X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fpostfix.nix;h=985d4af084d8784d470f9122aa8e7ca5bc2105fd;hb=9f16e659f129dd8acab7d086ef9822673a01ba06;hp=4791b418a60d9194c67cf8fa31ebbbaa49d47f60;hpb=5400b9b6f65451d41a9106fae6fc00f97d83f4ef;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index 4791b41..985d4af 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -171,9 +171,6 @@
 
     networking.firewall.allowedTCPPorts = [ 25 465 587 ];
 
-    nixpkgs.overlays = [ (self: super: {
-      postfix = super.postfix.override { withMySQL = true; };
-    }) ];
     users.users."${config.services.postfix.user}".extraGroups = [ "keys" ];
     services.filesWatcher.postfix = {
       restart = true;
@@ -350,6 +347,10 @@
           "unix:${config.myServices.mail.milters.sockets.openarc}"
           "unix:${config.myServices.mail.milters.sockets.opendmarc}"
         ];
+
+        smtp_use_tls = true;
+        smtpd_use_tls = true;
+        smtpd_tls_chain_files = builtins.concatStringsSep "," [ "/var/lib/acme/mail/full.pem" "/var/lib/acme/mail-rsa/full.pem" ];
       };
       enable = true;
       enableSmtp = true;
@@ -388,8 +389,6 @@
       # This needs to reverse DNS
       hostname = config.hostEnv.fqdn;
       setSendmail = true;
-      sslCert = "/var/lib/acme/mail/fullchain.pem";
-      sslKey = "/var/lib/acme/mail/key.pem";
       recipientDelimiter = "+";
       masterConfig = {
         submissions = {