summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2016-04-26 14:48:24 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2016-04-26 14:48:24 +0200
commitbe5949a8db580f45ad693ba2950aec64f9e0445d (patch)
treecec3381a7eab2379d40ba6f28f254ab990cef5df
parent928a39e9835efa5b3faf465f267d6cd060145449 (diff)
downloadnixos-be5949a8db580f45ad693ba2950aec64f9e0445d.tar
nixos-be5949a8db580f45ad693ba2950aec64f9e0445d.tar.gz
nixos-be5949a8db580f45ad693ba2950aec64f9e0445d.tar.bz2
nixos-be5949a8db580f45ad693ba2950aec64f9e0445d.tar.xz
nixos-be5949a8db580f45ad693ba2950aec64f9e0445d.zip
ssl for postfix
Diffstat
-rw-r--r--ymir.nix8
1 files changed, 5 insertions, 3 deletions
diff --git a/ymir.nix b/ymir.nix
index d1ad060a..bb0fc74a 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -156,6 +156,7 @@ in rec {
156 users.groups."ssl" = { 156 users.groups."ssl" = {
157 members = [ "prosody" 157 members = [ "prosody"
158 "nginx" 158 "nginx"
159 "postfix"
159 ]; 160 ];
160 }; 161 };
161 162
@@ -297,15 +298,16 @@ in rec {
297 rootAlias = "gkleen"; 298 rootAlias = "gkleen";
298 setSendmail = true; 299 setSendmail = true;
299 destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"]; 300 destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"];
300 sslCert = ""; 301 sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
301 sslKey = ""; 302 sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
302 }; 303 };
303 304
304 security.acme = { 305 security.acme = {
305 certs = { 306 certs = {
306 "yggdrasil.li" = { 307 "yggdrasil.li" = {
307 webroot = "/srv/www/acme/yggdrasil.li";
308 allowKeysForGroup = true; 308 allowKeysForGroup = true;
309 group = "ssl";
310 webroot = "/srv/www/acme/yggdrasil.li";
309 email = "phikeebaogobaegh@141.li"; 311 email = "phikeebaogobaegh@141.li";
310 extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; }) 312 extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; })
311 ["git.yggdrasil.li" "dirty-haskell.org" "www.dirty-haskell.org" "141.li" "www.141.li" "xmpp.li" "www.xmpp.li" "www.yggdrasil.li" "praseodym.org" "www.praseodym.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li"]); 313 ["git.yggdrasil.li" "dirty-haskell.org" "www.dirty-haskell.org" "141.li" "www.141.li" "xmpp.li" "www.xmpp.li" "www.yggdrasil.li" "praseodym.org" "www.praseodym.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li"]);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 04:34:17 +0000