From c0d12ae542e96f1a99a1c12bc75ff223051079a6 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Tue, 18 Jun 2024 11:10:03 +0300
Subject: [PATCH] Mail : Make acme read-only.

---
 container/Mail.nix      | 2 +-
 host/home/Container.nix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/container/Mail.nix b/container/Mail.nix
index 98d98eac..2b42a0ed 100644
--- a/container/Mail.nix
+++ b/container/Mail.nix
@@ -45,7 +45,7 @@ in {
 			};
 			"/acme" = {
 				hostPath   = "${container.config.proxy.storage}/letsencrypt";
-				isReadOnly = false;
+				isReadOnly = true;
 			};
 		};
 
diff --git a/host/home/Container.nix b/host/home/Container.nix
index c0056dfd..00213ef0 100644
--- a/host/home/Container.nix
+++ b/host/home/Container.nix
@@ -69,6 +69,7 @@ in {
 		internalInterfaces = [ "ve-+" ];
 		inherit (args) externalInterface;
 
+		# TODO: Do I even need this?
 		forwardPorts = with args.container.config; [
 			# Dns Server.
 			{