Fix printer not supporting elliptic curve keys

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-07 23:03:18 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-07 23:03:18 +0200
commit: 5153eb54abab92497093fffa60c487c3523016d4 (patch)
tree: 64529f83e58edac69ba24457592d7b73b7227b78 /modules/private/mail/dovecot.nix
parent: 364b709fc590aca7ab9b38be97c91431abf011e1 (diff)
download: Nix-5153eb54abab92497093fffa60c487c3523016d4.tar.gz
Nix-5153eb54abab92497093fffa60c487c3523016d4.tar.zst
Nix-5153eb54abab92497093fffa60c487c3523016d4.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
index 77f9bd7..0304b89 100644
--- a/modules/private/mail/dovecot.nix
+++ b/modules/private/mail/dovecot.nix
@@ -80,6 +80,12 @@ in
      sslServerKey = "/var/lib/acme/mail/key.pem";
      sslCACert = "/var/lib/acme/mail/fullchain.pem";
      extraConfig = builtins.concatStringsSep "\n" [
+        # For printer which doesn’t support elliptic curve
+        ''
+          ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
+          ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
+        ''
        ''
          postmaster_address = postmaster@immae.eu
          mail_attribute_dict = file:%h/dovecot-attributes
@@ -269,6 +275,15 @@ in
      [
        "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
      ];
+    security.acme.certs."mail-rsa" = {
+      postRun = ''
+        systemctl restart dovecot2.service
+      '';
+      extraDomains = {
+        "imap.immae.eu" = null;
+        "pop3.immae.eu" = null;
+      };
+    };
    security.acme.certs."mail" = {
      postRun = ''
        systemctl restart dovecot2.service
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-07 23:03:18 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-07 23:03:18 +0200
commit	5153eb54abab92497093fffa60c487c3523016d4 (patch)
tree	64529f83e58edac69ba24457592d7b73b7227b78 /modules/private/mail/dovecot.nix
parent	364b709fc590aca7ab9b38be97c91431abf011e1 (diff)
download	Nix-5153eb54abab92497093fffa60c487c3523016d4.tar.gz Nix-5153eb54abab92497093fffa60c487c3523016d4.tar.zst Nix-5153eb54abab92497093fffa60c487c3523016d4.zip

diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix index 77f9bd7..0304b89 100644 --- a/modules/private/mail/dovecot.nix +++ b/modules/private/mail/dovecot.nix
@@ -80,6 +80,12 @@ in
80	sslServerKey = "/var/lib/acme/mail/key.pem";	80	sslServerKey = "/var/lib/acme/mail/key.pem";
81	sslCACert = "/var/lib/acme/mail/fullchain.pem";	81	sslCACert = "/var/lib/acme/mail/fullchain.pem";
82	extraConfig = builtins.concatStringsSep "\n" [	82	extraConfig = builtins.concatStringsSep "\n" [
		83	# For printer which doesn’t support elliptic curve
		84	''
		85	ssl_alt_cert = </var/lib/acme/mail-rsa/fullchain.pem
		86	ssl_alt_key = </var/lib/acme/mail-rsa/key.pem
		87	''
		88
83	''	89	''
84	postmaster_address = postmaster@immae.eu	90	postmaster_address = postmaster@immae.eu
85	mail_attribute_dict = file:%h/dovecot-attributes	91	mail_attribute_dict = file:%h/dovecot-attributes
@@ -269,6 +275,15 @@ in
269	[	275	[
270	"0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"	276	"0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
271	];	277	];
		278	security.acme.certs."mail-rsa" = {
		279	postRun = ''
		280	systemctl restart dovecot2.service
		281	'';
		282	extraDomains = {
		283	"imap.immae.eu" = null;
		284	"pop3.immae.eu" = null;
		285	};
		286	};
272	security.acme.certs."mail" = {	287	security.acme.certs."mail" = {
273	postRun = ''	288	postRun = ''
274	systemctl restart dovecot2.service	289	systemctl restart dovecot2.service