diff options
author | lassulus <git@lassul.us> | 2023-09-03 12:04:27 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-09-03 12:04:27 +0200 |
commit | eb00c6b977986dffbf2063a624a654438a5d354e (patch) | |
tree | e2bde616b5009290035f59c7d5f9ad53a4497b87 | |
parent | 90ca326b590a6039bcc73a55c56ec2b3d52b6f6a (diff) |
l exim-smarthost: fix ssl for mail.lassul.us
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index cb9abd43a..2a3a6b1e5 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -14,18 +14,22 @@ in { dkim = [ { domain = "lassul.us"; } ]; + ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem"; + ssl_key = "/var/lib/acme/mail.lassul.us/key.pem"; primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" ]; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ + config.krebs.hosts.aergia config.krebs.hosts.blue config.krebs.hosts.coaxmetal config.krebs.hosts.green config.krebs.hosts.mors config.krebs.hosts.xerxes ]; - internet-aliases = map (from: { inherit from to; }) mails; + internet-aliases = map (from: { inherit from to; }) mails ++ [ + ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } { from = "postmaster"; to = "root"; } @@ -45,4 +49,14 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } ]; + + security.acme.certs."mail.lassul.us" = { + group = "lasscert"; + webroot = "/var/lib/acme/acme-challenge"; + }; + users.groups.lasscert.members = [ + "dovecot2" + "exim" + "nginx" + ]; } |