Commit graph

27 commits

Author SHA1 Message Date
Brian Olsen
8a27b941bf Start dovecot before postfix and add target for certificates
It seemed weird to me that preStart on postfix was used to generate
files not needed directly by postfix and for the self-signed
certificate which is also needed by dovecot. nginx.service was also
used as a proxy for when ACME certificate generation was done.

So I have created mailserver-certificates.target for when certificates
are available for other services. For self-signed that means that a
new oneshot service called mailserver-selfsigned-certificate has been
run. And for ACME this means that the target
acme-selfsigned-certificates has been reached (which is when acme has
created the self-signed certificates used before the actual
certificates provided by LetsEncrypt are created). This setup has the
added bonus that if you want to run a service to provide your own
certificates you can set that to run before
mailserver-certificates.target.

DH Parameters are only needed by dovecot so generation of that file has
been moved to the dovecot2 preStart.

And lastly the only remaining reason to for dovecot to start before
postfix was that the auth and lmtp sockets where located in a directory
created by postfix. But since they could just as well be located in
/run/dovecot2 as long as postfix has access to them I have moved them
there.
2018-06-29 21:35:16 +09:30
Antoine Eiche
e9dea6cdb4 postfix: also create the dh.pem if it is empty
The dh.pem file is currently created by the postfix prestart
script. If the entropy of the system is to low, the postfix prestart
can timeout. In this case, an empty file is created.
If the user restarts the postfix service, the dh.pem is not created
because the file already exists (but is empty).
When a ssl is established with dovecot, it fails with this message:
imap-login: `Error:Failed to initialize SSL server context: Couldn't parse DH parameters:
error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH
PARAMETERS`

With this patch, the postfix service creates the dh.pem if the dh.pem
doesn't exist or if it is empty. It doesn't fix the entropy or
timeout issue but at least, the user knows something is failing:/
2018-05-10 01:04:02 +02:00
Robin Raymond
6bdfdca0e3 fix typo 2018-02-23 15:36:29 +01:00
Robin Raymond
5d169c3ef2 fixes #88 2018-02-23 14:56:28 +01:00
Ruben Maher
5b570ad5a0 dovecot: read dovecot version into nix variable
This allows determining whether it's OK to use particular configuration
variables that will throw errors when used in older versions.
2018-02-17 22:24:39 +10:30
Robin Raymond
f6546a1a8e fix dovecot 2.3 ssl_dh 2018-02-13 13:18:31 +01:00
Robin Raymond
aca43875dc update copywright 2018-01-29 10:34:27 +01:00
Robin Raymond
d905be86d5 fix multidomain dkim signing fixes #24 2017-11-11 16:06:28 +01:00
John Boehr
16fb41de01 Change domain to fqdn and extraDomains to domains 2017-11-11 09:45:06 +00:00
John Boehr
ebd0f656ed
Preliminary multi-domain support 2017-11-09 13:13:27 -08:00
Robin Raymond
2f7e3a9f0c initial acme support; needs testing 2017-09-23 09:56:09 +02:00
Robin Raymond
bf7099d389 fix issue #8
turns out this is a upstream bug. The fix should probably be pushed to nixpkgs.
2017-09-13 11:49:33 +02:00
Robin Raymond
d974be81e0 revert script exctraction 2017-09-03 16:20:47 +02:00
Robin Raymond
0c20bb3a85 move scripts to external files 2017-09-03 16:00:10 +02:00
Robin Raymond
0c414738e1 fix merge bug in systemd 2017-09-03 15:56:36 +02:00
Robin Raymond
1e0c203bf8 Merge branch 'module-rewrite' 2017-09-03 15:31:37 +02:00
Robin Raymond
3eb363fc71 systemd to module 2017-09-02 15:08:50 +02:00
Robin Raymond
ebb2a5caf7 camelCase 2 2017-09-02 13:29:49 +02:00
Robin Raymond
b5fccc7e39 camelCase 2017-09-02 13:23:37 +02:00
Robin Raymond
256d2c75a6 update comments 2017-09-02 12:15:22 +02:00
Robin Raymond
42c4e18438 remove unnecessary after field in systemd 2017-08-30 15:56:24 +02:00
Robin Raymond
bb4717bf0b fix typo in opendkim key generation 2017-08-30 14:29:06 +02:00
Robin Raymond
d05bd24040 make dovecot wait for postfix instead of other way around 2017-08-23 17:34:34 +02:00
Robin Raymond
8551dcffff enable dkim signing 2017-08-23 17:22:44 +02:00
Robin Raymond
b68e64ec72 certificate scheme 2
On the fly create certificates via openssl (Maybe change this to
libressl in the future?). This is probably the best scheme to get
something that simply works. Self signed certificates only pose a
problem when connecting to retrieve the email via imap or pop3.
2017-08-13 11:51:07 +02:00
Robin Raymond
1d53a88a21 finish up dovecot configuration
also factor out users into own file
2017-08-12 12:28:46 +02:00
Robin Raymond
e63b6ebda9 create maildir folder 2017-08-12 11:47:52 +02:00