summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/email/ca/.gitignore8
-rw-r--r--hosts/surtr/email/ca/index.txt1
-rw-r--r--hosts/surtr/email/ca/index.txt.attr1
-rw-r--r--hosts/surtr/email/ca/serial1
-rw-r--r--hosts/surtr/email/default.nix2
5 files changed, 9 insertions, 4 deletions
diff --git a/hosts/surtr/email/ca/.gitignore b/hosts/surtr/email/ca/.gitignore
index 7c894574..bc1d3eaf 100644
--- a/hosts/surtr/email/ca/.gitignore
+++ b/hosts/surtr/email/ca/.gitignore
@@ -1,3 +1,5 @@
1ca.key 1*.key
2ca.cnf 2*.cnf
3*.old \ No newline at end of file 3*.old
4*.crt
5certs \ No newline at end of file
diff --git a/hosts/surtr/email/ca/index.txt b/hosts/surtr/email/ca/index.txt
new file mode 100644
index 00000000..5010b5fe
--- /dev/null
+++ b/hosts/surtr/email/ca/index.txt
@@ -0,0 +1 @@
V 320502135347Z 01 unknown /CN=gkleen
diff --git a/hosts/surtr/email/ca/index.txt.attr b/hosts/surtr/email/ca/index.txt.attr
new file mode 100644
index 00000000..8f7e63a3
--- /dev/null
+++ b/hosts/surtr/email/ca/index.txt.attr
@@ -0,0 +1 @@
unique_subject = yes
diff --git a/hosts/surtr/email/ca/serial b/hosts/surtr/email/ca/serial
new file mode 100644
index 00000000..9e22bcb8
--- /dev/null
+++ b/hosts/surtr/email/ca/serial
@@ -0,0 +1 @@
02
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 9b3a0dea..165e0eb2 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -46,7 +46,7 @@ with lib;
46 smtp_tls_security_level = "dane"; 46 smtp_tls_security_level = "dane";
47 smtp_dns_support_level = "dnssec"; 47 smtp_dns_support_level = "dnssec";
48 48
49 tls_server_sni_maps = ''cidr:${pkgs.writeText "sni" '' 49 tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" ''
50 bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem 50 bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem
51 mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem 51 mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem
52 mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem 52 mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem