fix dovecot 2.3 ssl_dh

2018-02-13 13:18:31 +01:00 · 2018-02-13 13:18:31 +01:00 · f6546a1a8e
commit f6546a1a8e
parent b75575f02e
5 changed files with 36 additions and 0 deletions
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -61,6 +61,7 @@ in

        mail_access_groups = ${vmailGroupName}
        ssl = required
+        ${lib.optionalString dovecot23 "ssl_dh = <${certificateDirectory}/dh.pem"}

        service lmtp {
          unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@ -38,6 +38,14 @@ let
        ''
        else "";

+  createDhParameterFile =
+    ''
+      # Create a dh parameter file
+      ${pkgs.openssl}/bin/openssl \
+            dhparam ${builtins.toString cfg.dhParamBitLength} \
+            > "${cfg.certificateDirectory}/dh.pem"
+    '';
+
  createDomainDkimCert = dom:
    let
      dkim_key = "${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key";
@ -82,6 +90,8 @@ in
      chmod 02770 "${mailDirectory}"

        ${create_certificate}
+
+        ${lib.optionalString cfg.dovecot23 "${createDhParameterFile}"}
      '';
    };