From 1da16a5ea112182ffc2d83ee6c42c1b70f96226d Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 21 Sep 2012 12:25:35 +0200 Subject: [PATCH 1/4] modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file --- modules/services/mail/dovecot2.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/services/mail/dovecot2.nix b/modules/services/mail/dovecot2.nix index c5f5da41d31..14355f51e3d 100644 --- a/modules/services/mail/dovecot2.nix +++ b/modules/services/mail/dovecot2.nix @@ -40,13 +40,8 @@ let driver = pam args = dovecot2 } - #auth_debug = yes - #auth_verbose = yes - #debug_log_path = /tmp/dovecot2debug.log pop3_uidl_format = %08Xv%08Xu - - log_path = /var/log/dovecot2.log ''; confFile = pkgs.writeText "dovecot.conf" dovecotConf; From 155495deb2ada2eda99fa4bf809830a0b506e51d Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 21 Sep 2012 12:26:53 +0200 Subject: [PATCH 2/4] modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available Connects from 'localhost' are always considered secure. --- modules/services/mail/dovecot2.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/mail/dovecot2.nix b/modules/services/mail/dovecot2.nix index 14355f51e3d..2054b80d0b1 100644 --- a/modules/services/mail/dovecot2.nix +++ b/modules/services/mail/dovecot2.nix @@ -17,6 +17,7 @@ let ssl_cert_file = ${cfg.sslServerCert} ssl_key_file = ${cfg.sslServerKey} ssl_ca_file = ${cfg.sslCACert} + disable_plaintext_auth = yes '' else '' ssl = no disable_plaintext_auth = no From 0573c7fcae7cc06da38895ea3d7b2ca7526720f3 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 21 Sep 2012 12:28:49 +0200 Subject: [PATCH 3/4] modules/services/mail/dovecot2.nix: update syntax for SSL config options --- modules/services/mail/dovecot2.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/services/mail/dovecot2.nix b/modules/services/mail/dovecot2.nix index 2054b80d0b1..c1f21ba457f 100644 --- a/modules/services/mail/dovecot2.nix +++ b/modules/services/mail/dovecot2.nix @@ -14,9 +14,9 @@ let '' + (if cfg.sslServerCert!="" then '' - ssl_cert_file = ${cfg.sslServerCert} - ssl_key_file = ${cfg.sslServerKey} - ssl_ca_file = ${cfg.sslCACert} + ssl_cert = <${cfg.sslServerCert} + ssl_key = <${cfg.sslServerKey} + ssl_ca = <${cfg.sslCACert} disable_plaintext_auth = yes '' else '' ssl = no From 4476b875fc0d4b1a59b1f4ab7194fd15ae620921 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 21 Sep 2012 16:04:46 +0200 Subject: [PATCH 4/4] Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. --- modules/services/mail/dovecot2.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/services/mail/dovecot2.nix b/modules/services/mail/dovecot2.nix index c1f21ba457f..fc97e0d3ad0 100644 --- a/modules/services/mail/dovecot2.nix +++ b/modules/services/mail/dovecot2.nix @@ -43,7 +43,7 @@ let } pop3_uidl_format = %08Xv%08Xu - ''; + '' + cfg.extraConfig; confFile = pkgs.writeText "dovecot.conf" dovecotConf; @@ -72,6 +72,12 @@ in description = "Dovecot group name."; }; + extraConfig = mkOption { + default = ""; + example = "mail_debug = yes"; + description = "Additional entries to put verbatim into Dovecot's config file."; + }; + mailLocation = mkOption { default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */ example = "maildir:~/mail:INBOX=/var/spool/mail/%u";