aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

postfix: configure cert/key using smtpd_tls_chain_files

Browse Source 
The sslCert and sslKey options are going away, because they do too much,
e.g. provision the keypair for client certificate authentication, which
is not at all what we want or need.
This commit is contained in:
Martin Weinelt
2025-06-12 01:01:38 +02:00
parent 8b27add088
commit e540dc864c
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
mail-server/postfix.nix
View File

@@ -207,13 +207,16 @@ in
mapFiles."denied_recipients" = denied_recipients_file; mapFiles."denied_recipients" = denied_recipients_file;
mapFiles."reject_senders" = reject_senders_file; mapFiles."reject_senders" = reject_senders_file;
mapFiles."reject_recipients" = reject_recipients_file; mapFiles."reject_recipients" = reject_recipients_file;
sslCert = certificatePath;
sslKey = keyPath;
enableSubmission = cfg.enableSubmission; enableSubmission = cfg.enableSubmission;
enableSubmissions = cfg.enableSubmissionSsl; enableSubmissions = cfg.enableSubmissionSsl;
virtual = lookupTableToString (mergeLookupTables [all_valiases_postfix catchAllPostfix forwards]); virtual = lookupTableToString (mergeLookupTables [all_valiases_postfix catchAllPostfix forwards]);
config = { config = {
smtpd_tls_chain_files = [
"${keyPath}"
"${certificatePath}"
];
# Extra Config # Extra Config
mydestination = ""; mydestination = "";
recipient_delimiter = cfg.recipientDelimiter; recipient_delimiter = cfg.recipientDelimiter;