30 lines
813 B
Nix
30 lines
813 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
with (import ./common.nix {inherit config;}); let
|
|
cfg = config.mailsystem;
|
|
in {
|
|
config =
|
|
lib.mkIf cfg.enable {
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."${cfg.fqdn}" = {
|
|
forceSSL = true;
|
|
enableACME = cfg.certificateScheme == "acme";
|
|
sslCertificate = lib.mkIf (cfg.certificateScheme == "selfsigned") sslCertPath;
|
|
sslCertificateKey = lib.mkIf (cfg.certificateScheme == "selfsigned") sslKeyPath;
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];
|
|
}
|
|
// lib.mkIf (cfg.enable && cfg.certificateScheme == "acme") {
|
|
security.acme.certs."${cfg.fqdn}".reloadServices = [
|
|
"postfix.service"
|
|
"dovecot2.service"
|
|
];
|
|
};
|
|
}
|