pyrox.dev / nix
My Nix Configuration
fork atom

[systems.prefect] Update mail cert copying to be monthly

pyrox.dev 19e3d28e 4f905468

options
unified split
Changed files
+29 -11
systems
x86_64-linux
prefect
services
mailserver
default.nix
+29 -11
systems/x86_64-linux/prefect/services/mailserver/default.nix 
···

       
1

       

       
-

       
{ lib, ... }:


     

       

       
1

       
+

       
{ lib, pkgs, ... }:


     

       
2

       
2

       
 

       
{


     

       
3

       
3

       
 

       
  imports = [


     

       
4

       
4

       
 

       
    ./logins.nix


     
···

       
93

       
93

       
 

       
    certificateFile = "/var/lib/mail/mail.crt";


     

       
94

       
94

       
 

       
    keyFile = "/var/lib/mail/mail.key";


     

       
95

       
95

       
 

       
  };


     

       
96

       

       
-

       
  system.activationScripts = {


     

       
97

       

       
-

       
    mail-certs.text = ''


     

       
98

       

       
-

       
      # Copy and chown the mail cert


     

       
99

       

       
-

       
      cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.crt /var/lib/mail/mail.crt


     

       
100

       

       
-

       
      chmod a+r /var/lib/mail/mail.crt


     

       
101

       

       
-

       
      cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.key /var/lib/mail/mail.key


     

       
102

       

       
-

       
      chmod a+r /var/lib/mail/mail.key


     

       
103

       

       
-

       
      chown -hR virtualMail:virtualMail /var/lib/mail/


     

       
104

       
96

       
 

       



     

       
105

       

       
-

       
    '';


     

       
106

       

       
-

       
  };


     

       
107

       
97

       
 

       
  services.opendkim = {


     

       
108

       
98

       
 

       
    user = lib.mkForce "virtualMail";


     

       
109

       
99

       
 

       
    group = lib.mkForce "virtualMail";


     

       
110

       
100

       
 

       
  };


     

       

       
101

       
+

       



     

       

       
102

       
+

       
  # Copy mail certs every month so that they don't expire


     

       

       
103

       
+

       
  systemd = {


     

       

       
104

       
+

       
    timers."copy-mail-certs" = {


     

       

       
105

       
+

       
      wantedBy = [ "timers.target" ];


     

       

       
106

       
+

       
      timerConfig = {


     

       

       
107

       
+

       
        OnBootSec = "5m";


     

       

       
108

       
+

       
        OnCalendar = "monthly";


     

       

       
109

       
+

       
        Unit = "copy-mail-certs.service";


     

       

       
110

       
+

       
      };


     

       

       
111

       
+

       
    };


     

       

       
112

       
+

       



     

       

       
113

       
+

       
    services."copy-mail-certs" = {


     

       

       
114

       
+

       
      script = ''


     

       

       
115

       
+

       
        set -eu


     

       

       
116

       
+

       
        cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.crt /var/lib/mail/mail.crt


     

       

       
117

       
+

       
        chmod a+r /var/lib/mail/mail.crt


     

       

       
118

       
+

       
        cp -fvr /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.pyrox.dev/mail.pyrox.dev.key /var/lib/mail/mail.key


     

       

       
119

       
+

       
        chmod a+r /var/lib/mail/mail.key


     

       

       
120

       
+

       
        chown -hR virtualMail:virtualMail /var/lib/mail/


     

       

       
121

       
+

       
      '';


     

       

       
122

       
+

       
      serviceConfig = {


     

       

       
123

       
+

       
        Type = "oneshot";


     

       

       
124

       
+

       
        User = "root";


     

       

       
125

       
+

       
      };


     

       

       
126

       
+

       
    };


     

       

       
127

       
+

       
  };


     

       

       
128

       
+

       



     

       
111

       
129

       
 

       
}