Home Explore Help
Sign In
cookbooks
/
dovecot
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

10-ssl.conf.erb template using variables

Xabier de Zuazo 11 years ago
parent
9b953ecc2b
commit
fdd53a48cc
2 changed files with 23 additions and 9 deletions
Split View Show Diff Stats
  1. 14 0
      attributes/conf-10-ssl.rb
  2. 9 9
      templates/default/conf.d/10-ssl.conf.erb

+ 14 - 0
attributes/conf-10-ssl.rb
View File 

@@ -0,0 +1,14 @@
 
+
 
+default['dovecot']['conf']['ssl_cert'] = '</etc/ssl/certs/dovecot.pem'
 
+default['dovecot']['conf']['ssl_key'] = '</etc/ssl/private/dovecot.pem'
 
+
 
+default['dovecot']['conf']['ssl'] = nil
 
+default['dovecot']['conf']['ssl_cert'] = nil
 
+default['dovecot']['conf']['ssl_key'] = nil
 
+default['dovecot']['conf']['ssl_key_password'] = nil
 
+default['dovecot']['conf']['ssl_ca'] = nil
 
+default['dovecot']['conf']['ssl_verify_client_cert'] = nil
 
+default['dovecot']['conf']['ssl_cert_username_field'] = nil
 
+default['dovecot']['conf']['ssl_parameters_regenerate'] = nil
 
+default['dovecot']['conf']['ssl_cipher_list'] = nil
 
+

+ 9 - 9
templates/default/conf.d/10-ssl.conf.erb
View File 

@@ -3,39 +3,39 @@
 
 ##
 
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 
-#ssl = yes
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl', 'yes') %>
 
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 
 # dropping root privileges, so keep the key file unreadable by anyone but
 
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
 
-ssl_cert = </etc/ssl/certs/dovecot.pem
 
-ssl_key = </etc/ssl/private/dovecot.pem
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_cert', '</etc/ssl/certs/dovecot.pem') %>
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_key', '</etc/ssl/private/dovecot.pem') %>
 
 
 # If key file is password protected, give the password here. Alternatively
 
 # give it when starting dovecot with -p parameter. Since this file is often
 
 # world-readable, you may want to place this setting instead to a different
 
 # root owned 0600 file by using ssl_key_password = <path.
 
-#ssl_key_password =
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_key_password') %>
 
 
 # PEM encoded trusted certificate authority. Set this only if you intend to use
 
 # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
 
 # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
 
-#ssl_ca = 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_ca') %>
 
 
 # Request client to send a certificate. If you also want to require it, set
 
 # auth_ssl_require_client_cert=yes in auth section.
 
-#ssl_verify_client_cert = no
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_verify_client_cert', false) %>
 
 
 # Which field from certificate to use for username. commonName and
 
 # x500UniqueIdentifier are the usual choices. You'll also need to set
 
 # auth_ssl_username_from_cert=yes.
 
-#ssl_cert_username_field = commonName
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_cert_username_field', 'commonName') %>
 
 
 # How often to regenerate the SSL parameters file. Generation is quite CPU
 
 # intensive operation. The value is in hours, 0 disables regeneration
 
 # entirely.
 
-#ssl_parameters_regenerate = 168
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_parameters_regenerate', '168') %>
 
 
 # SSL ciphers to use
 
-#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
 
+<%= Dovecot::Conf.attribute(@conf, 'ssl_cipher_list', 'ALL:!LOW:!SSLv2:!EXP:!aNULL') %>