From 789315a4739472828f0f133bda72c6f8c1cafb81 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 27 Jun 2025 10:18:56 +0200
Subject: [PATCH] fix postfix tls

---
 hosts/falkenstein/modules/mail/postfix.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix
index 8c712d7..ac1c04a 100644
--- a/hosts/falkenstein/modules/mail/postfix.nix
+++ b/hosts/falkenstein/modules/mail/postfix.nix
@@ -33,12 +33,14 @@ in
       origin = "${domain}";
       destination = [ "${hostname}" "${domain}" "localhost" ];
       networks = [ "127.0.0.1" ];
-      sslCert = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.crt";
-      sslKey = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.key";
       config = {
         # home_mailbox = "Maildir/";
         smtp_helo_name = config.networking.fqdn;
         smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
+        smtpd_tls_chain_files = [
+          "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.key"
+          "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.crt"
+        ];
         smtp_tls_security_level = "may";
         # forcing encryption breaks rspamd
         smtpd_tls_security_level = "may";