mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2025-03-31 07:59:52 +05:00
Add assertions between dkimPrivateKeyFiles
and dkimKeyBits
This commit is contained in:
parent
5468858a77
commit
e50df75c25
10
default.nix
10
default.nix
@ -806,12 +806,6 @@ in
|
||||
If `null`, then the keys are auto generated.
|
||||
If set, then there must be an entry for every domain in
|
||||
{option}`config.mailserver.domains`.
|
||||
|
||||
>>> TODO: explain/assert how this interacts with `dkimKeyBits`. would
|
||||
this be cleaner if we had an explicit "generate dkim keys" option that
|
||||
defaults to true, and perhaps we move the generation option (just
|
||||
`dkimKeyBits` right now) under an optional `generateOpts` section? this
|
||||
is not backward compatible, though <<<
|
||||
'';
|
||||
};
|
||||
|
||||
@ -824,8 +818,8 @@ in
|
||||
};
|
||||
|
||||
dkimKeyBits = mkOption {
|
||||
type = types.int;
|
||||
default = 1024;
|
||||
type = types.nullOr types.int;
|
||||
default = if cfg.dkimPrivateKeyFiles == null then 1024 else null;
|
||||
description = ''
|
||||
How many bits in generated DKIM keys. RFC6376 advises minimum 1024-bit keys.
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
assertions = lib.optionals config.mailserver.ldap.enable [
|
||||
{
|
||||
@ -18,5 +18,15 @@
|
||||
assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn;
|
||||
message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
|
||||
}
|
||||
] ++ lib.optionals (config.mailserver.enable && config.mailserver.dkimPrivateKeyFiles != null) [
|
||||
{
|
||||
assertion = config.mailserver.dkimKeyBits == null;
|
||||
message = "When you bring your own DKIM private keys (mailserver.dkimPrivateKeyFiles != null), you must not specify key generation options (mailserver.dkimKeyBits)";
|
||||
}
|
||||
] ++ lib.optionals (config.mailserver.enable && config.mailserver.dkimPrivateKeyFiles == null) [
|
||||
{
|
||||
assertion = config.mailserver.dkimKeyBits != null;
|
||||
message = "When generating DKIM private keys (mailserver.dkimPrivateKeyFiles = null), you must specify key generation options (mailserver.dkimKeyBits)";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user