acme: procure a cert for mx.uninsane.org
we can use this later to allow SMTPS
This commit is contained in:
parent
93805c6602
commit
b53ff4f174
|
@ -58,6 +58,8 @@
|
|||
${iproute2}/bin/ip link set ovpns-veth-b netns ovpns
|
||||
${iproute2}/bin/ip -n ovpns addr add 10.0.1.6/24 dev ovpns-veth-b
|
||||
${iproute2}/bin/ip -n ovpns link set ovpns-veth-b up
|
||||
# forward HTTP traffic, which we need for letsencrypt to work
|
||||
${iproute2}/bin/ip netns exec ovpns ${socat}/bin/socat TCP4-LISTEN:80,reuseaddr,fork,su=nobody TCP4:10.0.1.5:80 &
|
||||
'';
|
||||
|
||||
ExecStop = with pkgs; writeScript "wg0veth-stop" ''
|
||||
|
|
|
@ -182,11 +182,16 @@
|
|||
};
|
||||
};
|
||||
|
||||
# exists only to manage acme for dovecot
|
||||
# exists only to manage certs for dovecot
|
||||
services.nginx.virtualHosts."imap.uninsane.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
# exists only to manage certs for Postfix
|
||||
services.nginx.virtualHosts."mx.uninsane.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.email = "acme@uninsane.org";
|
||||
|
|
|
@ -39,8 +39,9 @@
|
|||
pkgs.nettools
|
||||
pkgs.nmap
|
||||
pkgs.ripgrep
|
||||
pkgs.telnet
|
||||
pkgs.socat
|
||||
pkgs.sudo
|
||||
pkgs.telnet
|
||||
pkgs.wireguard
|
||||
pkgs.zola
|
||||
(pkgs.vim_configurable.customize {
|
||||
|
|
Loading…
Reference in New Issue
Block a user