summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/SiteSpecific/JoeySites.hs
diff options
context:
space:
mode:
authorJoey Hess2017-08-25 18:16:26 -0400
committerJoey Hess2017-08-25 18:16:26 -0400
commit31c7c4ead3548ef193482006b1103f2106441e6c (patch)
tree0f4d5cf8824eab964e7709f36c277475e791afe7 /src/Propellor/Property/SiteSpecific/JoeySites.hs
parent1486b8d5bceba8f28bc06f5e6152209a624dd4fb (diff)
temporarily revert letsencrypt for kite email
broke my dad's email client somehow
Diffstat (limited to 'src/Propellor/Property/SiteSpecific/JoeySites.hs')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs24
1 files changed, 12 insertions, 12 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index f02dc6f0..34b0af44 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -520,6 +520,7 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
& "/etc/aliases" `File.hasPrivContentExposed` ctx
`onChange` Postfix.newaliases
+ & hasPostfixCert ctx
& "/etc/postfix/mydomain" `File.containsLines`
[ "/.*\\.kitenet\\.net/\tOK"
@@ -582,9 +583,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "milter_default_action = accept"
, "# TLS setup -- server"
- , "smtpd_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
- , "smtpd_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
- , "smtpd_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
+ , "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem"
+ , "smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem"
+ , "smtpd_tls_key_file = /etc/ssl/private/postfix.pem"
, "smtpd_tls_loglevel = 1"
, "smtpd_tls_received_header = yes"
, "smtpd_use_tls = yes"
@@ -592,9 +593,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache"
, "# TLS setup -- client"
- , "smtp_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
- , "smtp_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
- , "smtp_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
+ , "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem"
+ , "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem"
+ , "smtp_tls_key_file = /etc/ssl/private/postfix.pem"
, "smtp_tls_loglevel = 1"
, "smtp_use_tls = yes"
, "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache"
@@ -613,12 +614,6 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
"!include auth-passwdfile.conf.ext"
`onChange` Service.restarted "dovecot"
`describe` "dovecot auth.conf"
- & "/etc/dovecot/conf.d/10-ssl.conf" `File.containsLines`
- [ "ssl_cert = </etc/letsencrypt/live/kitenet.net/fullchain.pem"
- , "ssl_key = </etc/letsencrypt/live/kitenet.net/privkey.pem"
- ]
- `onChange` Service.restarted "dovecot"
- `describe` "dovecot letsencrypt certs"
& File.hasPrivContent dovecotusers ctx
`onChange` (dovecotusers `File.mode`
combineModes [ownerReadMode, groupReadMode])
@@ -719,6 +714,11 @@ postfixSaslPasswordClient = combineProperties "postfix uses SASL password to aut
]
`onChange` Postfix.reloaded
+hasPostfixCert :: Context -> Property (HasInfo + UnixLike)
+hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props
+ & "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
+ & "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
+
-- Legacy static web sites and redirections from kitenet.net to newer
-- sites.
legacyWebSites :: Property (HasInfo + DebianLike)