Updated lib flake
This commit is contained in:
parent
492f3cf688
commit
b10d055e25
|
|
@ -21,6 +21,8 @@ let
|
||||||
|
|
||||||
passwd = pkgs.lib.fudo.passwd;
|
passwd = pkgs.lib.fudo.passwd;
|
||||||
|
|
||||||
|
host-certs = config.fudo.acme.host-domains.${hostname};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
networking = {
|
networking = {
|
||||||
dhcpcd.enable = false;
|
dhcpcd.enable = false;
|
||||||
|
|
@ -84,11 +86,23 @@ in {
|
||||||
fudo = {
|
fudo = {
|
||||||
hosts.procul.external-interfaces = [ "extif0" ];
|
hosts.procul.external-interfaces = [ "extif0" ];
|
||||||
|
|
||||||
acme.host-domains.${hostname}.${host-fqdn}.local-copies = {
|
acme.host-domains.${hostname} = {
|
||||||
postgresql = {
|
${host-fqdn}.local-copies = {
|
||||||
user = postgresql-user;
|
postgresql = {
|
||||||
dependent-services = [ "postgresql.service" ];
|
user = config.systemd.services.postgresql.serviceConfig.User;
|
||||||
part-of = [ config.fudo.postgresql.systemd-target ];
|
dependent-services = [ "postgresql.service" ];
|
||||||
|
part-of = [ config.fudo.postgresql.systemd-target ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"imap.${domain-name}".local-copies.dovecot = {
|
||||||
|
user = config.services.dovecot2.user;
|
||||||
|
dependent-services = [ "dovecot2.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
"smtp.${domain-name}".local-copies.postfix = {
|
||||||
|
user = config.services.postfix.user;
|
||||||
|
dependent-services = [ "postfix.service" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -146,14 +160,20 @@ in {
|
||||||
clamav.enable = true;
|
clamav.enable = true;
|
||||||
dkim.signing = true;
|
dkim.signing = true;
|
||||||
|
|
||||||
dovecot = {
|
dovecot = let
|
||||||
ssl-certificate = acme-certificate "imap.${domain-name}";
|
cert-copy =
|
||||||
ssl-private-key = acme-private-key "imap.${domain-name}";
|
host-certs."imap.${domain-name}".local-copies.dovecot;
|
||||||
|
in {
|
||||||
|
ssl-certificate = cert-copy.full-certificate;
|
||||||
|
ssl-private-key = cert-copy.private-key;
|
||||||
};
|
};
|
||||||
|
|
||||||
postfix = {
|
postfix = let
|
||||||
ssl-certificate = acme-certificate "smtp.${domain-name}";
|
cert-copy =
|
||||||
ssl-private-key = acme-private-key "smtp.${domain-name}";
|
host-certs."smtp.${domain-name}".local-copies.postfix;
|
||||||
|
in {
|
||||||
|
ssl-certificate = cert-copy.full-certificate;
|
||||||
|
ssl-private-key = cert-copy.private-key;
|
||||||
};
|
};
|
||||||
|
|
||||||
# This should NOT include the primary domain
|
# This should NOT include the primary domain
|
||||||
|
|
@ -176,7 +196,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
postgresql = let
|
postgresql = let
|
||||||
cert-copy = config.fudo.acme.host-domains.${hostname}.${host-fqdn}.local-copies.postgresql;
|
cert-copy = host-certs.${host-fqdn}.local-copies.postgresql;
|
||||||
in {
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
ssl-certificate = cert-copy.full-certificate;
|
ssl-certificate = cert-copy.full-certificate;
|
||||||
|
|
|
||||||
|
|
@ -297,7 +297,7 @@
|
||||||
},
|
},
|
||||||
"fudo-lib_2": {
|
"fudo-lib_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"narHash": "sha256-1unDTB52rrC4MhomFowHi4kzTea0/dk15A9D59Cpu0Q=",
|
"narHash": "sha256-epp76qOzc1TQ0ESqTVqE6ZUjXj5tPSjIea8Gc+MyoLI=",
|
||||||
"path": "/state/fudo-lib",
|
"path": "/state/fudo-lib",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue