update ssl configuration of some bundles

bundles/dovecot/files/dovecot.conf

@@ -28,13 +28,13 @@ namespace inbox {
 mail_location = maildir:/var/mail/vmail/%d/%n
 protocols = imap lmtp sieve
 
-ssl = yes
+ssl = required
 ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/fullchain.pem
 ssl_key =  </var/lib/dehydrated/certs/${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}/privkey.pem
-ssl_dh = </etc/dovecot/ssl/dhparam.pem
+ssl_dh = </etc/ssl/certs/dhparam.pem
 ssl_min_protocol = TLSv1.2
-ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM
-ssl_prefer_server_ciphers = yes
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+ssl_prefer_server_ciphers = no
 
 login_greeting = IMAPd ready
 auth_mechanisms = plain login

bundles/dovecot/items.py

@@ -2,10 +2,6 @@
 # by this bundle
 repo.libs.tools.require_bundle(node, 'postfix')
 
-directories = {
-    '/etc/dovecot/ssl': {},
-}
-
 files = {
     '/etc/dovecot/dovecot.conf': {
         'content_type': 'mako',
@@ -56,25 +52,10 @@ symlinks['/usr/lib/dovecot/decode2text.sh'] = {
     },
 }
 
-actions = {
-    'dovecot_generate_dhparam': {
-        'command': 'openssl dhparam -out /etc/dovecot/ssl/dhparam.pem 2048',
-        'unless': 'test -f /etc/dovecot/ssl/dhparam.pem',
-        'cascade_skip': False,
-        'needs': {
-            'directory:/etc/dovecot/ssl',
-            'pkg_apt:'
-        },
-        'triggers': {
-            'svc_systemd:dovecot:restart',
-        },
-    },
-}
-
 svc_systemd = {
     'dovecot': {
         'needs': {
-            'action:dovecot_generate_dhparam',
+            'action:generate-dhparam',
             'file:/etc/dovecot/dovecot.conf',
             'file:/etc/dovecot/dovecot-sql.conf',
         },