]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
afcc5de0 | 2 | let |
1a64deeb IB |
3 | getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies); |
4 | bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones; | |
5 | domains = lib.flatten (builtins.attrValues bydomain); | |
619e4f46 IB |
6 | mxes = lib.mapAttrsToList |
7 | (n: v: v.mx.subdomain) | |
8 | (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers); | |
1a64deeb | 9 | file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" ( |
8cc7cb6b | 10 | builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ] |
1a64deeb | 11 | ++ (map (v: "mx: ${v}.${d.domain}") mxes) |
8cc7cb6b IB |
12 | ++ [ "max_age: 604800" ] |
13 | )); | |
afcc5de0 IB |
14 | root = pkgs.runCommand "mta-sts_root" {} '' |
15 | mkdir -p $out | |
16 | ${builtins.concatStringsSep "\n" (map (d: | |
1a64deeb | 17 | "cp ${file d} $out/${d.fqdn}.txt" |
afcc5de0 IB |
18 | ) domains)} |
19 | ''; | |
8415083e | 20 | cfg = config.myServices.websites.tools.email; |
afcc5de0 IB |
21 | in |
22 | { | |
8415083e | 23 | config = lib.mkIf cfg.enable { |
1a64deeb | 24 | security.acme.certs.mail.extraDomainNames = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains; |
8415083e IB |
25 | services.websites.env.tools.vhostConfs.mta_sts = { |
26 | certName = "mail"; | |
1a64deeb | 27 | hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains; |
750fe5a4 | 28 | root = root; |
8415083e IB |
29 | extraConfig = [ |
30 | '' | |
31 | RewriteEngine on | |
32 | RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ | |
33 | RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] | |
750fe5a4 | 34 | <Directory ${root}> |
8415083e IB |
35 | Require all granted |
36 | Options -Indexes | |
37 | </Directory> | |
38 | '' | |
39 | ]; | |
40 | }; | |
afcc5de0 | 41 | }; |
afcc5de0 | 42 | } |