]>
Commit | Line | Data |
---|---|---|
afcc5de0 IB |
1 | { lib, pkgs, config, myconfig, ... }: |
2 | let | |
3 | domains = (lib.remove null (lib.flatten (map | |
4 | (zone: map | |
5 | (e: if e.receive | |
6 | then { | |
7 | domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}"; | |
8 | mail = zone.name; | |
9 | } | |
10 | else null | |
11 | ) | |
12 | (zone.withEmail or []) | |
13 | ) | |
14 | myconfig.env.dns.masterZones | |
15 | ))); | |
16 | # FIXME: increase the id number in modules/private/dns.nix when this | |
17 | # file change (date -u +'%Y%m%d%H%M%S'Z) | |
18 | file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" '' | |
19 | version: STSv1 | |
20 | mode: testing | |
21 | mx: mx-1.${domain.mail} | |
22 | mx: mx-2.${domain.mail} | |
23 | max_age: 604800 | |
24 | ''; | |
25 | root = pkgs.runCommand "mta-sts_root" {} '' | |
26 | mkdir -p $out | |
27 | ${builtins.concatStringsSep "\n" (map (d: | |
28 | "cp ${file d} $out/${d.domain}.txt" | |
29 | ) domains)} | |
30 | ''; | |
31 | in | |
32 | { | |
33 | config.myServices.websites.webappDirs = { | |
34 | _mta-sts = root; | |
35 | }; | |
36 | ||
37 | config.services.websites.env.tools.vhostConfs.mta_sts = { | |
38 | certName = "mail"; | |
39 | addToCerts = true; | |
40 | hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains; | |
41 | root = "/run/current-system/webapps/_mta-sts"; | |
42 | extraConfig = [ | |
43 | '' | |
44 | RewriteEngine on | |
45 | RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ | |
46 | RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] | |
47 | <Directory /run/current-system/webapps/_mta-sts> | |
48 | Require all granted | |
49 | Options -Indexes | |
50 | </Directory> | |
51 | '' | |
52 | ]; | |
53 | }; | |
54 | ||
55 | } |