From ec5f15946e325cc3ee2c7cf0728881ecdf0789b3 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven.seifert@ifsr.de>
Date: Sun, 22 Sep 2024 23:05:37 +0200
Subject: [PATCH] the postfix nixos module has stupid defaults

---
 modules/mail/postfix.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/mail/postfix.nix b/modules/mail/postfix.nix
index 45d7e24..3145e97 100644
--- a/modules/mail/postfix.nix
+++ b/modules/mail/postfix.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
   domain = config.networking.domain;
   hostname = "mail.${config.networking.domain}";
@@ -46,7 +46,7 @@ in
         smtpd_banner = "${config.networking.rDNS} ESMTP $mail_name";
         # allow non-tls connections for server-to-server communication
         smtp_tls_security_level = "may";
-        smtpd_tls_security_level = "encrypt";
+        smtpd_tls_security_level = lib.mkForce "encrypt";
         smtpd_tls_auth_only = true;
         smtpd_tls_protocols = [
           "!SSLv2"