From f7639c230a19325cd577e2e00ccfd1d373cdf791 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@lunch.org.uk>
Date: Thu, 9 Mar 2023 16:58:46 +0000
Subject: [PATCH] Change webmail cert path to client path and add symlink on
 server.

So webmail can be moved between servers if necessary.
---
 states/certificates/init.sls             | 5 +++++
 states/webmail/webmail.lunch.org.uk.conf | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/states/certificates/init.sls b/states/certificates/init.sls
index 6ddbfcb..ff79150 100644
--- a/states/certificates/init.sls
+++ b/states/certificates/init.sls
@@ -51,3 +51,8 @@ server_key:
   ssh_auth.present:
     - user: root
     - source: salt://certificates/certificates_id_ed25519.pub
+
+server_client_certificate_location:
+  file.symlink:
+    - name: /var/local/certificates
+    - target: /var/lib/dehydrated/certs
diff --git a/states/webmail/webmail.lunch.org.uk.conf b/states/webmail/webmail.lunch.org.uk.conf
index 35d7519..0c16d95 100644
--- a/states/webmail/webmail.lunch.org.uk.conf
+++ b/states/webmail/webmail.lunch.org.uk.conf
@@ -54,8 +54,8 @@
         </Directory>
 
 	SSLEngine on
-	SSLCertificateFile /var/lib/dehydrated/certs/mail.lunch.org.uk/fullchain.pem
-	SSLCertificateKeyFile /var/lib/dehydrated/certs/mail.lunch.org.uk/privkey.pem
+	SSLCertificateFile /var/local/certificates/mail.lunch.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/local/certificates/mail.lunch.org.uk/privkey.pem
 </VirtualHost>
 
 </IfModule>