commit
49951d6ac4
6 changed files with 45 additions and 0 deletions
11
default.nix
11
default.nix
|
@ -325,6 +325,17 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
dhParamBitLength = mkOption {
|
||||
type = types.int;
|
||||
default = 2048;
|
||||
description =
|
||||
''
|
||||
Length of the Diffie Hillman prime used (in bits). It might be a good
|
||||
idea to set this to 4096 for security purposed, but it will take a _very_
|
||||
long time to create this prime on startup.
|
||||
'';
|
||||
};
|
||||
|
||||
debug = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
|
12
mail-server/dovecot-version.nix
Normal file
12
mail-server/dovecot-version.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ dovecot, gawk, gnused, jq, runCommand }:
|
||||
|
||||
runCommand "dovecot-version" {
|
||||
buildInputs = [dovecot gnused jq];
|
||||
} ''
|
||||
jq -n \
|
||||
--arg dovecot_version "$(dovecot --version |
|
||||
sed 's/\([0-9.]*\).*/\1/' |
|
||||
awk -F '.' '{ print $1"."$2"."$3 }')" \
|
||||
'[$dovecot_version | split("."), ["major", "minor", "patch"]]
|
||||
| transpose | map( { (.[1]): .[0] | tonumber }) | add' > $out
|
||||
''
|
|
@ -24,6 +24,8 @@ let
|
|||
# maildir in format "/${domain}/${user}"
|
||||
dovecot_maildir = "maildir:${cfg.mailDirectory}/%d/%n";
|
||||
|
||||
dovecotVersion = builtins.fromJSON
|
||||
(builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
|
||||
in
|
||||
{
|
||||
config = with cfg; lib.mkIf enable {
|
||||
|
@ -61,6 +63,9 @@ in
|
|||
|
||||
mail_access_groups = ${vmailGroupName}
|
||||
ssl = required
|
||||
${lib.optionalString (dovecotVersion.major == 2 && dovecotVersion.minor >= 3) ''
|
||||
ssl_dh = <${certificateDirectory}/dh.pem
|
||||
''}
|
||||
|
||||
service lmtp {
|
||||
unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
|
||||
|
|
|
@ -38,6 +38,14 @@ let
|
|||
''
|
||||
else "";
|
||||
|
||||
createDhParameterFile =
|
||||
''
|
||||
# Create a dh parameter file
|
||||
${pkgs.openssl}/bin/openssl \
|
||||
dhparam ${builtins.toString cfg.dhParamBitLength} \
|
||||
> "${cfg.certificateDirectory}/dh.pem"
|
||||
'';
|
||||
|
||||
createDomainDkimCert = dom:
|
||||
let
|
||||
dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key";
|
||||
|
@ -82,6 +90,13 @@ in
|
|||
chmod 02770 "${mailDirectory}"
|
||||
|
||||
${create_certificate}
|
||||
|
||||
${let
|
||||
dovecotVersion = builtins.fromJSON
|
||||
(builtins.readFile (pkgs.callPackage ./dovecot-version.nix {}));
|
||||
in lib.optionalString
|
||||
(dovecotVersion.major == 2 && dovecotVersion.minor >= 3)
|
||||
createDhParameterFile}
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
|||
enable = true;
|
||||
fqdn = "mail.example.com";
|
||||
domains = [ "example.com" "example2.com" ];
|
||||
dhParamBitLength = 512;
|
||||
|
||||
loginAccounts = {
|
||||
"user1@example.com" = {
|
||||
|
|
|
@ -27,6 +27,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
|||
enable = true;
|
||||
fqdn = "mail.example.com";
|
||||
domains = [ "example.com" ];
|
||||
dhParamBitLength = 512;
|
||||
|
||||
loginAccounts = {
|
||||
"user1@example.com" = {
|
||||
|
|
Loading…
Reference in a new issue