feat(dhparam): optional generation of Diffie-Hellman Parameters

alxwr · alxwr · commit 1e7aca461a0f · 2019-07-25T23:17:22.000+02:00
diff --git a/README.rst b/README.rst
@@ -37,3 +37,8 @@ Available states
 ------------
 
 Installs and configures the dovecot package, and ensures that the associated dovecot service is running.
+
+``dovecot.dh``
+--------------
+
+Creates Diffie-Hellman Parameters at the path defined in Pillar `dovecot:ssl:dhparam:path`.
diff --git a/dovecot/dh.sls b/dovecot/dh.sls
@@ -0,0 +1,8 @@
+{%- from "dovecot/map.jinja" import dovecot with context %}
+
+dovecot-dh-create-dhparam-file:
+  cmd.run:
+    - name: "openssl dhparam {{ dovecot.ssl.dhparam.numbits }} > {{ dovecot.ssl.dhparam.path }}"
+    - creates: {{ dovecot.ssl.dhparam.path }}
+    - watch_in:
+      - service: dovecot_service
diff --git a/dovecot/map.jinja b/dovecot/map.jinja
@@ -77,6 +77,12 @@
             'ssl_certs_dir': '/usr/local/etc/ssl/certs',
             'ssl_keys_dir': '/usr/local/etc/ssl/private',
            },
+        'ssl': {
+            'dhparam': {
+                'path': '/usr/local/etc/dovecot/dh.pem',
+                'numbits': 2048
+            }
+          },
         'packages': ['dovecot'],
         'root_group': 'wheel',
     },
@@ -93,6 +99,12 @@
             'ssl_certs_dir': '/etc/ssl/private',
             'ssl_keys_dir': '/etc/ssl/private',
            },
+        'ssl': {
+            'dhparam': {
+                'path': '/etc/dovecot/dh.pem',
+                'numbits': 2048
+            }
+          },
         'packages': ['dovecot-core','dovecot-imapd'],
         'root_group': 'root',
     },
diff --git a/pillar.example b/pillar.example
@@ -5,6 +5,10 @@ dovecot:
   lookup:
     enable_service_control: True
     service_persistent: True
+    ssl:
+      dhparam:
+        path: /etc/dovecot/dh.pem
+        numbits: 2048
     config:
       local: |
         # main
