postfix: use caddy's certs for STARTTLS on port 25
This commit is contained in:
parent
5e5fb64dde
commit
1199820574
|
@ -14,9 +14,12 @@ in {
|
|||
services.postfix = {
|
||||
enable = true;
|
||||
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||||
# FIXME: get TLS certs for list.pub.solar from caddy
|
||||
#sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
|
||||
#sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
|
||||
# get TLS certs for list.pub.solar from caddy
|
||||
# TODO: when caddy renews certs, postfix doesn't know about it
|
||||
# implement custom built caddy with events exec handler or systemd-reload
|
||||
# hook so postfix reloads, too
|
||||
sslCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
|
||||
sslKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.key";
|
||||
config = {
|
||||
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||
|
|
Loading…
Reference in a new issue