Updated lib flake
This commit is contained in:
parent
492f3cf688
commit
b10d055e25
|
|
@ -21,6 +21,8 @@ let
|
|||
|
||||
passwd = pkgs.lib.fudo.passwd;
|
||||
|
||||
host-certs = config.fudo.acme.host-domains.${hostname};
|
||||
|
||||
in {
|
||||
networking = {
|
||||
dhcpcd.enable = false;
|
||||
|
|
@ -84,14 +86,26 @@ in {
|
|||
fudo = {
|
||||
hosts.procul.external-interfaces = [ "extif0" ];
|
||||
|
||||
acme.host-domains.${hostname}.${host-fqdn}.local-copies = {
|
||||
acme.host-domains.${hostname} = {
|
||||
${host-fqdn}.local-copies = {
|
||||
postgresql = {
|
||||
user = postgresql-user;
|
||||
user = config.systemd.services.postgresql.serviceConfig.User;
|
||||
dependent-services = [ "postgresql.service" ];
|
||||
part-of = [ config.fudo.postgresql.systemd-target ];
|
||||
};
|
||||
};
|
||||
|
||||
"imap.${domain-name}".local-copies.dovecot = {
|
||||
user = config.services.dovecot2.user;
|
||||
dependent-services = [ "dovecot2.service" ];
|
||||
};
|
||||
|
||||
"smtp.${domain-name}".local-copies.postfix = {
|
||||
user = config.services.postfix.user;
|
||||
dependent-services = [ "postfix.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
secrets.host-secrets.procul = let
|
||||
files = config.fudo.secrets.files;
|
||||
in {
|
||||
|
|
@ -146,14 +160,20 @@ in {
|
|||
clamav.enable = true;
|
||||
dkim.signing = true;
|
||||
|
||||
dovecot = {
|
||||
ssl-certificate = acme-certificate "imap.${domain-name}";
|
||||
ssl-private-key = acme-private-key "imap.${domain-name}";
|
||||
dovecot = let
|
||||
cert-copy =
|
||||
host-certs."imap.${domain-name}".local-copies.dovecot;
|
||||
in {
|
||||
ssl-certificate = cert-copy.full-certificate;
|
||||
ssl-private-key = cert-copy.private-key;
|
||||
};
|
||||
|
||||
postfix = {
|
||||
ssl-certificate = acme-certificate "smtp.${domain-name}";
|
||||
ssl-private-key = acme-private-key "smtp.${domain-name}";
|
||||
postfix = let
|
||||
cert-copy =
|
||||
host-certs."smtp.${domain-name}".local-copies.postfix;
|
||||
in {
|
||||
ssl-certificate = cert-copy.full-certificate;
|
||||
ssl-private-key = cert-copy.private-key;
|
||||
};
|
||||
|
||||
# This should NOT include the primary domain
|
||||
|
|
@ -176,7 +196,7 @@ in {
|
|||
};
|
||||
|
||||
postgresql = let
|
||||
cert-copy = config.fudo.acme.host-domains.${hostname}.${host-fqdn}.local-copies.postgresql;
|
||||
cert-copy = host-certs.${host-fqdn}.local-copies.postgresql;
|
||||
in {
|
||||
enable = true;
|
||||
ssl-certificate = cert-copy.full-certificate;
|
||||
|
|
|
|||
|
|
@ -297,7 +297,7 @@
|
|||
},
|
||||
"fudo-lib_2": {
|
||||
"locked": {
|
||||
"narHash": "sha256-1unDTB52rrC4MhomFowHi4kzTea0/dk15A9D59Cpu0Q=",
|
||||
"narHash": "sha256-epp76qOzc1TQ0ESqTVqE6ZUjXj5tPSjIea8Gc+MyoLI=",
|
||||
"path": "/state/fudo-lib",
|
||||
"type": "path"
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue