forked from mirrors/nixpkgs
nixos/postfix: deprecate services.postfix.useDane
Now that smtp_tls_security_level is using mkDefault, and therefore can be overridden, there's no need for an option for overriding it to a specific value.
This commit is contained in:
parent
9ed5ee909b
commit
011d073393
|
@ -25,8 +25,6 @@ let
|
|||
|
||||
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
|
||||
|
||||
smtpTlsSecurityLevel = if cfg.useDane then "dane" else mkDefault "may";
|
||||
|
||||
mainCf = let
|
||||
escape = replaceStrings ["$"] ["$$"];
|
||||
mkList = items: "\n " + concatStringsSep ",\n " items;
|
||||
|
@ -510,14 +508,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
useDane = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details.
|
||||
'';
|
||||
};
|
||||
|
||||
sslCert = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
|
@ -819,13 +809,13 @@ in
|
|||
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; }
|
||||
// optionalAttrs (cfg.tlsTrustedAuthorities != "") {
|
||||
smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
|
||||
smtp_tls_security_level = smtpTlsSecurityLevel;
|
||||
smtp_tls_security_level = mkDefault "may";
|
||||
}
|
||||
// optionalAttrs (cfg.sslCert != "") {
|
||||
smtp_tls_cert_file = cfg.sslCert;
|
||||
smtp_tls_key_file = cfg.sslKey;
|
||||
|
||||
smtp_tls_security_level = smtpTlsSecurityLevel;
|
||||
smtp_tls_security_level = mkDefault "may";
|
||||
|
||||
smtpd_tls_cert_file = cfg.sslCert;
|
||||
smtpd_tls_key_file = cfg.sslKey;
|
||||
|
@ -969,5 +959,9 @@ in
|
|||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "postfix" "sslCACert" ]
|
||||
"services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.")
|
||||
|
||||
(mkChangedOptionModule [ "services" "postfix" "useDane" ]
|
||||
[ "services" "postfix" "config" "smtp_tls_security_level" ]
|
||||
(config: mkIf config.services.postfix.useDane "dane"))
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue