mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2025-01-27 05:19:05 +01:00
Compare commits
3 commits
beabe43433
...
e311c7ab3f
| Author | SHA1 | Date | |
|---|---|---|---|
|
e311c7ab3f | ||
|
|
572c1b4d69 | ||
|
|
b610c68f92 |
5 changed files with 23 additions and 13 deletions
13
default.nix
13
default.nix
|
|
@ -675,6 +675,19 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
acmeCertificateName = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.fqdn;
|
||||
example = "example.com";
|
||||
description = ''
|
||||
({option}`mailserver.certificateScheme` == `acme`)
|
||||
|
||||
When the `acme` `certificateScheme` is selected, you can use this option
|
||||
to override the default certificate name. This is useful if you've
|
||||
generated a wildcard certificate, for example.
|
||||
'';
|
||||
};
|
||||
|
||||
enableImap = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
|
|
|||
|
|
@ -13,5 +13,10 @@
|
|||
assertion = config.mailserver.forwards == {};
|
||||
message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.forwards";
|
||||
}
|
||||
] ++ lib.optionals (config.mailserver.certificateScheme != "acme") [
|
||||
{
|
||||
assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn;
|
||||
message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ in
|
|||
else if cfg.certificateScheme == "selfsigned"
|
||||
then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem"
|
||||
else if cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx"
|
||||
then "${config.security.acme.certs.${cfg.fqdn}.directory}/fullchain.pem"
|
||||
then "${config.security.acme.certs.${cfg.acmeCertificateName}.directory}/fullchain.pem"
|
||||
else throw "unknown certificate scheme";
|
||||
|
||||
# key :: PATH
|
||||
|
|
@ -35,7 +35,7 @@ in
|
|||
else if cfg.certificateScheme == "selfsigned"
|
||||
then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
|
||||
else if cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx"
|
||||
then "${config.security.acme.certs.${cfg.fqdn}.directory}/key.pem"
|
||||
then "${config.security.acme.certs.${cfg.acmeCertificateName}.directory}/key.pem"
|
||||
else throw "unknown certificate scheme";
|
||||
|
||||
passwordFiles = let
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with (import ./common.nix { inherit config; });
|
||||
with (import ./common.nix { inherit config lib pkgs; });
|
||||
|
||||
let
|
||||
cfg = config.mailserver;
|
||||
|
|
@ -36,7 +36,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
security.acme.certs."${cfg.fqdn}".reloadServices = [
|
||||
security.acme.certs."${cfg.acmeCertificateName}".reloadServices = [
|
||||
"postfix.service"
|
||||
"dovecot2.service"
|
||||
];
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ in
|
|||
inherit debug;
|
||||
locals = {
|
||||
"milter_headers.conf" = { text = ''
|
||||
extended_spam_headers = yes;
|
||||
extended_spam_headers = true;
|
||||
''; };
|
||||
"redis.conf" = { text = ''
|
||||
servers = "${cfg.redis.address}:${toString cfg.redis.port}";
|
||||
|
|
@ -69,14 +69,6 @@ in
|
|||
''; };
|
||||
};
|
||||
|
||||
overrides = {
|
||||
"milter_headers.conf" = {
|
||||
text = ''
|
||||
extended_spam_headers = true;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
workers.rspamd_proxy = {
|
||||
type = "rspamd_proxy";
|
||||
bindSockets = [{
|
||||
|
|
|
|||
Loading…
Reference in a new issue