Browse Source

Use dhparams instead of custom script in postfix setup

mailold
m1cr0man 2 years ago
parent
commit
424ebc6bff
3 changed files with 11 additions and 11 deletions
  1. +2
    -0
      common/variables.nix
  2. +2
    -0
      services/httpd.nix
  3. +7
    -11
      services/postfix/default.nix

+ 2
- 0
common/variables.nix View File

@@ -7,4 +7,6 @@
dovecotHost = "192.168.0.135";
dovecotSaslPort = 3659;
dovecotLmtpPort = 24;

ldapHost = "ldap.internal";
}

+ 2
- 0
services/httpd.nix View File

@@ -26,6 +26,8 @@ let
'';
};
in {

# Acme will automatically create the certsDir and webrootDir
security.acme.directory = common.certsDir;
security.acme.certs = {
"${common.tld}" = acmeCert;


+ 7
- 11
services/postfix/default.nix View File

@@ -1,13 +1,5 @@
let
common = import ../common/variables.nix;

dhParam = bits: pkgs.runCommandNoCC "dh${bits}.pem" {
# Forcing version since openssl gives 1.0.2
buildInputs = [ openssl_1_1 ];
inherit bits;
} ''
openssl dhparam -out $out ${bits}
'';
common = import ../../common/variables.nix;

ldapCommon = ''
server_host = ldap://ldap.internal/
@@ -29,6 +21,10 @@ let
in {
networking.firewall.allowedTCPPorts = [ 25 587 ];

security.dhparams.enable = true;
security.dhparams.params.smtpd_512.bits = 512;
security.dhparams.params.smtpd_2048.bits = 2048;

services.postfix = {
enable = true;
setSendmail = true;
@@ -71,8 +67,8 @@ in {
# virtual_alias_maps = "ldap:" ++ ./ldap-virtual-alias-maps.cf;

# Generate own DHParams
smtpd_tls_dh512_param_file = dhParam 512;
smtpd_tls_dh1024_param_file = dhParam 2048;
smtpd_tls_dh512_param_file = security.dhparams.params.smtpd_512.path;
smtpd_tls_dh1024_param_file = security.dhparams.params.smtpd_2048.path;

# enable SMTPD auth. Dovecot will place an `auth` socket in postfix's
# runtime directory that we will use for authentication.


Loading…
Cancel
Save