From 5cda7349d236b4f4e950f0f2ebdbaaf7bcfeb90d Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 22 Dec 2025 14:20:33 +0100
Subject: [PATCH] wip

---
 mail-server/mta-sts.nix | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/mail-server/mta-sts.nix b/mail-server/mta-sts.nix
index 47d5c0d..9295b4e 100644
--- a/mail-server/mta-sts.nix
+++ b/mail-server/mta-sts.nix
@@ -7,13 +7,17 @@
 
 let
   cfg = config.mailserver;
+
+  common = import ./common.nix {
+    inherit config pkgs lib;
+  };
 in
 
 {
   config = lib.mkIf (cfg.enable && cfg.mta-sts.enable) {
     services.nginx = {
       enable = true;
-      virtualHosts.${cfg.fqdn} = {
+      virtualHosts.mta-sts = {
         forceSSL = true;
         serverAliases = map (domain: "mta-sts.${domain}") cfg.domains;
         locations."=/.well-known/mta-sts.txt" = {
@@ -24,7 +28,18 @@ in
             max_age: ${cfg.mta-sts.maxAge}
           '';
         };
-      };
+      }
+      // (
+        if (common.withACME) then
+          {
+            inherit (cfg.x509) useACMEHost;
+          }
+        else
+          {
+            sslCertificate = cfg.x509.certificateFile;
+            sslCertificateKey = cfg.x509.privateKeyFile;
+          }
+      );
     };
   };
 }