mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 07:53:19 +00:00
nixos/dovecot: Fix usage of dhparams option
The pull request that added dhparams (#39507) was made at the time where the dhparams module overhaul (#39526) wasn't done yet, so it's still using the old mechanics of the module. As stated in the release notes: Module implementers should not set a specific bit size in order to let users configure it by themselves if they want to have a different bit size than the default (2048). An example usage of this would be: { config, ... }: { security.dhparams.params.myservice = {}; environment.etc."myservice.conf".text = '' dhparams = ${config.security.dhparams.params.myservice.path} ''; } Signed-off-by: aszlig <aszlig@nix.build> Cc: @qknight, @abbradar, @hrdinka, @leenaars
This commit is contained in:
parent
fb9f5e4a03
commit
67a8c66f68
@ -25,7 +25,7 @@ let
|
||||
ssl_cert = <${cfg.sslServerCert}
|
||||
ssl_key = <${cfg.sslServerKey}
|
||||
${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
|
||||
ssl_dh = <${config.security.dhparams.path}/dovecot2.pem
|
||||
ssl_dh = <${config.security.dhparams.params.dovecot2.path}
|
||||
disable_plaintext_auth = yes
|
||||
'')
|
||||
|
||||
@ -302,9 +302,7 @@ in
|
||||
|
||||
security.dhparams = mkIf (! isNull cfg.sslServerCert) {
|
||||
enable = true;
|
||||
params = {
|
||||
dovecot2 = 2048;
|
||||
};
|
||||
params.dovecot2 = {};
|
||||
};
|
||||
services.dovecot2.protocols =
|
||||
optional cfg.enableImap "imap"
|
||||
|
Loading…
Reference in New Issue
Block a user