KokaKiwi/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Remove old way of doing email certs (self-signed)

Browse source
This commit is contained in:
Alex 2022-12-25 23:03:37 +01:00
parent 2bbf540945
commit 40f5670753
No known key found for this signature in database
GPG key ID: 09EC5284AA804D3C
4 changed files with 0 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cluster/prod/app/email/config/dovecot/certs.gen
View file

@ -1,13 +0,0 @@
#!/bin/bash
TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr"
openssl req \
-new \
-newkey rsa:4096 \
-days 3650 \
-nodes \
-x509 \
-subj ${TLSINFO} \
-keyout dovecot.key \
-out dovecot.crt

13
cluster/prod/app/email/config/postfix/certs.gen
View file

@ -1,13 +0,0 @@
#!/bin/bash
TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr"
openssl req \
-new \
-newkey rsa:4096 \
-days 3650 \
-nodes \
-x509 \
-subj ${TLSINFO} \
-keyout postfix.key \
-out postfix.crt

4
cluster/prod/app/email/deploy/email.hcl
View file

@ -150,13 +150,11 @@ job "email" {
# ----- secrets ------ # ----- secrets ------
template { template {
# data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
destination = "secrets/ssl/certs/dovecot.crt" destination = "secrets/ssl/certs/dovecot.crt"
perms = "400" perms = "400"
} }
template { template {
# data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
destination = "secrets/ssl/private/dovecot.key" destination = "secrets/ssl/private/dovecot.key"
perms = "400" perms = "400"
@ -381,14 +379,12 @@ job "email" {
# --- secrets --- # --- secrets ---
template { template {
# data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
destination = "secrets/ssl/postfix.crt" destination = "secrets/ssl/postfix.crt"
perms = "400" perms = "400"
} }
template { template {
# data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
destination = "secrets/ssl/postfix.key" destination = "secrets/ssl/postfix.key"
perms = "400" perms = "400"

19
cluster/prod/app/email/secrets.toml
View file

@ -1,14 +1,5 @@
# ---- POSTFIX ---- # ---- POSTFIX ----
[secrets."email/postfix/postfix.key"]
type = 'SSL_KEY'
name = 'postfix'
[secrets."email/postfix/postfix.crt"]
type = 'SSL_CERT'
name = 'postfix'
cert_domains = "['deuxfleurs.fr']"
[secrets."email/dkim/smtp.private"] [secrets."email/dkim/smtp.private"]
type = 'RSA_PRIVATE_KEY' type = 'RSA_PRIVATE_KEY'
name = 'dkim' name = 'dkim'
@ -20,16 +11,6 @@ dn_secret = "email/dovecot/ldap_binddn"
password_secret = "email/dovecot/ldap_bindpwd" password_secret = "email/dovecot/ldap_bindpwd"
[secrets."email/dovecot/dovecot.key"]
type = 'SSL_KEY'
name = 'dovecot'
[secrets."email/dovecot/dovecot.crt"]
type = 'SSL_CERT'
name = 'dovecot'
cert_domains = "['deuxfleurs.fr']"
# ---- SOGO ---- # ---- SOGO ----
[service_users."sogo"] [service_users."sogo"]