From 056552a1dad6bec2c2255c05166cccf25fe56273 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 5 May 2022 14:26:32 +0200
Subject: ...

---
 hosts/surtr/email/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 9c56fb93..52955cd2 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -167,7 +167,11 @@ with lib;
 
     systemd.services.postfix = {
       preStart = concatMapStringsSep "\n" (domain: ''
-        cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem
+        (
+          umask 0037
+          cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem
+          chown acme:acme /var/lib/acme/${domain}/sni.pem
+        )
       '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"];
       
       serviceConfig.LoadCredential = [
-- 
cgit v1.2.3