From eb00c6b977986dffbf2063a624a654438a5d354e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Sep 2023 12:04:27 +0200 Subject: [PATCH] l exim-smarthost: fix ssl for mail.lassul.us --- lass/2configs/exim-smarthost.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index cb9abd43a..2a3a6b1e5 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -14,18 +14,22 @@ in { dkim = [ { domain = "lassul.us"; } ]; + ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem"; + ssl_key = "/var/lib/acme/mail.lassul.us/key.pem"; primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" ]; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ + config.krebs.hosts.aergia config.krebs.hosts.blue config.krebs.hosts.coaxmetal config.krebs.hosts.green config.krebs.hosts.mors config.krebs.hosts.xerxes ]; - internet-aliases = map (from: { inherit from to; }) mails; + internet-aliases = map (from: { inherit from to; }) mails ++ [ + ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } { from = "postmaster"; to = "root"; } @@ -45,4 +49,14 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } ]; + + security.acme.certs."mail.lassul.us" = { + group = "lasscert"; + webroot = "/var/lib/acme/acme-challenge"; + }; + users.groups.lasscert.members = [ + "dovecot2" + "exim" + "nginx" + ]; }