]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | domains = (lib.remove null (lib.flatten (map | |
4 | (zone: map | |
5 | (e: if e.receive | |
6 | then { | |
7 | domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}"; | |
8 | mail = zone.name; | |
9 | } | |
10 | else null | |
11 | ) | |
12 | (zone.withEmail or []) | |
13 | ) | |
14 | config.myEnv.dns.masterZones | |
15 | ))); | |
16 | mxes = lib.mapAttrsToList | |
17 | (n: v: v.mx.subdomain) | |
18 | (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers); | |
19 | # FIXME: increase the id number in modules/private/dns.nix when this | |
20 | # file change (date -u +'%Y%m%d%H%M%S'Z) | |
21 | file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ( | |
22 | builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ] | |
23 | ++ (map (v: "mx: ${v}.${domain.mail}") mxes) | |
24 | ++ [ "max_age: 604800" ] | |
25 | )); | |
26 | root = pkgs.runCommand "mta-sts_root" {} '' | |
27 | mkdir -p $out | |
28 | ${builtins.concatStringsSep "\n" (map (d: | |
29 | "cp ${file d} $out/${d.domain}.txt" | |
30 | ) domains)} | |
31 | ''; | |
32 | cfg = config.myServices.websites.tools.email; | |
33 | in | |
34 | { | |
35 | config = lib.mkIf cfg.enable { | |
36 | services.websites.webappDirs = { | |
37 | _mta-sts = root; | |
38 | }; | |
39 | ||
40 | services.websites.env.tools.vhostConfs.mta_sts = { | |
41 | certName = "mail"; | |
42 | addToCerts = true; | |
43 | hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains; | |
44 | root = "/run/current-system/webapps/_mta-sts"; | |
45 | extraConfig = [ | |
46 | '' | |
47 | RewriteEngine on | |
48 | RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ | |
49 | RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] | |
50 | <Directory /run/current-system/webapps/_mta-sts> | |
51 | Require all granted | |
52 | Options -Indexes | |
53 | </Directory> | |
54 | '' | |
55 | ]; | |
56 | }; | |
57 | }; | |
58 | } |