From 167be248f4d9131392962d57f937f78b63301835 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 5 May 2022 16:09:19 +0200
Subject: surtr: ...

---
 hosts/surtr/email/ca/.gitignore     | 8 +++++---
 hosts/surtr/email/ca/index.txt      | 1 +
 hosts/surtr/email/ca/index.txt.attr | 1 +
 hosts/surtr/email/ca/serial         | 1 +
 hosts/surtr/email/default.nix       | 2 +-
 5 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 hosts/surtr/email/ca/index.txt
 create mode 100644 hosts/surtr/email/ca/index.txt.attr
 create mode 100644 hosts/surtr/email/ca/serial

diff --git a/hosts/surtr/email/ca/.gitignore b/hosts/surtr/email/ca/.gitignore
index 7c894574..bc1d3eaf 100644
--- a/hosts/surtr/email/ca/.gitignore
+++ b/hosts/surtr/email/ca/.gitignore
@@ -1,3 +1,5 @@
-ca.key
-ca.cnf
-*.old
\ No newline at end of file
+*.key
+*.cnf
+*.old
+*.crt
+certs
\ No newline at end of file
diff --git a/hosts/surtr/email/ca/index.txt b/hosts/surtr/email/ca/index.txt
new file mode 100644
index 00000000..5010b5fe
--- /dev/null
+++ b/hosts/surtr/email/ca/index.txt
@@ -0,0 +1 @@
+V	320502135347Z		01	unknown	/CN=gkleen
diff --git a/hosts/surtr/email/ca/index.txt.attr b/hosts/surtr/email/ca/index.txt.attr
new file mode 100644
index 00000000..8f7e63a3
--- /dev/null
+++ b/hosts/surtr/email/ca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/hosts/surtr/email/ca/serial b/hosts/surtr/email/ca/serial
new file mode 100644
index 00000000..9e22bcb8
--- /dev/null
+++ b/hosts/surtr/email/ca/serial
@@ -0,0 +1 @@
+02
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 9b3a0dea..165e0eb2 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -46,7 +46,7 @@ with lib;
         smtp_tls_security_level = "dane";
         smtp_dns_support_level = "dnssec";
 
-        tls_server_sni_maps = ''cidr:${pkgs.writeText "sni" ''
+        tls_server_sni_maps = ''texthash:${pkgs.writeText "sni" ''
           bouncy.email /run/credentials/postfix.service/bouncy.email.sni.pem
           mailin.bouncy.email /run/credentials/postfix.service/mailin.bouncy.email.sni.pem
           mailsub.bouncy.email /run/credentials/postfix.service/mailsub.bouncy.email.sni.pem
-- 
cgit v1.2.3