mynix/system
1
1
Fork 0
Code Issues 2 Pull requests Activity
system/nixos/hosts/magenta/services/mailserver.nix

74 lines
2.1 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
cfg = config.mailserver;
certsDir = "/var/certs";
# Extracting a Certificate from Traefik`s acme.json
# Source: https://www.zdyn.net/docker/2022/02/04/acme-certificate.html
dumpTraefikMailCerts = pkgs.writeScript "dump-mail-certs" ''
#!/bin/sh
mkdir -p $(dirname "${cfg.certificateFile}") $(dirname "${cfg.keyFile}")
${pkgs.jq}/bin/jq -r '.le.Certificates[] | select(.domain.main=="${cfg.fqdn}") | .certificate' /var/lib/traefik/acme.json | base64 -d > ${cfg.certificateFile}
${pkgs.jq}/bin/jq -r '.le.Certificates[] | select(.domain.main=="${cfg.fqdn}") | .key' /var/lib/traefik/acme.json | base64 -d > ${cfg.keyFile}
systemctl restart dovecot2.service
'';
in
{
imports = [ ./mailserver-accounts.secret.nix ];
# See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
mailserver = {
enable = true;
# We use traefik to generate certificates
certificateScheme = 1;
certificateFile = "${certsDir}/cert-${cfg.fqdn}.pem";
keyFile = "${certsDir}/key-${cfg.fqdn}.pem";
hierarchySeparator = "/";
};
services.traefik.dynamicConfigOptions.http = {
routers.mailserver_acme = {
rule = "Host(`${cfg.fqdn}`)";
entryPoints = [ "http" ];
tls = {
certResolver = "le";
domains = [
{
main = cfg.fqdn;
sans = cfg.domains;
}
];
};
service = "noop@internal";
};
};
systemd = {
# Watch traefik`s acme.json to update certs in /var/certs
# Source: https://superuser.com/questions/1171751/restart-systemd-service-automatically-whenever-a-directory-changes-any-file-ins
services.dump-traefik-mail-cert = {
unitConfig = {
Description = "Restart mail cert service";
After = [ "network.target" ];
};
serviceConfig = {
Type = "oneshot";
ExecStart = "${dumpTraefikMailCerts}";
};
wantedBy = [ "multi-user.target" ];
};
paths.dump-traefik-mail-cert = {
wantedBy = [ "multi-user.target" ];
pathConfig.PathChanged = "/var/lib/traefik/acme.json";
};
};
}
Reference in a new issue View git blame Copy permalink