From 60a83ad9a3b30fefaa8f900909a95b1636e47535 Mon Sep 17 00:00:00 2001
From: "flyingscorpio@clevo" <tfranken@protonmail.com>
Date: Thu, 26 Jan 2023 09:00:54 +0100
Subject: [PATCH] Include role to deplay certificate for mail

---
 roles/mail/tasks/main.yml       | 6 ++++++
 roles/mail/templates/main.cf.j2 | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index 464456e..dfca727 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -13,3 +13,9 @@
     owner: root
     group: root
     mode: 0644
+
+- name: Deploy letsencrypt certificate
+  ansible.builtin.include_role:
+    name: deploy_certificate
+  vars:
+    domain: mail.{{ mail_domain }}
diff --git a/roles/mail/templates/main.cf.j2 b/roles/mail/templates/main.cf.j2
index 93b9b31..a9fd17a 100644
--- a/roles/mail/templates/main.cf.j2
+++ b/roles/mail/templates/main.cf.j2
@@ -11,8 +11,8 @@ readme_directory = no
 compatibility_level = 2
 
 # TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/letsencrypt/live/mail.{{ mail_domain }}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/mail.{{ mail_domain }}/privkey.pem
 smtpd_tls_security_level=may
 
 smtp_tls_CApath=/etc/ssl/certs