From 7f04383e716b8b5b67e28422d7d72896fb080918 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 11 Jul 2022 09:28:58 +0200
Subject: bouncy.email: MTA-STS

---
 hosts/surtr/email/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'hosts')

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index d72a4465..9bdaac75 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -87,6 +87,8 @@ in {
           .bouncy.email /run/credentials/postfix.service/bouncy.email.full.pem
         ''}'';
 
+        smtp_tls_policy_maps = "socketmap:unix:${config.services.postfix-mta-sts-resolver.settings.path}:postfix";
+
         local_recipient_maps = "";
 
         # 10 GiB
@@ -723,5 +725,7 @@ in {
       format = "binary";
       sopsFile = ./spm-keys.json;
     };
+
+    services.postfix-mta-sts-resolver.enable = true;
   };
 }
-- 
cgit v1.2.3