summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/email/default.nix38
1 files changed, 17 insertions, 21 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index da1c005d..ddb2e32f 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -157,29 +157,25 @@ with lib;
157 }; 157 };
158 }; 158 };
159 159
160 security.acme.domains = let 160 security.acme.domains = {
161 mkSNI = '' 161 "bouncy.email" = {};
162 cat key.pem full.pem > sni.pem 162 "mailin.bouncy.email" = {};
163 ''; 163 "mailsub.bouncy.email" = {};
164 in {
165 "bouncy.email" = {
166 certCfg.postRun = mkSNI;
167 };
168 "mailin.bouncy.email" = {
169 certCfg.postRun = mkSNI;
170 };
171 "mailsub.bouncy.email" = {
172 certCfg.postRun = mkSNI;
173 };
174 "surtr.yggdrasil.li" = {}; 164 "surtr.yggdrasil.li" = {};
175 }; 165 };
176 166
177 systemd.services.postfix.serviceConfig.LoadCredential = [ 167 systemd.services.postfix = {
178 "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" 168 preStart = concatMapStringsSep "\n" (domain: ''
179 "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" 169 cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem
180 "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem" 170 '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"];
181 "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem" 171
182 "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem" 172 serviceConfig.LoadCredential = [
183 ]; 173 "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem"
174 "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem"
175 "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem"
176 "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem"
177 "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem"
178 ];
179 };
184 }; 180 };
185} 181}