dovecot2: added ssl_dh using security.dhparams

nixcloud · Apr 25, 2018 · 0d914ec · 0d914ec
1 parent 4c7635e
commit 0d914ec
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/modules/services/email/nixcloud-email.nix b/modules/services/email/nixcloud-email.nix
@@ -235,6 +235,13 @@ in {
         email = null;
         reload = [ "postfix.service" "dovecot2.service" ];
       };
+      # https://github.com/nixcloud/nixcloud-webservices/issues/21
+      security.dhparams = {
+        enable = true;
+        params = {
+          dovecot2 = 4096;
+        };
+      };
     })
 
     # FIXME: when using nixcloud DNS we want the pubkey during nix evaluation time to generate
@@ -437,6 +444,8 @@ in {
         ];
 
         extraConfig = ''
+          # https://github.com/nixcloud/nixcloud-webservices/issues/21
+          ssl_dh = </var/lib/dhparams/dovecot2.pem
           mail_home = /var/lib/virtualMail/%d/users/%n/
 
           passdb {