summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-09-03 12:04:27 +0200
committerlassulus <git@lassul.us>2023-09-03 12:04:27 +0200
commiteb00c6b977986dffbf2063a624a654438a5d354e (patch)
treee2bde616b5009290035f59c7d5f9ad53a4497b87 /lass
parent90ca326b590a6039bcc73a55c56ec2b3d52b6f6a (diff)
l exim-smarthost: fix ssl for mail.lassul.us
Diffstat (limited to 'lass')
-rw-r--r--lass/2configs/exim-smarthost.nix16
1 files changed, 15 insertions, 1 deletions
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index cb9abd43a..2a3a6b1e5 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -14,18 +14,22 @@ in {
dkim = [
{ domain = "lassul.us"; }
];
+ ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem";
+ ssl_key = "/var/lib/acme/mail.lassul.us/key.pem";
primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
+ config.krebs.hosts.aergia
config.krebs.hosts.blue
config.krebs.hosts.coaxmetal
config.krebs.hosts.green
config.krebs.hosts.mors
config.krebs.hosts.xerxes
];
- internet-aliases = map (from: { inherit from to; }) mails;
+ internet-aliases = map (from: { inherit from to; }) mails ++ [
+ ];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
{ from = "postmaster"; to = "root"; }
@@ -45,4 +49,14 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
];
+
+ security.acme.certs."mail.lassul.us" = {
+ group = "lasscert";
+ webroot = "/var/lib/acme/acme-challenge";
+ };
+ users.groups.lasscert.members = [
+ "dovecot2"
+ "exim"
+ "nginx"
+ ];
}