--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
+ bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones;
+ domains = lib.flatten (builtins.attrValues bydomain);
+ mxes = lib.mapAttrsToList
+ (n: v: v.mx.subdomain)
+ (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
+ file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" (
+ builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
+ ++ (map (v: "mx: ${v}.${d.domain}") mxes)
+ ++ [ "max_age: 604800" ]
+ ));
+ root = pkgs.runCommand "mta-sts_root" {} ''
+ mkdir -p $out
+ ${builtins.concatStringsSep "\n" (map (d:
+ "cp ${file d} $out/${d.fqdn}.txt"
+ ) domains)}
+ '';
+ cfg = config.myServices.websites.tools.email;
+in
+{
+ config = lib.mkIf cfg.enable {
+ security.acme.certs.mail.extraDomainNames = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
+ services.websites.env.tools.vhostConfs.mta_sts = {
+ certName = "mail";
+ hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
+ root = root;
+ extraConfig = [
+ ''
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
+ RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
+ <Directory ${root}>
+ Require all granted
+ Options -Indexes
+ </Directory>
+ ''
+ ];
+ };
+ };
+}