]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/postfix/sourcephile.nix
nix: revamp secrets
[sourcephile-nix.git] / hosts / losurdo / postfix / sourcephile.nix
1 { pkgs, lib, config, ... }:
2 let domain = "sourcephile.fr"; in
3 {
4 services.postfix = {
5 extraAliases = ''
6 '';
7 virtual = ''
8 root@${domain} julm+root@${domain}
9 '';
10 tls_server_sni_maps =
11 let chain = [
12 "/var/lib/acme/${domain}/key.pem"
13 "/var/lib/acme/${domain}/fullchain.pem"
14 ]; in {
15 "smtp.${domain}" = chain;
16 "mail.${domain}" = chain;
17 };
18 config = {
19 virtual_mailbox_domains = [
20 domain
21 ];
22 };
23 };
24 security.acme.certs."${domain}" = {
25 postRun = "systemctl reload postfix";
26 };
27 systemd.services.postfix = {
28 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
29 after = [ "acme-selfsigned-${domain}.service" ];
30 };
31 }