X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fmail%2Fmta-sts.nix;h=c5f71f03b616de1aec47333751a9799ffffeb350;hb=8cc7cb6bebeb227c5f9405c05e953f15f949cfff;hp=bedefdaf8643b0c63b14ec445f8704f21cc442c3;hpb=afcc5de071dfffdc507995d1845372ba40dc1dc2;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
index bedefda..c5f71f0 100644
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ b/modules/private/websites/tools/mail/mta-sts.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
domains = (lib.remove null (lib.flatten (map
(zone: map
@@ -11,45 +11,48 @@ let
)
(zone.withEmail or [])
)
- myconfig.env.dns.masterZones
+ config.myEnv.dns.masterZones
)));
+ mxes = lib.mapAttrsToList
+ (n: v: v.mx.subdomain)
+ (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
# FIXME: increase the id number in modules/private/dns.nix when this
# file change (date -u +'%Y%m%d%H%M%S'Z)
- file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ''
- version: STSv1
- mode: testing
- mx: mx-1.${domain.mail}
- mx: mx-2.${domain.mail}
- max_age: 604800
- '';
+ file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
+ builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
+ ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
+ ++ [ "max_age: 604800" ]
+ ));
root = pkgs.runCommand "mta-sts_root" {} ''
mkdir -p $out
${builtins.concatStringsSep "\n" (map (d:
"cp ${file d} $out/${d.domain}.txt"
) domains)}
'';
+ cfg = config.myServices.websites.tools.email;
in
{
- config.myServices.websites.webappDirs = {
- _mta-sts = root;
- };
+ config = lib.mkIf cfg.enable {
+ services.websites.webappDirs = {
+ _mta-sts = root;
+ };
- config.services.websites.env.tools.vhostConfs.mta_sts = {
- certName = "mail";
- addToCerts = true;
- hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
- root = "/run/current-system/webapps/_mta-sts";
- extraConfig = [
- ''
- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
- RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
-
- Require all granted
- Options -Indexes
-
- ''
- ];
+ services.websites.env.tools.vhostConfs.mta_sts = {
+ certName = "mail";
+ addToCerts = true;
+ hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
+ root = "/run/current-system/webapps/_mta-sts";
+ extraConfig = [
+ ''
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
+ RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
+
+ Require all granted
+ Options -Indexes
+
+ ''
+ ];
+ };
};
-
}