diff options
author | EuAndreh <eu@euandre.org> | 2023-03-11 12:50:42 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2023-03-11 12:50:42 -0300 |
commit | 2b3c8a56bd0bfe3bdf78fea22b24e6ac07e28e3c (patch) | |
tree | 23b5b0591104ce2a7638b4c7e1d5c1d018bd317f /src/xyz/euandreh | |
parent | queue.scm: Import (gnu system setuid) (diff) | |
download | package-repository-2b3c8a56bd0bfe3bdf78fea22b24e6ac07e28e3c.tar.gz package-repository-2b3c8a56bd0bfe3bdf78fea22b24e6ac07e28e3c.tar.xz |
queue.scm: Fix mta-sts nginx configuration
Diffstat (limited to 'src/xyz/euandreh')
-rw-r--r-- | src/xyz/euandreh/queue.scm | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/src/xyz/euandreh/queue.scm b/src/xyz/euandreh/queue.scm index 568e21f..d121839 100644 --- a/src/xyz/euandreh/queue.scm +++ b/src/xyz/euandreh/queue.scm @@ -845,12 +845,12 @@ keyfile ~a/private.key (define (cert-for config) (match-record config <postfix-configuration> (cert-file hostname) - (or cert-file (format #f "/etc/letsencrypt/live/~a/fullchain.pem" hostname)))) + (or cert-file (format #f "/etc/letsencrypt/live/mta-sts.~a/fullchain.pem" hostname)))) (define (key-for config) (match-record config <postfix-configuration> (key-file hostname) - (or key-file (format #f "/etc/letsencrypt/live/~a/privkey.pem" hostname)))) + (or key-file (format #f "/etc/letsencrypt/live/mta-sts.~a/privkey.pem" hostname)))) (define (generate-main.cf config) (match-record config <postfix-configuration> @@ -1064,35 +1064,35 @@ keyfile ~a/private.key (define (postfix-nginx-locations config) (match-record config <postfix-configuration> (hostname) - (nginx-server-configuration - (server-name (list (string-append "mta-sts." hostname))) - (listen '("[::]:443 ssl http2" "443 ssl http2")) - (ssl-certificate (cert-for config)) - (ssl-certificate-key (key-for config)) - (locations - (list - (nginx-location-configuration - (uri "= /.well-known/mta-sts.txt") - (body - (list - (list "alias " - (plain-file - "mta-sts.txt" - (format #f "- -version: STSv1 + (list + (nginx-server-configuration + (server-name (list (string-append "mta-sts." hostname))) + (listen '("[::]:443 ssl http2" "443 ssl http2")) + (ssl-certificate (cert-for config)) + (ssl-certificate-key (key-for config)) + (locations + (list + (nginx-location-configuration + (uri "= /.well-known/mta-sts.txt") + (body + (list + (list "alias " + (plain-file + "mta-sts.txt" + (format #f "version: STSv1 mode: enforce mx: ~a max_age: 604800 " - hostname)) - ";"))))))))) + hostname)) + ";")))))))))) (define (postfix-certificates config) (match-record config <postfix-configuration> (hostname) (list (certificate-configuration - (domains (list hostname (string-append "mta-sts." hostname))))))) + (domains (list (string-append "mta-sts." hostname))))))) (define (postfix-sasl-service _config) (list |