1 files changed, 15 insertions, 7 deletions

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0d1ccf30..0e2a78eb 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -663,13 +663,18 @@ in {
       };
     };
 
-    security.acme.domains = {
-      "surtr.yggdrasil.li" = {};
-    } // listToAttrs (map (domain: nameValuePair "spm.${domain}" {}) spmDomains)
-    // listToAttrs (concatMap (domain:
-      map (subdomain: nameValuePair subdomain {})
-        [domain "mailin.${domain}" "mailsub.${domain}" "imap.${domain}" "mta-sts.${domain}"]
-    ) emailDomains);
+    security.acme.rfc2136Domains = {
+      "surtr.yggdrasil.li" = {
+        restartUnits = [ "postfix.service" "dovecot2.service" ];
+      };
+    } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)
+    // listToAttrs (concatMap (domain: [
+      (nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; })
+      (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })
+      (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })
+      (nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; })
+      (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })
+    ]) emailDomains);
 
     systemd.services.postfix = {
       serviceConfig.LoadCredential = [
@@ -824,6 +829,9 @@ in {
       };
     };
     systemd.services."postfix-ccert-sender-policy" = {
+      after = [ "postgresql.service" ];
+      bindsTo = [ "postgresql.service" ];
+
       serviceConfig = {
         Type = "notify";