Merge branch 'plchldr/nixos-mailserver-master'

2024-09-22 11:22:50 +05:00 · 2018-11-10 14:09:26 +01:00 · 2018-11-10 14:09:26 +01:00 · 28cff2497a
commit 28cff2497a
parent d624740db5 fa0541b96b
6 changed files with 1 additions and 34 deletions
--- a/default.nix
+++ b/default.nix
@ -405,17 +405,6 @@ in
      '';
    };

-    dhParamBitLength = mkOption {
-      type = types.int;
-      default = 2048;
-      description =
-        ''
-        Length of the Diffie Hillman prime used (in bits). It might be a good
-        idea to set this to 4096 for security purposed, but it will take a _very_
-        long time to create this prime on startup.
-        '';
-    };
-
    debug = mkOption {
      type = types.bool;
      default = false;
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -97,9 +97,6 @@ in

        mail_access_groups = ${vmailGroupName}
        ssl = required
-        ${lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3") ''
-          ssl_dh = <${certificateDirectory}/dh.pem
-        ''}

        service lmtp {
          unix_listener dovecot-lmtp {
--- a/mail-server/systemd.nix
+++ b/mail-server/systemd.nix
@ -18,20 +18,6 @@

 let
  cfg = config.mailserver;
-
-  createDhParameterFile =
-    lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3")
-      ''
-        # Create a dh parameter file
-        if [ ! -s "${cfg.certificateDirectory}/dh.pem" ]
-        then
-            mkdir -p "${cfg.certificateDirectory}"
-            ${pkgs.openssl}/bin/openssl \
-                  dhparam ${builtins.toString cfg.dhParamBitLength} \
-                  > "${cfg.certificateDirectory}/dh.pem"
-        fi
-      '';
-
  preliminarySelfsigned = config.security.acme.preliminarySelfsigned;
  acmeWantsTarget = [ "acme-certificates.target" ]
    ++ (lib.optional preliminarySelfsigned "acme-selfsigned-certificates.target");
@ -74,7 +60,7 @@ in
      };
    };

-    # Create maildir folder and dh parameters before dovecot startup
+    # Create maildir folder before dovecot startup
    systemd.services.dovecot2 = {
      after = [ "mailserver-certificates.target" ];
      wants = [ "mailserver-certificates.target" ];
@ -84,8 +70,6 @@ in
        mkdir -p "${mailDirectory}"
        chgrp "${vmailGroupName}" "${mailDirectory}"
        chmod 02770 "${mailDirectory}"
-
-        ${createDhParameterFile}
      '';
    };

--- a/tests/clamav.nix
+++ b/tests/clamav.nix
@ -71,7 +71,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
              debug = true;
              fqdn = "mail.example.com";
              domains = [ "example.com" "example2.com" ];
-              dhParamBitLength = 512;
              virusScanning = true;

              loginAccounts = {
--- a/tests/extern.nix
+++ b/tests/extern.nix
@ -36,7 +36,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
              debug = true;
              fqdn = "mail.example.com";
              domains = [ "example.com" "example2.com" ];
-              dhParamBitLength = 512;
              rewriteMessageId = true;

              loginAccounts = {
--- a/tests/intern.nix
+++ b/tests/intern.nix
@ -27,7 +27,6 @@ import <nixpkgs/nixos/tests/make-test.nix> {
          enable = true;
          fqdn = "mail.example.com";
          domains = [ "example.com" ];
-          dhParamBitLength = 512;

          loginAccounts = {
              "user1@example.com" = {