From 1e7aca461a0fedabe0dafaae7db93074caeea3bd Mon Sep 17 00:00:00 2001
From: Alexander Weidinger <aw@sz9i.net>
Date: Thu, 25 Jul 2019 22:59:59 +0200
Subject: [PATCH] feat(dhparam): optional generation of Diffie-Hellman
 Parameters

---
 README.rst        |  5 +++++
 dovecot/dh.sls    |  8 ++++++++
 dovecot/map.jinja | 12 ++++++++++++
 pillar.example    |  4 ++++
 4 files changed, 29 insertions(+)
 create mode 100644 dovecot/dh.sls

diff --git a/README.rst b/README.rst
index 970d4ef..95ce8cf 100644
--- a/README.rst
+++ b/README.rst
@@ -37,3 +37,8 @@ Available states
 ------------
 
 Installs and configures the dovecot package, and ensures that the associated dovecot service is running.
+
+``dovecot.dh``
+--------------
+
+Creates Diffie-Hellman Parameters at the path defined in Pillar `dovecot:ssl:dhparam:path`.
diff --git a/dovecot/dh.sls b/dovecot/dh.sls
new file mode 100644
index 0000000..570b765
--- /dev/null
+++ b/dovecot/dh.sls
@@ -0,0 +1,8 @@
+{%- from "dovecot/map.jinja" import dovecot with context %}
+
+dovecot-dh-create-dhparam-file:
+  cmd.run:
+    - name: "openssl dhparam {{ dovecot.ssl.dhparam.numbits }} > {{ dovecot.ssl.dhparam.path }}"
+    - creates: {{ dovecot.ssl.dhparam.path }}
+    - watch_in:
+      - service: dovecot_service
diff --git a/dovecot/map.jinja b/dovecot/map.jinja
index 0566614..b6b8211 100644
--- a/dovecot/map.jinja
+++ b/dovecot/map.jinja
@@ -77,6 +77,12 @@
             'ssl_certs_dir': '/usr/local/etc/ssl/certs',
             'ssl_keys_dir': '/usr/local/etc/ssl/private',
            },
+        'ssl': {
+            'dhparam': {
+                'path': '/usr/local/etc/dovecot/dh.pem',
+                'numbits': 2048
+            }
+          },
         'packages': ['dovecot'],
         'root_group': 'wheel',
     },
@@ -93,6 +99,12 @@
             'ssl_certs_dir': '/etc/ssl/private',
             'ssl_keys_dir': '/etc/ssl/private',
            },
+        'ssl': {
+            'dhparam': {
+                'path': '/etc/dovecot/dh.pem',
+                'numbits': 2048
+            }
+          },
         'packages': ['dovecot-core','dovecot-imapd'],
         'root_group': 'root',
     },
diff --git a/pillar.example b/pillar.example
index 0fde990..2859cfb 100644
--- a/pillar.example
+++ b/pillar.example
@@ -5,6 +5,10 @@ dovecot:
   lookup:
     enable_service_control: True
     service_persistent: True
+    ssl:
+      dhparam:
+        path: /etc/dovecot/dh.pem
+        numbits: 2048
     config:
       local: |
         # main