X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fpostfix.nix;h=769ed5dece3a65e477ce2f3f733533bbdf78884e;hb=514f9ec3beec470c4445be690673a0ceab9115b4;hp=4791b418a60d9194c67cf8fa31ebbbaa49d47f60;hpb=5400b9b6f65451d41a9106fae6fc00f97d83f4ef;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index 4791b41..769ed5d 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -171,9 +171,6 @@
 
     networking.firewall.allowedTCPPorts = [ 25 465 587 ];
 
-    nixpkgs.overlays = [ (self: super: {
-      postfix = super.postfix.override { withMySQL = true; };
-    }) ];
     users.users."${config.services.postfix.user}".extraGroups = [ "keys" ];
     services.filesWatcher.postfix = {
       restart = true;
@@ -350,6 +347,13 @@
           "unix:${config.myServices.mail.milters.sockets.openarc}"
           "unix:${config.myServices.mail.milters.sockets.opendmarc}"
         ];
+
+        smtp_use_tls = true;
+        smtpd_use_tls = true;
+        smtpd_tls_chain_files = builtins.concatStringsSep "," [ "/var/lib/acme/mail/full.pem" "/var/lib/acme/mail-rsa/full.pem" ];
+
+        maximal_queue_lifetime = "6w";
+        bounce_queue_lifetime = "6w";
       };
       enable = true;
       enableSmtp = true;
@@ -388,8 +392,6 @@
       # This needs to reverse DNS
       hostname = config.hostEnv.fqdn;
       setSendmail = true;
-      sslCert = "/var/lib/acme/mail/fullchain.pem";
-      sslKey = "/var/lib/acme/mail/key.pem";
       recipientDelimiter = "+";
       masterConfig = {
         submissions = {
@@ -436,6 +438,14 @@
         "smtp.immae.eu" = null;
       };
     };
+    security.acme.certs."mail-rsa" = {
+      postRun = ''
+        systemctl restart postfix.service
+        '';
+      extraDomains = {
+        "smtp.immae.eu" = null;
+      };
+    };
     system.activationScripts.testmail = {
       deps = [ "users" ];
       text = let