X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fdefault.nix;h=fd6d638a843e7fa08e8073d0e5d89227d826b231;hb=c5f1602f941d34ad1f9e7bdb69678d0c844c9db6;hp=b50e346a10495ed844ad15b2e2809a5f19795b1a;hpb=619e4f46adc15e409122c4e0fa0e0a0b811bb32f;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix
index b50e346..fd6d638 100644
--- a/modules/private/mail/default.nix
+++ b/modules/private/mail/default.nix
@@ -7,6 +7,7 @@
     ./relay.nix
     ./rspamd.nix
     ./opensmtpd.nix
+    ./sympa.nix
   ];
   options.myServices.mail.enable = lib.mkEnableOption "enable Mail services";
   options.myServices.mailRelay.enable = lib.mkEnableOption "enable Mail relay services";
@@ -22,8 +23,21 @@
         mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
       in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
     };
+    # This is for clients that don’t support elliptic curves (e.g.
+    # printer)
+    security.acme.certs."mail-rsa" = config.myServices.certificates.certConfig // {
+      domain = config.hostEnv.fqdn;
+      keyType = "rsa4096";
+      extraDomains = let
+        zonesWithMx = builtins.filter (zone:
+          lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
+        ) config.myEnv.dns.masterZones;
+        mxs = map (zone: "${config.hostEnv.mx.subdomain}.${zone.name}") zonesWithMx;
+      in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
+    };
     services.duplyBackup.profiles = {
       mail = {
+        remotes = [ "eriomem" "ovh" ];
         rootDir = "/var/lib";
         excludeFile = lib.mkAfter ''
           + /var/lib/vhost
@@ -31,5 +45,8 @@
           '';
       };
     };
+    systemd.slices.mail = {
+      description = "Mail slice";
+    };
   };
 }