postfix: use caddy's certs for STARTTLS on port 25

This commit is contained in:
teutat3s 2023-02-08 20:29:53 +01:00
parent 5e5fb64dde
commit 1199820574
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -14,9 +14,12 @@ in {
services.postfix = { services.postfix = {
enable = true; enable = true;
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
# FIXME: get TLS certs for list.pub.solar from caddy # get TLS certs for list.pub.solar from caddy
#sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; # TODO: when caddy renews certs, postfix doesn't know about it
#sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; # implement custom built caddy with events exec handler or systemd-reload
# hook so postfix reloads, too
sslCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
sslKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.key";
config = { config = {
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];