diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2020-08-13 06:53:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-13 06:53:53 +0100 |
commit | 0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079 (patch) | |
tree | 1bbf0fef3fb93febb45c49f5ae81e49af7b255de /nixos/modules | |
parent | aa7c73344fe144c218e3f211d3a574189d6bcea2 (diff) | |
parent | a45f1453eb44968ca7c3f2a316951e6947187ee2 (diff) | |
download | nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.tar nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.tar.gz nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.tar.bz2 nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.tar.lz nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.tar.xz nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.tar.zst nixpkgs-0f2ee10cbfd698a8c7fd19dae2f09bb95c7fb079.zip |
Merge pull request #94270 from jerith666/postfix-dane
postfix: add useDane config option
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/mail/postfix.nix | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index ad10ba1d909..fd4d16cdc37 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -25,6 +25,8 @@ let clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); + smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may"; + mainCf = let escape = replaceStrings ["$"] ["$$"]; mkList = items: "\n " + concatStringsSep ",\n " items; @@ -508,6 +510,14 @@ in ''; }; + useDane = mkOption { + type = types.bool; + default = false; + description = '' + Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details. + ''; + }; + sslCert = mkOption { type = types.str; default = ""; @@ -809,13 +819,13 @@ in // optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; } // optionalAttrs (cfg.tlsTrustedAuthorities != "") { smtp_tls_CAfile = cfg.tlsTrustedAuthorities; - smtp_tls_security_level = "may"; + smtp_tls_security_level = smtpTlsSecurityLevel; } // optionalAttrs (cfg.sslCert != "") { smtp_tls_cert_file = cfg.sslCert; smtp_tls_key_file = cfg.sslKey; - smtp_tls_security_level = "may"; + smtp_tls_security_level = smtpTlsSecurityLevel; smtpd_tls_cert_file = cfg.sslCert; smtpd_tls_key_file = cfg.sslKey; |