aboutsummaryrefslogtreecommitdiff
path: root/src/xyz/euandreh
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2023-03-11 12:50:42 -0300
committerEuAndreh <eu@euandre.org>2023-03-11 12:50:42 -0300
commit2b3c8a56bd0bfe3bdf78fea22b24e6ac07e28e3c (patch)
tree23b5b0591104ce2a7638b4c7e1d5c1d018bd317f /src/xyz/euandreh
parentqueue.scm: Import (gnu system setuid) (diff)
downloadpackage-repository-2b3c8a56bd0bfe3bdf78fea22b24e6ac07e28e3c.tar.gz
package-repository-2b3c8a56bd0bfe3bdf78fea22b24e6ac07e28e3c.tar.xz
queue.scm: Fix mta-sts nginx configuration
Diffstat (limited to 'src/xyz/euandreh')
-rw-r--r--src/xyz/euandreh/queue.scm42
1 files changed, 21 insertions, 21 deletions
diff --git a/src/xyz/euandreh/queue.scm b/src/xyz/euandreh/queue.scm
index 568e21f..d121839 100644
--- a/src/xyz/euandreh/queue.scm
+++ b/src/xyz/euandreh/queue.scm
@@ -845,12 +845,12 @@ keyfile ~a/private.key
(define (cert-for config)
(match-record config <postfix-configuration>
(cert-file hostname)
- (or cert-file (format #f "/etc/letsencrypt/live/~a/fullchain.pem" hostname))))
+ (or cert-file (format #f "/etc/letsencrypt/live/mta-sts.~a/fullchain.pem" hostname))))
(define (key-for config)
(match-record config <postfix-configuration>
(key-file hostname)
- (or key-file (format #f "/etc/letsencrypt/live/~a/privkey.pem" hostname))))
+ (or key-file (format #f "/etc/letsencrypt/live/mta-sts.~a/privkey.pem" hostname))))
(define (generate-main.cf config)
(match-record config <postfix-configuration>
@@ -1064,35 +1064,35 @@ keyfile ~a/private.key
(define (postfix-nginx-locations config)
(match-record config <postfix-configuration>
(hostname)
- (nginx-server-configuration
- (server-name (list (string-append "mta-sts." hostname)))
- (listen '("[::]:443 ssl http2" "443 ssl http2"))
- (ssl-certificate (cert-for config))
- (ssl-certificate-key (key-for config))
- (locations
- (list
- (nginx-location-configuration
- (uri "= /.well-known/mta-sts.txt")
- (body
- (list
- (list "alias "
- (plain-file
- "mta-sts.txt"
- (format #f "-
-version: STSv1
+ (list
+ (nginx-server-configuration
+ (server-name (list (string-append "mta-sts." hostname)))
+ (listen '("[::]:443 ssl http2" "443 ssl http2"))
+ (ssl-certificate (cert-for config))
+ (ssl-certificate-key (key-for config))
+ (locations
+ (list
+ (nginx-location-configuration
+ (uri "= /.well-known/mta-sts.txt")
+ (body
+ (list
+ (list "alias "
+ (plain-file
+ "mta-sts.txt"
+ (format #f "version: STSv1
mode: enforce
mx: ~a
max_age: 604800
"
- hostname))
- ";")))))))))
+ hostname))
+ ";"))))))))))
(define (postfix-certificates config)
(match-record config <postfix-configuration>
(hostname)
(list
(certificate-configuration
- (domains (list hostname (string-append "mta-sts." hostname)))))))
+ (domains (list (string-append "mta-sts." hostname)))))))
(define (postfix-sasl-service _config)
(list