X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Fmail%2Fmta-sts.nix;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Fmail%2Fmta-sts.nix;h=24387027a1e64ca8b8522f0c6e6865e1a5352bd2;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=77ba2d4ff653404e1209b7fcec09d8af6eaf21d4;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/systems/eldiron/websites/mail/mta-sts.nix
similarity index 61%
rename from modules/private/websites/tools/mail/mta-sts.nix
rename to systems/eldiron/websites/mail/mta-sts.nix
index 77ba2d4..2438702 100644
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ b/systems/eldiron/websites/mail/mta-sts.nix
@@ -1,42 +1,30 @@
 { lib, pkgs, config,  ... }:
 let
-  domains = (lib.remove null (lib.flatten (map
-    (zone: map
-      (e: if e.receive
-      then {
-        domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
-        mail = zone.name;
-      }
-      else null
-      )
-      (zone.withEmail or [])
-    )
-    config.myEnv.dns.masterZones
-  )));
+  getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
+  bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones;
+  domains = lib.flatten (builtins.attrValues bydomain);
   mxes = lib.mapAttrsToList
     (n: v: v.mx.subdomain)
     (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
-  # FIXME: increase the id number in modules/private/dns.nix when this
-  # file change (date -u +'%Y%m%d%H%M%S'Z)
-  file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
+  file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" (
     builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
-    ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
+    ++ (map (v: "mx: ${v}.${d.domain}") mxes)
     ++ [ "max_age: 604800" ]
     ));
   root = pkgs.runCommand "mta-sts_root" {} ''
     mkdir -p $out
     ${builtins.concatStringsSep "\n" (map (d:
-      "cp ${file d} $out/${d.domain}.txt"
+      "cp ${file d} $out/${d.fqdn}.txt"
     ) domains)}
     '';
   cfg = config.myServices.websites.tools.email;
 in
 {
   config = lib.mkIf cfg.enable {
+    security.acme.certs.mail.extraDomainNames = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
     services.websites.env.tools.vhostConfs.mta_sts = {
       certName   = "mail";
-      addToCerts = true;
-      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
+      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
       root = root;
       extraConfig = [
         ''