systems/x86_64-linux/prefect/services/mailserver/overrides.nix at ec64701c852fef17653bcc1034443dab720a0cd0 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / systems / x86_64-linux / prefect / services / mailserver / overrides.nix

at ec64701c852fef17653bcc1034443dab720a0cd0 725 B view raw

 1{ lib, ... }:
 2let
 3  inherit (lib) mkForce;
 4  tlsProtocols = ">=TLSv1.2";
 5  excludeCiphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL, AES128-SHA, AES256-SHA";
 6in
 7{
 8  services.postfix.config = {
 9    # only support TLS 1.3/1.2
10    smtpd_tls_protocols = mkForce tlsProtocols;
11    smtp_tls_protocols = mkForce tlsProtocols;
12    smtpd_tls_mandatory_protocols = mkForce tlsProtocols;
13    smtp_tls_mandatory_protocols = mkForce tlsProtocols;
14
15    # Exclude insecure ciphers
16    smtpd_tls_mandatory_exclude_ciphers = mkForce excludeCiphers;
17    smtpd_tls_exclude_ciphers = mkForce excludeCiphers;
18    smtp_tls_mandatory_exclude_ciphers = mkForce excludeCiphers;
19    smtp_tls_exclude_ciphers = mkForce excludeCiphers;
20  };
21}