Drop most of the existing certificate handling, because we're effectively
duplicating functionality that NixOS offers for free with better
design, testing and maintainance than what we could provide downstream.
The remaining two options are to reference an
existing `security.acme.certs` configuration through
`mailserver.x509.useACMEHost` or to provide existing key material via
`mailserver.x509.certificateFile` and `mailserver.x509.privateKeyFile`.
Support for automatic creation of self-signed certificates has been
removed, because it is undesirable in public mail setups.
The updated setup guide now displays the recommended configuration that
relies on the NixOS ACME module, but requires further customization to
select a suitable challenge.
Co-Authored-By: Emily <git@emilylange.de>
Add a certificate scheme for using an existing ACME certificate without
setting up Nginx.
Also use names instead of magic numbers for certificate schemes.
It is default ON in NixOS and will conflict with `firewall.enable = false`, which some user may intentionally set.
In my opinion it is very high-level option to be set automatically.
Also, people who really don't want firewall, just do `lib.mkForce false` and won't even notice that this module requires it.
Martin Weinelt
Naïm Favier
Simon Žlender
Milan Pässler
Robin Raymond
Andrey Golovizin
Ruben Maher
Danylo Hlynskyi
Silvan Mosberger