postfix: rearrange smtpd_tls_chain_files option

mail-server/postfix.nix

@@ -264,11 +264,6 @@ in
       ]);
 
       config = {
-        smtpd_tls_chain_files = [
-          "${keyPath}"
-          "${certificatePath}"
-        ];
-
         myhostname = cfg.sendingFqdn;
         mydestination = ""; # disable local mail delivery
         recipient_delimiter = cfg.recipientDelimiter;
@@ -297,6 +292,7 @@ in
           ]
         );
         virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
+
         # Avoid leakage of X-Original-To, X-Delivered-To headers between recipients
         lmtp_destination_recipient_limit = "1";
 
@@ -323,6 +319,12 @@ in
           "check_policy_service unix:/run/dovecot2/quota-status"
         ];
 
+        # The X509 private key followed by the corresponding certificate
+        smtpd_tls_chain_files = [
+          "${keyPath}"
+          "${certificatePath}"
+        ];
+
         # TLS for incoming mail is optional
         smtpd_tls_security_level = "may";