Fix printer not supporting elliptic curve keys

[perso/Immae/Config/Nix.git] / modules / private / mail / dovecot.nix

diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
index 77f9bd71aca64c993494375139368a8d363b6dbc..0304b899cb724f7b02e483d3918b8ab9f8ad4087 100644 (file)
--- a/modules/private/mail/dovecot.nix
+++ b/modules/private/mail/dovecot.nix
@@ -80,6 +80,12 @@ in
       sslServerKey = "/var/lib/acme/mail/key.pem";
       sslCACert = "/var/lib/acme/mail/fullchain.pem";
       extraConfig = builtins.concatStringsSep "\n" [
+        # For printer which doesn’t support elliptic curve
+        ''
+          ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
+          ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
+        ''
+
         ''
           postmaster_address = postmaster@immae.eu
           mail_attribute_dict = file:%h/dovecot-attributes
@@ -269,6 +275,15 @@ in
       [
         "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
       ];
+    security.acme.certs."mail-rsa" = {
+      postRun = ''
+        systemctl restart dovecot2.service
+      '';
+      extraDomains = {
+        "imap.immae.eu" = null;
+        "pop3.immae.eu" = null;
+      };
+    };
     security.acme.certs."mail" = {
       postRun = ''
         systemctl restart dovecot2.service