[perso/Immae/Config/Nix.git] / modules / private / websites / tools / mail / mta-sts.nix

{ lib, pkgs, config,  ... }:
let
  domains = (lib.remove null (lib.flatten (map
    (zone: map
      (e: if e.receive
      then {
        domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
        mail = zone.name;
      }
      else null
      )
      (zone.withEmail or [])
    )
    config.myEnv.dns.masterZones
  )));
  mxes = lib.mapAttrsToList
    (n: v: v.mx.subdomain)
    (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
  # FIXME: increase the id number in modules/private/dns.nix when this
  # file change (date -u +'%Y%m%d%H%M%S'Z)
  file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
    builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
    ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
    ++ [ "max_age: 604800" ]
    ));
  root = pkgs.runCommand "mta-sts_root" {} ''
    mkdir -p $out
    ${builtins.concatStringsSep "\n" (map (d:
      "cp ${file d} $out/${d.domain}.txt"
    ) domains)}
    '';
  cfg = config.myServices.websites.tools.email;
in
{
  config = lib.mkIf cfg.enable {
    services.websites.webappDirs = {
      _mta-sts = root;
    };

    services.websites.env.tools.vhostConfs.mta_sts = {
      certName   = "mail";
      addToCerts = true;
      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
      root = "/run/current-system/webapps/_mta-sts";
      extraConfig = [
        ''
          RewriteEngine on
          RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
          RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
          <Directory /run/current-system/webapps/_mta-sts>
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
afcc5de0 IB	2	let
	3	domains = (lib.remove null (lib.flatten (map
	4	(zone: map
	5	(e: if e.receive
	6	then {
	7	domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
	8	mail = zone.name;
	9	}
	10	else null
	11	)
	12	(zone.withEmail or [])
	13	)
ab8f306d	14	config.myEnv.dns.masterZones
afcc5de0	15	)));
619e4f46 IB	16	mxes = lib.mapAttrsToList
	17	(n: v: v.mx.subdomain)
	18	(lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
afcc5de0 IB	19	# FIXME: increase the id number in modules/private/dns.nix when this
afcc5de0 IB	20	# file change (date -u +'%Y%m%d%H%M%S'Z)
8cc7cb6b IB	21	file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
	22	builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
	23	++ (map (v: "mx: ${v}.${domain.mail}") mxes)
	24	++ [ "max_age: 604800" ]
	25	));
afcc5de0 IB	26	root = pkgs.runCommand "mta-sts_root" {} ''
	27	mkdir -p $out
	28	${builtins.concatStringsSep "\n" (map (d:
	29	"cp ${file d} $out/${d.domain}.txt"
	30	) domains)}
	31	'';
8415083e	32	cfg = config.myServices.websites.tools.email;
afcc5de0 IB	33	in
afcc5de0 IB	34	{
8415083e	35	config = lib.mkIf cfg.enable {
d3452fc5	36	services.websites.webappDirs = {
8415083e IB	37	_mta-sts = root;
8415083e IB	38	};
afcc5de0	39
8415083e IB	40	services.websites.env.tools.vhostConfs.mta_sts = {
	41	certName = "mail";
	42	addToCerts = true;
	43	hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
	44	root = "/run/current-system/webapps/_mta-sts";
	45	extraConfig = [
	46	''
	47	RewriteEngine on
	48	RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
	49	RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
	50	<Directory /run/current-system/webapps/_mta-sts>
	51	Require all granted
	52	Options -Indexes
	53	</Directory>
	54	''
	55	];
	56	};
afcc5de0	57	};
afcc5de0	58	}