X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fmail%2Fmta-sts.nix;h=c5f71f03b616de1aec47333751a9799ffffeb350;hb=8cc7cb6bebeb227c5f9405c05e953f15f949cfff;hp=bedefdaf8643b0c63b14ec445f8704f21cc442c3;hpb=afcc5de071dfffdc507995d1845372ba40dc1dc2;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
index bedefda..c5f71f0 100644
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ b/modules/private/websites/tools/mail/mta-sts.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config,  ... }:
 let
   domains = (lib.remove null (lib.flatten (map
     (zone: map
@@ -11,45 +11,48 @@ let
       )
       (zone.withEmail or [])
     )
-    myconfig.env.dns.masterZones
+    config.myEnv.dns.masterZones
   )));
+  mxes = lib.mapAttrsToList
+    (n: v: v.mx.subdomain)
+    (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
   # FIXME: increase the id number in modules/private/dns.nix when this
   # file change (date -u +'%Y%m%d%H%M%S'Z)
-  file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ''
-    version: STSv1
-    mode: testing
-    mx: mx-1.${domain.mail}
-    mx: mx-2.${domain.mail}
-    max_age: 604800
-    '';
+  file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
+    builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
+    ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
+    ++ [ "max_age: 604800" ]
+    ));
   root = pkgs.runCommand "mta-sts_root" {} ''
     mkdir -p $out
     ${builtins.concatStringsSep "\n" (map (d:
       "cp ${file d} $out/${d.domain}.txt"
     ) domains)}
     '';
+  cfg = config.myServices.websites.tools.email;
 in
 {
-  config.myServices.websites.webappDirs = {
-    _mta-sts = root;
-  };
+  config = lib.mkIf cfg.enable {
+    services.websites.webappDirs = {
+      _mta-sts = root;
+    };
 
-  config.services.websites.env.tools.vhostConfs.mta_sts = {
-    certName   = "mail";
-    addToCerts = true;
-    hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
-    root = "/run/current-system/webapps/_mta-sts";
-    extraConfig = [
-      ''
-        RewriteEngine on
-        RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
-        RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
-        <Directory /run/current-system/webapps/_mta-sts>
-          Require all granted
-          Options -Indexes
-        </Directory>
-      ''
-    ];
+    services.websites.env.tools.vhostConfs.mta_sts = {
+      certName   = "mail";
+      addToCerts = true;
+      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
+      root = "/run/current-system/webapps/_mta-sts";
+      extraConfig = [
+        ''
+          RewriteEngine on
+          RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
+          RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
+          <Directory /run/current-system/webapps/_mta-sts>
+            Require all granted
+            Options -Indexes
+          </Directory>
+        ''
+      ];
+    };
   };
-
 }