From be5949a8db580f45ad693ba2950aec64f9e0445d Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 26 Apr 2016 14:48:24 +0200
Subject: ssl for postfix

---
 ymir.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index d1ad060a..bb0fc74a 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -156,6 +156,7 @@ in rec {
   users.groups."ssl" = {
     members = [ "prosody"
                 "nginx"
+                "postfix"
               ];
   };
 
@@ -297,15 +298,16 @@ in rec {
     rootAlias = "gkleen";
     setSendmail = true;
     destination = ["yggdrasil.li" "ymir.yggdrasil.li" "praseodym.org" "ymir.praseodym.org" "141.li" "ymir.141.li" "xmpp.li" "ymir.xmpp.li" "dirty-haskell.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li" "localhost.yggdrasil.li" "localhost"];
-    sslCert = "";
-    sslKey = "";
+    sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
   };
 
   security.acme = {
     certs = {
       "yggdrasil.li" = {
-        webroot = "/srv/www/acme/yggdrasil.li";
         allowKeysForGroup = true;
+        group = "ssl";
+        webroot = "/srv/www/acme/yggdrasil.li";
         email = "phikeebaogobaegh@141.li";
         extraDomains = builtins.listToAttrs (builtins.map (name: { inherit name; value = "/srv/www/acme/${name}"; })
           ["git.yggdrasil.li" "dirty-haskell.org" "www.dirty-haskell.org" "141.li" "www.141.li" "xmpp.li" "www.xmpp.li" "www.yggdrasil.li" "praseodym.org" "www.praseodym.org" "explainuxul.de" "www.explainuxul.de" "lmu.li" "www.lmu.li"]);
-- 
cgit v1.2.3