+{ lib, pkgs, config, myconfig, ... }:
+let
+ domains = (lib.remove null (lib.flatten (map
+ (zone: map
+ (e: if e.receive
+ then {
+ domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
+ mail = zone.name;
+ }
+ else null
+ )
+ (zone.withEmail or [])
+ )
+ myconfig.env.dns.masterZones
+ )));
+ # FIXME: increase the id number in modules/private/dns.nix when this
+ # file change (date -u +'%Y%m%d%H%M%S'Z)
+ file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ''
+ version: STSv1
+ mode: testing
+ mx: mx-1.${domain.mail}
+ mx: mx-2.${domain.mail}
+ max_age: 604800
+ '';
+ root = pkgs.runCommand "mta-sts_root" {} ''
+ mkdir -p $out
+ ${builtins.concatStringsSep "\n" (map (d:
+ "cp ${file d} $out/${d.domain}.txt"
+ ) domains)}
+ '';
+in
+{
+ config.myServices.websites.webappDirs = {
+ _mta-sts = root;
+ };
+
+ config.services.websites.env.tools.vhostConfs.mta_sts = {
+ certName = "mail";
+ addToCerts = true;
+ hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
+ root = "/run/current-system/webapps/_mta-sts";
+ extraConfig = [
+ ''
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
+ RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
+ <Directory /run/current-system/webapps/_mta-sts>
+ Require all granted
+ Options -Indexes
+ </Directory>
+ ''
+ ];
+ };
+
+}