diff options
| author | Joey Hess <joeyh@joeyh.name> | 2017-08-25 18:16:26 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2017-08-25 18:16:26 -0400 |
| commit | 31c7c4ead3548ef193482006b1103f2106441e6c (patch) | |
| tree | 0f4d5cf8824eab964e7709f36c277475e791afe7 /src | |
| parent | 1486b8d5bceba8f28bc06f5e6152209a624dd4fb (diff) | |
temporarily revert letsencrypt for kite email
broke my dad's email client somehow
Diffstat (limited to 'src')
| -rw-r--r-- | src/Propellor/Property/SiteSpecific/JoeySites.hs | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index f02dc6f0..34b0af44 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -520,6 +520,7 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props & "/etc/aliases" `File.hasPrivContentExposed` ctx `onChange` Postfix.newaliases + & hasPostfixCert ctx & "/etc/postfix/mydomain" `File.containsLines` [ "/.*\\.kitenet\\.net/\tOK" @@ -582,9 +583,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props , "milter_default_action = accept" , "# TLS setup -- server" - , "smtpd_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem" - , "smtpd_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem" - , "smtpd_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem" + , "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem" + , "smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem" + , "smtpd_tls_key_file = /etc/ssl/private/postfix.pem" , "smtpd_tls_loglevel = 1" , "smtpd_tls_received_header = yes" , "smtpd_use_tls = yes" @@ -592,9 +593,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props , "smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache" , "# TLS setup -- client" - , "smtp_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem" - , "smtp_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem" - , "smtp_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem" + , "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem" + , "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem" + , "smtp_tls_key_file = /etc/ssl/private/postfix.pem" , "smtp_tls_loglevel = 1" , "smtp_use_tls = yes" , "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache" @@ -613,12 +614,6 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props "!include auth-passwdfile.conf.ext" `onChange` Service.restarted "dovecot" `describe` "dovecot auth.conf" - & "/etc/dovecot/conf.d/10-ssl.conf" `File.containsLines` - [ "ssl_cert = </etc/letsencrypt/live/kitenet.net/fullchain.pem" - , "ssl_key = </etc/letsencrypt/live/kitenet.net/privkey.pem" - ] - `onChange` Service.restarted "dovecot" - `describe` "dovecot letsencrypt certs" & File.hasPrivContent dovecotusers ctx `onChange` (dovecotusers `File.mode` combineModes [ownerReadMode, groupReadMode]) @@ -719,6 +714,11 @@ postfixSaslPasswordClient = combineProperties "postfix uses SASL password to aut ] `onChange` Postfix.reloaded +hasPostfixCert :: Context -> Property (HasInfo + UnixLike) +hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props + & "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx + & "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx + -- Legacy static web sites and redirections from kitenet.net to newer -- sites. legacyWebSites :: Property (HasInfo + DebianLike) |