diff options
| -rw-r--r-- | hosts/surtr/email/default.nix | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 165e0eb2..0c625325 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
| @@ -47,10 +47,10 @@ with lib; | |||
| 47 | smtp_dns_support_level = "dnssec"; | 47 | smtp_dns_support_level = "dnssec"; |
| 48 | 48 | ||
| 49 | tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" '' | 49 | tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" '' |
| 50 | bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem | 50 | bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem |
| 51 | mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem | 51 | mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.full.pem |
| 52 | mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem | 52 | mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.full.pem |
| 53 | .bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem | 53 | .bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem |
| 54 | ''}''; | 54 | ''}''; |
| 55 | 55 | ||
| 56 | local_recipient_maps = ""; | 56 | local_recipient_maps = ""; |
| @@ -166,20 +166,12 @@ with lib; | |||
| 166 | }; | 166 | }; |
| 167 | 167 | ||
| 168 | systemd.services.postfix = { | 168 | systemd.services.postfix = { |
| 169 | preStart = concatMapStringsSep "\n" (domain: '' | ||
| 170 | ( | ||
| 171 | umask 0037 | ||
| 172 | cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem | ||
| 173 | chown acme:acme /var/lib/acme/${domain}/sni.pem | ||
| 174 | ) | ||
| 175 | '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"]; | ||
| 176 | |||
| 177 | serviceConfig.LoadCredential = [ | 169 | serviceConfig.LoadCredential = [ |
| 178 | "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" | 170 | "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" |
| 179 | "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" | 171 | "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" |
| 180 | "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem" | 172 | "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/full.pem" |
| 181 | "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem" | 173 | "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/full.pem" |
| 182 | "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem" | 174 | "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/full.pem" |
| 183 | ]; | 175 | ]; |
| 184 | }; | 176 | }; |
| 185 | }; | 177 | }; |