public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/postfix: deprecate services.postfix.useDane

Browse Source 
Now that smtp_tls_security_level is using mkDefault, and therefore can
be overridden, there's no need for an option for overriding it to a
specific value.
This commit is contained in:
Alyssa Ross 2021-01-12 15:56:08 +00:00
parent 9ed5ee909b
commit 011d073393
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/services/mail/postfix.nix
View File

@ -25,8 +25,6 @@ let
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
smtpTlsSecurityLevel = if cfg.useDane then "dane" else mkDefault "may";
mainCf = let mainCf = let
escape = replaceStrings ["$"] ["$$"]; escape = replaceStrings ["$"] ["$$"];
mkList = items: "\n " + concatStringsSep ",\n " items; mkList = items: "\n " + concatStringsSep ",\n " items;
@ -510,14 +508,6 @@ in
''; '';
}; };
useDane = mkOption {
type = types.bool;
default = false;
description = ''
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details.
'';
};
sslCert = mkOption { sslCert = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
@ -819,13 +809,13 @@ in
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; } // optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; }
// optionalAttrs (cfg.tlsTrustedAuthorities != "") { // optionalAttrs (cfg.tlsTrustedAuthorities != "") {
smtp_tls_CAfile = cfg.tlsTrustedAuthorities; smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
smtp_tls_security_level = smtpTlsSecurityLevel; smtp_tls_security_level = mkDefault "may";
} }
// optionalAttrs (cfg.sslCert != "") { // optionalAttrs (cfg.sslCert != "") {
smtp_tls_cert_file = cfg.sslCert; smtp_tls_cert_file = cfg.sslCert;
smtp_tls_key_file = cfg.sslKey; smtp_tls_key_file = cfg.sslKey;
smtp_tls_security_level = smtpTlsSecurityLevel; smtp_tls_security_level = mkDefault "may";
smtpd_tls_cert_file = cfg.sslCert; smtpd_tls_cert_file = cfg.sslCert;
smtpd_tls_key_file = cfg.sslKey; smtpd_tls_key_file = cfg.sslKey;
@ -969,5 +959,9 @@ in
imports = [ imports = [
(mkRemovedOptionModule [ "services" "postfix" "sslCACert" ] (mkRemovedOptionModule [ "services" "postfix" "sslCACert" ]
"services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.") "services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.")
(mkChangedOptionModule [ "services" "postfix" "useDane" ]
[ "services" "postfix" "config" "smtp_tls_security_level" ]
(config: mkIf config.services.postfix.useDane "dane"))
]; ];
} }