ymir: fix postfix dane

author: Gregor Kleen <gkleen@yggdrasil.li> 2020-08-16 14:25:49 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2020-08-16 14:25:49 +0200
commit: ff6d6d3b3ede0001cf4c3d8259703a41749166be (patch)
tree: 2aeee15315a2e34af477c7b005382126fe07572c
parent: 626e1d6d8bd4bde5d629e2f925969a3593dcc9ac (diff)
download: nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar
nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar.gz
nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar.bz2
nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar.xz
nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ymir.nix b/ymir.nix
index 934c2374..4adaf128 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -444,6 +444,7 @@ in rec {
      ''}''];
    sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
    sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
+    useDANE = true;
    config = {
      #the dh params
      smtpd_tls_dh1024_param_file = config.security.dhparams.params."postfix-1024".path;
@@ -469,7 +470,6 @@ in rec {
      smtp_tls_loglevel = "1";
      smtp_dns_support_level = "dnssec";
-      smtp_tls_security_level = "dane";
      transport_maps = ''regexp:${pkgs.writeText "transport" ''
        /@(rpgs?|lists?|l)\.(.*\.)?(yggdrasil\.li|praseodym\.org|141\.li|xmpp\.li|kleen\.li|dirty-haskell\.org|nights\.email|yggdrasil|localdomain|localhost|ymir)$/ mlmmj:
author	Gregor Kleen <gkleen@yggdrasil.li>	2020-08-16 14:25:49 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2020-08-16 14:25:49 +0200
commit	ff6d6d3b3ede0001cf4c3d8259703a41749166be (patch)
tree	2aeee15315a2e34af477c7b005382126fe07572c
parent	626e1d6d8bd4bde5d629e2f925969a3593dcc9ac (diff)
download	nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar.gz nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar.bz2 nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.tar.xz nixos-ff6d6d3b3ede0001cf4c3d8259703a41749166be.zip