[perso/Immae/Config/Nix.git] / systems / eldiron / websites / mail / mta-sts.nix

{ lib, pkgs, config,  ... }:
let
  getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
  bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones;
  domains = lib.flatten (builtins.attrValues bydomain);
  mxes = lib.mapAttrsToList
    (n: v: v.mx.subdomain)
    (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
  file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" (
    builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
    ++ (map (v: "mx: ${v}.${d.domain}") mxes)
    ++ [ "max_age: 604800" ]
    ));
  root = pkgs.runCommand "mta-sts_root" {} ''
    mkdir -p $out
    ${builtins.concatStringsSep "\n" (map (d:
      "cp ${file d} $out/${d.fqdn}.txt"
    ) domains)}
    '';
  autoconfigRoot =
    let autoconfig = pkgs.writeText "config-v1.1.xml" ''
      <?xml version="1.0"?>
      <clientConfig version="1.1">
        <emailProvider id="mail.immae.eu">
          <domain>mail.immae.eu</domain>
          <domain>%EMAILDOMAIN%</domain>
          <displayName>Immae E-mail</displayName>
          <displayShortName>Immae E-mail</displayShortName>

          <incomingServer type="imap">
            <hostname>imap.immae.eu</hostname>
            <port>143</port>
            <socketType>STARTTLS</socketType>
            <username>%EMAILADDRESS%</username>
            <authentication>password-cleartext</authentication>
          </incomingServer>

          <incomingServer type="imap">
            <hostname>imap.immae.eu</hostname>
            <port>993</port>
            <socketType>SSL</socketType>
            <username>%EMAILADDRESS%</username>
            <authentication>password-cleartext</authentication>
          </incomingServer>

          <incomingServer type="pop3">
            <hostname>pop.immae.eu</hostname>
            <port>110</port>
            <socketType>STARTTLS</socketType>
            <username>%EMAILADDRESS%</username>
            <authentication>password-cleartext</authentication>
          </incomingServer>

          <incomingServer type="pop3">
            <hostname>pop.immae.eu</hostname>
            <port>995</port>
            <socketType>SSL</socketType>
            <username>%EMAILADDRESS%</username>
            <authentication>password-cleartext</authentication>
          </incomingServer>

          <outgoingServer type="smtp">
            <hostname>smtp.immae.eu</hostname>
            <port>587</port>
            <socketType>STARTTLS</socketType>
            <username>%EMAILADDRESS%</username>
            <authentication>password-cleartext</authentication>
          </outgoingServer>

