Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(mail): update to 25.11 with TLS hardening

Browse source 
- Upgrade NixOS channel from 25.05 to 25.11
- Fix dovecot systemd service rename (dovecot2 -> dovecot)
- Convert postfix numeric settings to integers (25.11 requirement)
- Remove insecure 512-bit DH params, fix 2048-bit DH params
- Update postfix ciphers to modern ECDHE/DHE+AESGCM/CHACHA20
- Require TLS 1.2 minimum for OpenLDAP
- Remove weak ciphers (3DES, RC4, aNULL) from OpenLDAP
This commit is contained in:
Dominik Polakovics Polakovics 2025-12-01 22:24:57 +01:00
parent 170becceb0
commit 28a7bed3b9
5 changed files with 13 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/mail/channel
View file

@ -1 +1 @@
https://channels.nixos.org/nixos-25.05
https://channels.nixos.org/nixos-25.11