forked from pub-solar/os
postfix: use caddy's certs for STARTTLS on port 25
This commit is contained in:
parent
5e5fb64dde
commit
1199820574
|
@ -14,9 +14,12 @@ in {
|
||||||
services.postfix = {
|
services.postfix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||||||
# FIXME: get TLS certs for list.pub.solar from caddy
|
# get TLS certs for list.pub.solar from caddy
|
||||||
#sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
|
# TODO: when caddy renews certs, postfix doesn't know about it
|
||||||
#sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
|
# implement custom built caddy with events exec handler or systemd-reload
|
||||||
|
# hook so postfix reloads, too
|
||||||
|
sslCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
|
||||||
|
sslKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.key";
|
||||||
config = {
|
config = {
|
||||||
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||||
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||||
|
|
Loading…
Reference in a new issue