diff options
Diffstat (limited to 'hosts/surtr')
-rw-r--r-- | hosts/surtr/email/default.nix | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 165e0eb2..0c625325 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
@@ -47,10 +47,10 @@ with lib; | |||
47 | smtp_dns_support_level = "dnssec"; | 47 | smtp_dns_support_level = "dnssec"; |
48 | 48 | ||
49 | tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" '' | 49 | tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" '' |
50 | bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem | 50 | bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem |
51 | mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem | 51 | mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.full.pem |
52 | mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem | 52 | mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.full.pem |
53 | .bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem | 53 | .bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem |
54 | ''}''; | 54 | ''}''; |
55 | 55 | ||
56 | local_recipient_maps = ""; | 56 | local_recipient_maps = ""; |
@@ -166,20 +166,12 @@ with lib; | |||
166 | }; | 166 | }; |
167 | 167 | ||
168 | systemd.services.postfix = { | 168 | systemd.services.postfix = { |
169 | preStart = concatMapStringsSep "\n" (domain: '' | ||
170 | ( | ||
171 | umask 0037 | ||
172 | cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem | ||
173 | chown acme:acme /var/lib/acme/${domain}/sni.pem | ||
174 | ) | ||
175 | '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"]; | ||
176 | |||
177 | serviceConfig.LoadCredential = [ | 169 | serviceConfig.LoadCredential = [ |
178 | "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" | 170 | "surtr.yggdrasil.li.key.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/key.pem" |
179 | "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" | 171 | "surtr.yggdrasil.li.pem:${config.security.acme.certs."surtr.yggdrasil.li".directory}/fullchain.pem" |
180 | "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/sni.pem" | 172 | "bouncy.email.sni.pem:${config.security.acme.certs."bouncy.email".directory}/full.pem" |
181 | "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/sni.pem" | 173 | "mailin.bouncy.email.sni.pem:${config.security.acme.certs."mailin.bouncy.email".directory}/full.pem" |
182 | "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/sni.pem" | 174 | "mailsub.bouncy.email.sni.pem:${config.security.acme.certs."mailsub.bouncy.email".directory}/full.pem" |
183 | ]; | 175 | ]; |
184 | }; | 176 | }; |
185 | }; | 177 | }; |