diff options
-rw-r--r-- | hosts/surtr/email/default.nix | 38 |
1 files changed, 17 insertions, 21 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index da1c005d..ddb2e32f 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
@@ -157,29 +157,25 @@ with lib; | |||
157 | }; | 157 | }; |
158 | }; | 158 | }; |
159 | 159 | ||
160 | security.acme.domains = let | 160 | security.acme.domains = { |
161 | mkSNI = '' | 161 | "bouncy.email" = {}; |
162 | cat key.pem full.pem > sni.pem | 162 | "mailin.bouncy.email" = {}; |
163 | ''; | 163 | "mailsub.bouncy.email" = {}; |
164 | in { | ||
165 | "bouncy.email" = { | ||
166 | certCfg.postRun = mkSNI; | ||
167 | }; | ||
168 | "mailin.bouncy.email" = { | ||
169 | certCfg.postRun = mkSNI; | ||
170 | }; | ||
171 | "mailsub.bouncy.email" = { | ||
172 | certCfg.postRun = mkSNI; | ||
173 | }; | ||
174 | "surtr.yggdrasil.li" = {}; | 164 | "surtr.yggdrasil.li" = {}; |
175 | }; | 165 | }; |
176 | 166 | ||
177 | systemd.services.postfix.serviceConfig.LoadCredential = [ | 167 | systemd.services.postfix = { |
178 | "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" | 168 | preStart = concatMapStringsSep "\n" (domain: '' |
179 | "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" | 169 | cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem |
180 | "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem" | 170 | '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"]; |
181 | "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem" | 171 | |
182 | "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem" | 172 | serviceConfig.LoadCredential = [ |
183 | ]; | 173 | "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" |
174 | "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" | ||
175 | "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem" | ||
176 | "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem" | ||
177 | "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem" | ||
178 | ]; | ||
179 | }; | ||
184 | }; | 180 | }; |
185 | } | 181 | } |