Add given password for hosts/carotte/nebula/carotte.key to store.
[sourcephile-nix.git] / hosts / losurdo / postfix / sourcephile.nix
index 36fe1a84919c29f49be8056ce0132960c747ae2d..c8ebf828830dccd1c8a6ec0492ac33c763c1daf3 100644 (file)
@@ -1,31 +1,34 @@
-{ pkgs, lib, config, ... }:
+{ config, ... }:
 let domain = "sourcephile.fr"; in
 {
-services.postfix = {
-  extraAliases = ''
+  services.postfix = {
+    extraAliases = ''
   '';
-  virtual = ''
-    root@${domain} julm+root@${domain}
-  '';
-  tls_server_sni_maps =
-    let chain = [
-      "/var/lib/acme/${domain}/key.pem"
-      "/var/lib/acme/${domain}/fullchain.pem"
-    ]; in {
-    "smtp.${domain}" = chain;
-    "mail.${domain}" = chain;
+    virtual = ''
+      root@${domain} julm+root@${domain}
+    '';
+    tls_server_sni_maps =
+      let
+        chain = [
+          "/var/lib/acme/${domain}/key.pem"
+          "/var/lib/acme/${domain}/fullchain.pem"
+        ];
+      in
+      {
+        "smtp.${domain}" = chain;
+        "mail.${domain}" = chain;
+      };
+    config = {
+      virtual_mailbox_domains = [
+        domain
+      ];
+    };
+  };
+  security.acme.certs."${domain}" = {
+    postRun = "systemctl try-restart postfix";
   };
-  config = {
-    virtual_mailbox_domains = [
-      domain
-    ];
+  systemd.services.postfix = {
+    wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
+    after = [ "acme-selfsigned-${domain}.service" ];
   };
-};
-security.acme.certs."${domain}" = {
-  postRun = "systemctl reload postfix";
-};
-systemd.services.postfix = {
-  wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
-  after = [ "acme-selfsigned-${domain}.service" ];
-};
 }