From fa0541b96bfebdec5c20f1a73514a7cd5ed0e5c5 Mon Sep 17 00:00:00 2001 From: plchldr Date: Tue, 30 Oct 2018 17:56:25 +0100 Subject: [PATCH] remove Diffie Hillman parameter creation as it is handled by the upstream dovecot2 module as of 18.09 --- default.nix | 11 ----------- mail-server/dovecot.nix | 3 --- mail-server/systemd.nix | 18 +----------------- tests/clamav.nix | 1 - tests/extern.nix | 1 - tests/intern.nix | 1 - 6 files changed, 1 insertion(+), 34 deletions(-) diff --git a/default.nix b/default.nix index 0134541..010f224 100644 --- a/default.nix +++ b/default.nix @@ -405,17 +405,6 @@ in ''; }; - dhParamBitLength = mkOption { - type = types.int; - default = 2048; - description = - '' - Length of the Diffie Hillman prime used (in bits). It might be a good - idea to set this to 4096 for security purposed, but it will take a _very_ - long time to create this prime on startup. - ''; - }; - debug = mkOption { type = types.bool; default = false; diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index 2be417d..fed2189 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -97,9 +97,6 @@ in mail_access_groups = ${vmailGroupName} ssl = required - ${lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3") '' - ssl_dh = <${certificateDirectory}/dh.pem - ''} service lmtp { unix_listener dovecot-lmtp { diff --git a/mail-server/systemd.nix b/mail-server/systemd.nix index a4a9285..378e07d 100644 --- a/mail-server/systemd.nix +++ b/mail-server/systemd.nix @@ -18,20 +18,6 @@ let cfg = config.mailserver; - - createDhParameterFile = - lib.optionalString (lib.versionAtLeast (lib.getVersion pkgs.dovecot) "2.3") - '' - # Create a dh parameter file - if [ ! -s "${cfg.certificateDirectory}/dh.pem" ] - then - mkdir -p "${cfg.certificateDirectory}" - ${pkgs.openssl}/bin/openssl \ - dhparam ${builtins.toString cfg.dhParamBitLength} \ - > "${cfg.certificateDirectory}/dh.pem" - fi - ''; - preliminarySelfsigned = config.security.acme.preliminarySelfsigned; acmeWantsTarget = [ "acme-certificates.target" ] ++ (lib.optional preliminarySelfsigned "acme-selfsigned-certificates.target"); @@ -74,7 +60,7 @@ in }; }; - # Create maildir folder and dh parameters before dovecot startup + # Create maildir folder before dovecot startup systemd.services.dovecot2 = { after = [ "mailserver-certificates.target" ]; wants = [ "mailserver-certificates.target" ]; @@ -84,8 +70,6 @@ in mkdir -p "${mailDirectory}" chgrp "${vmailGroupName}" "${mailDirectory}" chmod 02770 "${mailDirectory}" - - ${createDhParameterFile} ''; }; diff --git a/tests/clamav.nix b/tests/clamav.nix index 166a5f8..bec9ef7 100644 --- a/tests/clamav.nix +++ b/tests/clamav.nix @@ -71,7 +71,6 @@ import { debug = true; fqdn = "mail.example.com"; domains = [ "example.com" "example2.com" ]; - dhParamBitLength = 512; virusScanning = true; loginAccounts = { diff --git a/tests/extern.nix b/tests/extern.nix index 7ccd9ca..0816d91 100644 --- a/tests/extern.nix +++ b/tests/extern.nix @@ -36,7 +36,6 @@ import { debug = true; fqdn = "mail.example.com"; domains = [ "example.com" "example2.com" ]; - dhParamBitLength = 512; rewriteMessageId = true; loginAccounts = { diff --git a/tests/intern.nix b/tests/intern.nix index e191d60..ce50123 100644 --- a/tests/intern.nix +++ b/tests/intern.nix @@ -27,7 +27,6 @@ import { enable = true; fqdn = "mail.example.com"; domains = [ "example.com" ]; - dhParamBitLength = 512; loginAccounts = { "user1@example.com" = {