fix: allow stalwart to read agenix secrets

2026-03-09 22:46:49 -07:00 · 2026-03-09 22:46:49 -07:00 · 9dd83c5b92
commit 9dd83c5b92
parent 2f04d2601e
1 changed files with 2 additions and 1 deletions
--- a/modules/mail.nix
+++ b/modules/mail.nix
@ -48,7 +48,8 @@
    };
  };

-  # Allow Stalwart to read the ACME certificate procured for Caddy
+  # Allow Stalwart to read the ACME certificate procured for Caddy and the agenix secret
  systemd.services.stalwart.serviceConfig.SupplementaryGroups = [ "acme" ];
+  systemd.services.stalwart.serviceConfig.ReadOnlyPaths = [ "/run/agenix/stalwart-admin" ];

 }