X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fdefault.nix;h=d893ec49d53184bb4cd495fca0bc3e82765be37d;hb=8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31;hp=1c64e158be5aa035a5718eb41fb55493c052d098;hpb=981fa80354fd6f00f49446777c38f77bd8a65f65;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix
index 1c64e15..d893ec4 100644
--- a/modules/private/mail/default.nix
+++ b/modules/private/mail/default.nix
@@ -13,7 +13,7 @@
   options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";
 
   config = lib.mkIf config.myServices.mail.enable {
-    security.acme2.certs."mail" = config.myServices.certificates.certConfig // {
+    security.acme.certs."mail" = config.myServices.certificates.certConfig // {
       domain = config.hostEnv.fqdn;
       extraDomains = let
         zonesWithMx = builtins.filter (zone:
@@ -22,6 +22,18 @@
         mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
       in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
     };
+    # This is for clients that don’t support elliptic curves (e.g.
+    # printer)
+    security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
+      domain = config.hostEnv.fqdn;
+      keyType = "rsa4096";
+      extraDomains = let
+        zonesWithMx = builtins.filter (zone:
+          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
+        ) config.myEnv.dns.masterZones;
+        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
+      in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
+    };
     services.duplyBackup.profiles = {
       mail = {
         rootDir = "/var/lib";