summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-05-05 14:20:08 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-05-05 14:20:08 +0200
commitdb983fadeaf415d854ce2654f8f20274ec9b000f (patch)
treead3d59775c8df5e30dbcd4a1cbb7aa85b91b15b4 /hosts/surtr
parent1ce9a1358c28e80725fa915517e3c7de7146dd43 (diff)
downloadnixos-db983fadeaf415d854ce2654f8f20274ec9b000f.tar
nixos-db983fadeaf415d854ce2654f8f20274ec9b000f.tar.gz
nixos-db983fadeaf415d854ce2654f8f20274ec9b000f.tar.bz2
nixos-db983fadeaf415d854ce2654f8f20274ec9b000f.tar.xz
nixos-db983fadeaf415d854ce2654f8f20274ec9b000f.zip
...
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/email/default.nix38
1 files changed, 17 insertions, 21 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index da1c005d..ddb2e32f 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -157,29 +157,25 @@ with lib;
157 }; 157 };
158 }; 158 };
159 159
160 security.acme.domains = let 160 security.acme.domains = {
161 mkSNI = '' 161 "bouncy.email" = {};
162 cat key.pem full.pem > sni.pem 162 "mailin.bouncy.email" = {};
163 ''; 163 "mailsub.bouncy.email" = {};
164 in {
165 "bouncy.email" = {
166 certCfg.postRun = mkSNI;
167 };
168 "mailin.bouncy.email" = {
169 certCfg.postRun = mkSNI;
170 };
171 "mailsub.bouncy.email" = {
172 certCfg.postRun = mkSNI;
173 };
174 "surtr.yggdrasil.li" = {}; 164 "surtr.yggdrasil.li" = {};
175 }; 165 };
176 166
177 systemd.services.postfix.serviceConfig.LoadCredential = [ 167 systemd.services.postfix = {
178 "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" 168 preStart = concatMapStringsSep "\n" (domain: ''
179 "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" 169 cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem
180 "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem" 170 '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"];
181 "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem" 171
182 "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem" 172 serviceConfig.LoadCredential = [
183 ]; 173 "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem"
174 "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem"
175 "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem"
176 "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem"
177 "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem"
178 ];
179 };
184 }; 180 };
185} 181}