X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fmail%2Fmta-sts.nix;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Fmail%2Fmta-sts.nix;h=bedefdaf8643b0c63b14ec445f8704f21cc442c3;hb=afcc5de071dfffdc507995d1845372ba40dc1dc2;hp=0000000000000000000000000000000000000000;hpb=2f16a987d306cdb7bf9b4e80fa4af173373719bd;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix new file mode 100644 index 0000000..bedefda --- /dev/null +++ b/modules/private/websites/tools/mail/mta-sts.nix @@ -0,0 +1,55 @@ +{ lib, pkgs, config, myconfig, ... }: +let + domains = (lib.remove null (lib.flatten (map + (zone: map + (e: if e.receive + then { + domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}"; + mail = zone.name; + } + else null + ) + (zone.withEmail or []) + ) + myconfig.env.dns.masterZones + ))); + # FIXME: increase the id number in modules/private/dns.nix when this + # file change (date -u +'%Y%m%d%H%M%S'Z) + file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" '' + version: STSv1 + mode: testing + mx: mx-1.${domain.mail} + mx: mx-2.${domain.mail} + max_age: 604800 + ''; + root = pkgs.runCommand "mta-sts_root" {} '' + mkdir -p $out + ${builtins.concatStringsSep "\n" (map (d: + "cp ${file d} $out/${d.domain}.txt" + ) domains)} + ''; +in +{ + config.myServices.websites.webappDirs = { + _mta-sts = root; + }; + + config.services.websites.env.tools.vhostConfs.mta_sts = { + certName = "mail"; + addToCerts = true; + hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains; + root = "/run/current-system/webapps/_mta-sts"; + extraConfig = [ + '' + RewriteEngine on + RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ + RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] + + Require all granted + Options -Indexes + + '' + ]; + }; + +}