X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fpostfix.nix;h=985d4af084d8784d470f9122aa8e7ca5bc2105fd;hb=8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31;hp=e0347ec11a975d01e67d3da796f63bc2718c476e;hpb=45730653020eb8b23090a731fc9e687efab850a5;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index e0347ec..985d4af 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -171,9 +171,6 @@
 
     networking.firewall.allowedTCPPorts = [ 25 465 587 ];
 
-    nixpkgs.overlays = [ (self: super: {
-      postfix = super.postfix.override { withMySQL = true; };
-    }) ];
     users.users."${config.services.postfix.user}".extraGroups = [ "keys" ];
     services.filesWatcher.postfix = {
       restart = true;
@@ -350,6 +347,10 @@
           "unix:${config.myServices.mail.milters.sockets.openarc}"
           "unix:${config.myServices.mail.milters.sockets.opendmarc}"
         ];
+
+        smtp_use_tls = true;
+        smtpd_use_tls = true;
+        smtpd_tls_chain_files = builtins.concatStringsSep "," [ "/var/lib/acme/mail/full.pem" "/var/lib/acme/mail-rsa/full.pem" ];
       };
       enable = true;
       enableSmtp = true;
@@ -388,8 +389,6 @@
       # This needs to reverse DNS
       hostname = config.hostEnv.fqdn;
       setSendmail = true;
-      sslCert = "/var/lib/acme/mail/fullchain.pem";
-      sslKey = "/var/lib/acme/mail/key.pem";
       recipientDelimiter = "+";
       masterConfig = {
         submissions = {
@@ -428,7 +427,7 @@
         };
       };
     };
-    security.acme2.certs."mail" = {
+    security.acme.certs."mail" = {
       postRun = ''
         systemctl restart postfix.service
         '';