diff options
| author | Alyssa Ross <hi@alyssa.is> | 2021-01-12 15:56:08 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2021-01-14 10:24:31 +0000 |
| commit | 011d0733939fea4f1cc5277bd4ffbf99b1710d6e (patch) | |
| tree | 15aceec3778ee85ff0fbce57bee1cfde442ea42c /nixos/modules | |
| parent | 9ed5ee909beede0ea3f04bc4d14449290aebed66 (diff) | |
| download | nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.tar nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.tar.gz nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.tar.bz2 nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.tar.lz nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.tar.xz nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.tar.zst nixpkgs-011d0733939fea4f1cc5277bd4ffbf99b1710d6e.zip | |
nixos/postfix: deprecate services.postfix.useDane
Now that smtp_tls_security_level is using mkDefault, and therefore can be overridden, there's no need for an option for overriding it to a specific value.
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 37ba98339a6..1dcdcab8d48 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -25,8 +25,6 @@ let clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); - smtpTlsSecurityLevel = if cfg.useDane then "dane" else mkDefault "may"; - mainCf = let escape = replaceStrings ["$"] ["$$"]; mkList = items: "\n " + concatStringsSep ",\n " items; @@ -510,14 +508,6 @@ in ''; }; - useDane = mkOption { - type = types.bool; - default = false; - description = '' - Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details. - ''; - }; - sslCert = mkOption { type = types.str; default = ""; @@ -819,13 +809,13 @@ in // optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; } // optionalAttrs (cfg.tlsTrustedAuthorities != "") { smtp_tls_CAfile = cfg.tlsTrustedAuthorities; - smtp_tls_security_level = smtpTlsSecurityLevel; + smtp_tls_security_level = mkDefault "may"; } // optionalAttrs (cfg.sslCert != "") { smtp_tls_cert_file = cfg.sslCert; smtp_tls_key_file = cfg.sslKey; - smtp_tls_security_level = smtpTlsSecurityLevel; + smtp_tls_security_level = mkDefault "may"; smtpd_tls_cert_file = cfg.sslCert; smtpd_tls_key_file = cfg.sslKey; @@ -969,5 +959,9 @@ in imports = [ (mkRemovedOptionModule [ "services" "postfix" "sslCACert" ] "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.") + + (mkChangedOptionModule [ "services" "postfix" "useDane" ] + [ "services" "postfix" "config" "smtp_tls_security_level" ] + (config: mkIf config.services.postfix.useDane "dane")) ]; } |