diff options
| author | Alejandro Soto <alejandro@34project.org> | 2023-02-10 12:17:09 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2023-02-10 12:17:09 -0600 |
| commit | b8a62165e4f3dd6a35ebad0dcaea0971d4323735 (patch) | |
| tree | 18f724db4df2eccd9f3983fe5c39615c6fe96202 /env | |
| parent | 7443b4290428e003300ab6070e577c2e9ae1771b (diff) | |
env/users: enable IMAP TLS
Diffstat (limited to 'env')
| -rw-r--r-- | env/acme/default.nix | 6 | ||||
| -rw-r--r-- | env/users/mailbox.nix | 16 |
2 files changed, 14 insertions, 8 deletions
diff --git a/env/acme/default.nix b/env/acme/default.nix index 779b4e2..9b3db80 100644 --- a/env/acme/default.nix +++ b/env/acme/default.nix @@ -22,6 +22,11 @@ in defaults = { email = "security@${config.networking.domain}"; renewInterval = "weekly"; + + webroot = + if config.security.acme.defaults.dnsProvider == null + then "/var/lib/acme/acme-challenge" + else null; }; certs = @@ -31,7 +36,6 @@ in certConfig = domains: { domain = domains.main; extraDomainNames = domainSort (attrValues (filterAttrs (k: _: k != "main") domains)); - webroot = "/var/lib/acme/acme-challenge"; }; in mapAttrs' diff --git a/env/users/mailbox.nix b/env/users/mailbox.nix index e603214..9fe460e 100644 --- a/env/users/mailbox.nix +++ b/env/users/mailbox.nix @@ -6,6 +6,8 @@ in options.local.mailHost = with types; { enable = mkEnableOption "mailbox host service"; + security.acme.defaults.dnsProvider = "gandiv5"; + mdaListen = mkOption { type = str; }; @@ -33,8 +35,8 @@ in enablePAM = false; enableLmtp = true; - #sslServerKey = "${cert}/key.pem"; - #sslServerCert = "${cert}/fullchain.pem"; + sslServerKey = "${cert}/key.pem"; + sslServerCert = "${cert}/fullchain.pem"; modules = [ pkgs.dovecot_pigeonhole ]; @@ -146,9 +148,9 @@ in # Necesario debido a 'enablePAM = false' pam.services.dovecot2 = { }; - #acme.certs.${imapHostname} = { - # inherit (config.services.dovecot2) group; - #}; + acme.certs.${imapHostname} = { + inherit (config.services.dovecot2) group; + }; }; users = { @@ -156,8 +158,8 @@ in groups.${config.services.dovecot2.mailGroup}.gid = 993; }; - #networking.firewall.allowedTCPPorts = [ 143 993 ]; + networking.firewall.allowedTCPPorts = [ 143 587 993 ]; - #local.certs.imap.enable = true; + local.certs.imap.enable = true; }; } |