summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-05-05 22:10:25 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-05-05 22:10:25 +0200
commit35c9a700b5d87fd96260ea0022b4a78fed986836 (patch)
tree2cd61d0d71056d08bee46a0b6b57905aabb979dd
parentbb9860c49f37d8e0b08275e2ad6762f36219e918 (diff)
downloadnixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar
nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar.gz
nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar.bz2
nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.tar.xz
nixos-35c9a700b5d87fd96260ea0022b4a78fed986836.zip
surtr: ...
-rw-r--r--hosts/surtr/email/default.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index f4543bf4..cd8af21f 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -303,8 +303,19 @@ in {
303 303
304 ssl_require_crl = yes 304 ssl_require_crl = yes
305 ssl_verify_client_cert = yes 305 ssl_verify_client_cert = yes
306
307 ssl_min_protocol = TLSv1.2
308 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
309 ssl_prefer_server_ciphers = no
310
306 auth_ssl_username_from_cert = yes 311 auth_ssl_username_from_cert = yes
312 ssl_cert_username_field = commonName
307 auth_mechanisms = external 313 auth_mechanisms = external
314 auth_username_format = %n
315
316 auth_verbose = yes
317 verbose_ssl = yes
318 auth_debug = yes
308 319
309 service auth { 320 service auth {
310 user = dovecot2 321 user = dovecot2