summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-05-05 16:31:38 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-05-05 16:31:38 +0200
commit2db9391d1775c2d79c1e4e253c3d7fc98f3bc28e (patch)
tree53f0fa4a4849e8502914f69c5c3a8b70a079b3d3
parent3d60ae47b24b39bf8d38087589db73c67aece1e5 (diff)
downloadnixos-2db9391d1775c2d79c1e4e253c3d7fc98f3bc28e.tar
nixos-2db9391d1775c2d79c1e4e253c3d7fc98f3bc28e.tar.gz
nixos-2db9391d1775c2d79c1e4e253c3d7fc98f3bc28e.tar.bz2
nixos-2db9391d1775c2d79c1e4e253c3d7fc98f3bc28e.tar.xz
nixos-2db9391d1775c2d79c1e4e253c3d7fc98f3bc28e.zip
surtr: ...
-rw-r--r--hosts/surtr/email/ca/index.txt2
-rw-r--r--hosts/surtr/email/ca/serial2
-rw-r--r--hosts/surtr/email/default.nix1
3 files changed, 3 insertions, 2 deletions
diff --git a/hosts/surtr/email/ca/index.txt b/hosts/surtr/email/ca/index.txt
index 5010b5fe..711193b2 100644
--- a/hosts/surtr/email/ca/index.txt
+++ b/hosts/surtr/email/ca/index.txt
@@ -1 +1 @@
V 320502135347Z 01 unknown /CN=gkleen V 320502142416Z 02 unknown /CN=gkleen
diff --git a/hosts/surtr/email/ca/serial b/hosts/surtr/email/ca/serial
index 9e22bcb8..75016ea3 100644
--- a/hosts/surtr/email/ca/serial
+++ b/hosts/surtr/email/ca/serial
@@ -1 +1 @@
02 03
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 95885637..aebe03db 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -121,6 +121,7 @@ with lib;
121 command = "smtpd"; 121 command = "smtpd";
122 args = [ 122 args = [
123 "-o" "smtpd_tls_wrappermode=yes" 123 "-o" "smtpd_tls_wrappermode=yes"
124 "-o" "smtpd_tls_ask_ccert=yes"
124 "-o" "smtpd_tls_req_ccert=yes" 125 "-o" "smtpd_tls_req_ccert=yes"
125 "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject" 126 "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject"
126 "-o" "smtpd_recipient_restrictions=reject_unauth_pipelining,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_tls_all_clientcerts,reject" 127 "-o" "smtpd_recipient_restrictions=reject_unauth_pipelining,reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_tls_all_clientcerts,reject"