From b10d055e25e8baa6f50a6c69b9298f8c8424979c Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Mon, 29 Nov 2021 21:34:05 -0800
Subject: [PATCH] Updated lib flake

---
 config/host-config/procul.nix | 44 +++++++++++++++++++++++++----------
 flake.lock                    |  2 +-
 2 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix
index 7693f75..6ebd6b8 100644
--- a/config/host-config/procul.nix
+++ b/config/host-config/procul.nix
@@ -21,6 +21,8 @@ let
 
   passwd = pkgs.lib.fudo.passwd;
 
+  host-certs = config.fudo.acme.host-domains.${hostname};
+
 in {
   networking = {
     dhcpcd.enable = false;
@@ -84,11 +86,23 @@ in {
   fudo = {
     hosts.procul.external-interfaces = [ "extif0" ];
 
-    acme.host-domains.${hostname}.${host-fqdn}.local-copies = {
-      postgresql = {
-        user = postgresql-user;
-        dependent-services = [ "postgresql.service" ];
-        part-of = [ config.fudo.postgresql.systemd-target ];
+    acme.host-domains.${hostname} = {
+      ${host-fqdn}.local-copies = {
+        postgresql = {
+          user = config.systemd.services.postgresql.serviceConfig.User;
+          dependent-services = [ "postgresql.service" ];
+          part-of = [ config.fudo.postgresql.systemd-target ];
+        };
+      };
+
+      "imap.${domain-name}".local-copies.dovecot = {
+        user = config.services.dovecot2.user;
+        dependent-services = [ "dovecot2.service" ];
+      };
+
+      "smtp.${domain-name}".local-copies.postfix = {
+        user = config.services.postfix.user;
+        dependent-services = [ "postfix.service" ];
       };
     };
 
@@ -146,14 +160,20 @@ in {
       clamav.enable = true;
       dkim.signing = true;
 
-      dovecot = {
-        ssl-certificate = acme-certificate "imap.${domain-name}";
-        ssl-private-key = acme-private-key "imap.${domain-name}";
+      dovecot = let
+        cert-copy =
+          host-certs."imap.${domain-name}".local-copies.dovecot;
+      in {
+        ssl-certificate = cert-copy.full-certificate;
+        ssl-private-key = cert-copy.private-key;
       };
 
-      postfix = {
-        ssl-certificate = acme-certificate "smtp.${domain-name}";
-        ssl-private-key = acme-private-key "smtp.${domain-name}";
+      postfix = let
+        cert-copy =
+          host-certs."smtp.${domain-name}".local-copies.postfix;
+      in {
+        ssl-certificate = cert-copy.full-certificate;
+        ssl-private-key = cert-copy.private-key;
       };
 
       # This should NOT include the primary domain
@@ -176,7 +196,7 @@ in {
     };
 
     postgresql = let
-      cert-copy = config.fudo.acme.host-domains.${hostname}.${host-fqdn}.local-copies.postgresql;
+      cert-copy = host-certs.${host-fqdn}.local-copies.postgresql;
     in {
       enable = true;
       ssl-certificate = cert-copy.full-certificate;
diff --git a/flake.lock b/flake.lock
index 9a4da5c..ffc0a7d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -297,7 +297,7 @@
     },
     "fudo-lib_2": {
       "locked": {
-        "narHash": "sha256-1unDTB52rrC4MhomFowHi4kzTea0/dk15A9D59Cpu0Q=",
+        "narHash": "sha256-epp76qOzc1TQ0ESqTVqE6ZUjXj5tPSjIea8Gc+MyoLI=",
         "path": "/state/fudo-lib",
         "type": "path"
       },