Switch to NixOS ACME module for certificate management
Drop most of the existing certificate handling, because we're effectively duplicating functionality that NixOS offers for free with better design, testing and maintainance than what we could provide downstream. The remaining two options are to reference an existing `security.acme.certs` configuration through `mailserver.x509.useACMEHost` or to provide existing key material via `mailserver.x509.certificateFile` and `mailserver.x509.privateKeyFile`. Support for automatic creation of self-signed certificates has been removed, because it is undesirable in public mail setups. The updated setup guide now displays the recommended configuration that relies on the NixOS ACME module, but requires further customization to select a suitable challenge. Co-Authored-By: Emily <git@emilylange.de>
This commit is contained in:
Martin Weinelt
@@ -1,6 +1,16 @@
|
||||
Release Notes
|
||||
=============
|
||||
|
||||
NixOS 26.05
|
||||
-----------
|
||||
|
||||
- Certificate handling was simplified. We recommend setting
|
||||
:option:`mailserver.x509.useACMEHost` to a ``security.acme.certs``
|
||||
configuration. If that does not fit your requirements, configure certificate
|
||||
and private key using :option:`mailserver.x509.certificateFile` and
|
||||
:option:`mailserver.x509.privateKeyFile` instead. Support for automatic
|
||||
creation of self-signed certificates has been removed.
|
||||
|
||||
NixOS 25.11
|
||||
-----------
|
||||
|
||||
|
||||
Reference in New Issue
Block a user