postfix: use caddy's certs for STARTTLS on port 25

This commit is contained in:
teutat3s 2023-02-08 20:29:53 +01:00
parent 5e5fb64dde
commit 1199820574
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -14,9 +14,12 @@ in {
services.postfix = {
enable = true;
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
# FIXME: get TLS certs for list.pub.solar from caddy
#sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
#sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
# get TLS certs for list.pub.solar from caddy
# TODO: when caddy renews certs, postfix doesn't know about it
# implement custom built caddy with events exec handler or systemd-reload
# hook so postfix reloads, too
sslCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
sslKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.key";
config = {
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];