mailman: trigger postfix reload when caddy renews
TLS Let's Encrypt certificates
This commit is contained in:
parent
94cc00572e
commit
bb80d107d5
|
@ -29,6 +29,31 @@ in {
|
||||||
hostname = "list.pub.solar";
|
hostname = "list.pub.solar";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.paths.watcher-caddy-ssl-file = {
|
||||||
|
description = "Watches for changes in caddy's TLS cert file (after renewals) to reload postfix";
|
||||||
|
documentation = "systemd.path(5)";
|
||||||
|
partOf = ["postfix-reload.service"];
|
||||||
|
pathConfig = {
|
||||||
|
PathChanged = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
|
||||||
|
Unit = "postfix-reload.service";
|
||||||
|
};
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."postfix-reload" = {
|
||||||
|
description = "Reloads postfix config, e.g. after TLS certs change, notified by watcher-caddy-ssl-file.path";
|
||||||
|
documentation = "systemd.path(5)";
|
||||||
|
requires = ["postfix.service"];
|
||||||
|
after = ["postfix.service"];
|
||||||
|
startLimitIntervalSec = 10;
|
||||||
|
startLimitBurst = 5;
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
script = ''
|
||||||
|
${pkgs.systemd}/bin/systemctl reload postfix
|
||||||
|
'';
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
};
|
||||||
|
|
||||||
services.mailman = {
|
services.mailman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# We use caddy instead of nginx
|
# We use caddy instead of nginx
|
||||||
|
|
Loading…
Reference in a new issue