commit
49951d6ac4
6 changed files with 45 additions and 0 deletions
11
default.nix
11
default.nix
|
@ -325,6 +325,17 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dhParamBitLength = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 2048;
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
Length of the Diffie Hillman prime used (in bits). It might be a good
|
||||||
|
idea to set this to 4096 for security purposed, but it will take a _very_
|
||||||
|
long time to create this prime on startup.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
debug = mkOption {
|
debug = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
|
12
mail-server/dovecot-version.nix
Normal file
12
mail-server/dovecot-version.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ dovecot, gawk, gnused, jq, runCommand }:
|
||||||
|
|
||||||
|
runCommand "dovecot-version" {
|
||||||
|
buildInputs = [dovecot gnused jq];
|
||||||
|
} ''
|
||||||
|
jq -n \
|
||||||
|
--arg dovecot_version "$(dovecot --version |
|
||||||
|
sed 's/\([0-9.]*\).*/\1/' |
|
||||||
|
awk -F '.' '{ print $1"."$2"."$3 }')" \
|
||||||
|
'[$dovecot_version | split("."), ["major", "minor", "patch"]]
|
||||||
|
| transpose | map( { (.[1]): .[0] | tonumber }) | add' > $out
|
||||||
|
''
|
|
@ -24,6 +24,8 @@ let
|
||||||
# maildir in format "/${domain}/${user}"
|
# maildir in format "/${domain}/${user}"
|
||||||
dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n";
|
dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n";
|
||||||
|
|
||||||
|
dovecotVersion = builtins.fromJSON
|
||||||
|
(builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = with cfg; lib.mkIf enable {
|
config = with cfg; lib.mkIf enable {
|
||||||
|
@ -61,6 +63,9 @@ in
|
||||||
|
|
||||||
mail_access_groups = ${vmailGroupName}
|
mail_access_groups = ${vmailGroupName}
|
||||||
ssl = required
|
ssl = required
|
||||||
|
${lib.optionalString (dovecotVersion.major == 2 && dovecotVersion.minor >= 3) ''
|
||||||
|
ssl_dh = <${certificateDirectory}/dh.pem
|
||||||
|
''}
|
||||||
|
|
||||||
service lmtp {
|
service lmtp {
|
||||||
unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
|
unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
|
||||||
|
|
|
@ -38,6 +38,14 @@ let
|
||||||
''
|
''
|
||||||
else "";
|
else "";
|
||||||
|
|
||||||
|
createDhParameterFile =
|
||||||
|
''
|
||||||
|
# Create a dh parameter file
|
||||||
|
${pkgs.openssl}/bin/openssl \
|
||||||
|
dhparam ${builtins.toString cfg.dhParamBitLength} \
|
||||||
|
> "${cfg.certificateDirectory}/dh.pem"
|
||||||
|
'';
|
||||||
|
|
||||||
createDomainDkimCert = dom:
|
createDomainDkimCert = dom:
|
||||||
let
|
let
|
||||||
dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key";
|
dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key";
|
||||||
|
@ -82,6 +90,13 @@ in
|
||||||
chmod 02770 "${mailDirectory}"
|
chmod 02770 "${mailDirectory}"
|
||||||
|
|
||||||
${create_certificate}
|
${create_certificate}
|
||||||
|
|
||||||
|
${let
|
||||||
|
dovecotVersion = builtins.fromJSON
|
||||||
|
(builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
|
||||||
|
in lib.optionalString
|
||||||
|
(dovecotVersion.major == 2 && dovecotVersion.minor >= 3)
|
||||||
|
createDhParameterFile}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -27,6 +27,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" "example2.com" ];
|
domains = [ "example.com" "example2.com" ];
|
||||||
|
dhParamBitLength = 512;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
|
|
|
@ -27,6 +27,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" ];
|
domains = [ "example.com" ];
|
||||||
|
dhParamBitLength = 512;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
|
|
Loading…
Reference in a new issue