtp { service lmtp {
unix_listener /var/lib/postfix/queue/private/dovecot-lmtp { unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {

View file

@ -38,6 +38,14 @@ let
'' ''
else ""; else "";
createDhParameterFile =
''
# Create a dh parameter file
${pkgs.openssl}/bin/openssl \
dhparam ${builtins.toString cfg.dhParamBitLength} \
> "${cfg.certificateDirectory}/dh.pem"
'';
createDomainDkimCert = dom: createDomainDkimCert = dom:
let let
dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key"; dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key";
@ -82,6 +90,13 @@ in
chmod 02770 "${mailDirectory}" chmod 02770 "${mailDirectory}"
${create_certificate} ${create_certificate}
${let
dovecotVersion = builtins.fromJSON
(builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
in lib.optionalString
(dovecotVersion.major == 2 && dovecotVersion.minor >= 3)
createDhParameterFile}
''; '';
}; };

View file

@ -27,6 +27,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
enable = true; enable = true;
fqdn = "mail.example.com"; fqdn = "mail.example.com";
domains = [ "example.com" "example2.com" ]; domains = [ "example.com" "example2.com" ];
dhParamBitLength = 512;
loginAccounts = { loginAccounts = {
"user1@example.com" = { "user1@example.com" = {

View file

@ -27,6 +27,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
enable = true; enable = true;
fqdn = "mail.example.com"; fqdn = "mail.example.com";
domains = [ "example.com" ]; domains = [ "example.com" ];
dhParamBitLength = 512;
loginAccounts = { loginAccounts = {
"user1@example.com" = { "user1@example.com" = {