          <outgoingServer type="smtp">
            <hostname>smtp.immae.eu</hostname>
            <port>465</port>
            <socketType>SSL</socketType>
            <username>%EMAILADDRESS%</username>
            <authentication>password-cleartext</authentication>
          </outgoingServer>
        </emailProvider>
      </clientConfig>
    '';
    autodiscover = pkgs.writeText "Autodiscover.xml" ''
      <?xml version="1.0" encoding="utf-8" ?>
      <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
        <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
          <User>
            <DisplayName>Name</DisplayName>
          </User>
          <Account>
            <AccountType>email</AccountType>
            <Action>settings</Action>
            <Protocol>
              <Type>IMAP</Type>
              <TTL>1</TTL>
              <Server>imap.immae.eu</Server>
              <Port>143</Port>
              <DomainRequired>on</DomainRequired>
              <SPA>off</SPA>
              <SSL>off</SSL>
              <AuthRequired>on</AuthRequired>
            </Protocol>
            <Protocol>
              <Type>POP3</Type>
              <TTL>1</TTL>
              <Server>pop3.immae.eu</Server>
              <Port>110</Port>
              <DomainRequired>on</DomainRequired>
              <SPA>off</SPA>
              <SSL>off</SSL>
              <AuthRequired>on</AuthRequired>
            </Protocol>
            <Protocol>
              <Type>SMTP</Type>
              <TTL>1</TTL>
              <Server>smtp.immae.eu</Server>
              <Port>587</Port>
              <DomainRequired>on</DomainRequired>
              <SPA>off</SPA>
              <SSL>off</SSL>
              <AuthRequired>on</AuthRequired>
            </Protocol>
            <Protocol>
              <Type>IMAP</Type>
              <TTL>1</TTL>
              <Server>imap.immae.eu</Server>
              <Port>993</Port>
              <DomainRequired>on</DomainRequired>
              <SPA>off</SPA>
              <SSL>on</SSL>
              <AuthRequired>on</AuthRequired>
            </Protocol>
            <Protocol>
              <Type>POP3</Type>
              <TTL>1</TTL>
              <Server>pop3.immae.eu</Server>
              <Port>995</Port>
              <DomainRequired>on</DomainRequired>
              <SPA>off</SPA>
              <SSL>on</SSL>
              <AuthRequired>on</AuthRequired>
            </Protocol>
            <Protocol>
              <Type>SMTP</Type>
              <TTL>1</TTL>
              <Server>smtp.immae.eu</Server>
              <Port>465</Port>
              <DomainRequired>on</DomainRequired>
              <SPA>off</SPA>
              <SSL>on</SSL>
              <AuthRequired>on</AuthRequired>
            </Protocol>
          </Account>
        </Response>
      </Autodiscover>
    '';
  in
    pkgs.runCommand "autoconfig" {} ''
      mkdir -p $out/mail
      ln -s ${autoconfig} $out/mail/config-v1.1.xml
      mkdir -p $out/AutoDiscover
      ln -s ${autodiscover} $out/AutoDiscover/AutoDiscover.xml
      mkdir -p $out/Autodiscover
      ln -s ${autodiscover} $out/Autodiscover/Autodiscover.xml
      mkdir -p $out/autodiscover
      ln -s ${autodiscover} $out/autodiscover/autodiscover.xml
    '';
  cfg = config.myServices.websites.tools.email;
in
{
  config = lib.mkIf cfg.enable {
    security.acme.certs.mail.extraDomainNames =
      [ "mta-sts.mail.immae.eu" "autoconfig.mail.immae.eu" "autodiscover.mail.immae.eu" ]
      ++ map (v: "mta-sts.${v.fqdn}") domains
      ++ map (v: "autoconfig.${v.fqdn}") domains
      ++ map (v: "autodiscover.${v.fqdn}") domains;
    services.websites.env.tools.vhostConfs.mta_sts = {
      certName   = "mail";
      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
      root = root;
      extraConfig = [
        ''
          RewriteEngine on
          RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
          RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
          <Directory ${root}>
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };
    services.websites.env.tools.vhostConfs.mail_autoconfig = {
      certName = "mail";
      hosts = ["autoconfig.mail.immae.eu" "autodiscover.mail.immae.eu" ]
        ++ map (v: "autoconfig.${v.fqdn}") domains
        ++ map (v: "autodiscover.${v.fqdn}") domains;
      root = autoconfigRoot;
      extraConfig = [
        ''
          <Directory ${autoconfigRoot}>
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
afcc5de0	2	let
1a64deeb IB	3	getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
	4	bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones;
	5	domains = lib.flatten (builtins.attrValues bydomain);
619e4f46 IB	6	mxes = lib.mapAttrsToList
	7	(n: v: v.mx.subdomain)
	8	(lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
1a64deeb	9	file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" (
8cc7cb6b	10	builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
1a64deeb	11	++ (map (v: "mx: ${v}.${d.domain}") mxes)
8cc7cb6b IB	12	++ [ "max_age: 604800" ]
8cc7cb6b IB	13	));
afcc5de0 IB	14	root = pkgs.runCommand "mta-sts_root" {} ''
	15	mkdir -p $out
	16	${builtins.concatStringsSep "\n" (map (d:
1a64deeb	17	"cp ${file d} $out/${d.fqdn}.txt"
afcc5de0 IB	18	) domains)}
afcc5de0 IB	19	'';
6ce9fbeb IB	20	autoconfigRoot =
	21	let autoconfig = pkgs.writeText "config-v1.1.xml" ''
	22	<?xml version="1.0"?>
	23	<clientConfig version="1.1">
	24	<emailProvider id="mail.immae.eu">
	25	<domain>mail.immae.eu</domain>
	26	<domain>%EMAILDOMAIN%</domain>
	27	<displayName>Immae E-mail</displayName>
	28	<displayShortName>Immae E-mail</displayShortName>
	29
	30	<incomingServer type="imap">
	31	<hostname>imap.immae.eu</hostname>
	32	<port>143</port>
	33	<socketType>STARTTLS</socketType>
	34	<username>%EMAILADDRESS%</username>
	35	<authentication>password-cleartext</authentication>
	36	</incomingServer>
	37
	38	<incomingServer type="imap">
	39	<hostname>imap.immae.eu</hostname>
	40	<port>993</port>
	41	<socketType>SSL</socketType>
	42	<username>%EMAILADDRESS%</username>
	43	<authentication>password-cleartext</authentication>
	44	</incomingServer>
	45
	46	<incomingServer type="pop3">
	47	<hostname>pop.immae.eu</hostname>
	48	<port>110</port>
	49	<socketType>STARTTLS</socketType>
	50	<username>%EMAILADDRESS%</username>
	51	<authentication>password-cleartext</authentication>
	52	</incomingServer>
	53
	54	<incomingServer type="pop3">
	55	<hostname>pop.immae.eu</hostname>
	56	<port>995</port>
	57	<socketType>SSL</socketType>
	58	<username>%EMAILADDRESS%</username>
	59	<authentication>password-cleartext</authentication>
	60	</incomingServer>
	61
	62	<outgoingServer type="smtp">
	63	<hostname>smtp.immae.eu</hostname>
	64	<port>587</port>
	65	<socketType>STARTTLS</socketType>
	66	<username>%EMAILADDRESS%</username>
	67	<authentication>password-cleartext</authentication>
	68	</outgoingServer>
	69
	70	<outgoingServer type="smtp">
	71	<hostname>smtp.immae.eu</hostname>
	72	<port>465</port>
	73	<socketType>SSL</socketType>
	74	<username>%EMAILADDRESS%</username>
	75	<authentication>password-cleartext</authentication>
	76	</outgoingServer>
	77	</emailProvider>
	78	</clientConfig>
	79	'';
	80	autodiscover = pkgs.writeText "Autodiscover.xml" ''
	81	<?xml version="1.0" encoding="utf-8" ?>
	82	<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
	83	<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
84	<User>
85	<DisplayName>Name</DisplayName>
86	</User>
87	<Account>
88	<AccountType>email</AccountType>
89	<Action>settings</Action>
90	<Protocol>
91	<Type>IMAP</Type>
92	<TTL>1</TTL>
93	<Server>imap.immae.eu</Server>
94	<Port>143</Port>
95	<DomainRequired>on</DomainRequired>
96	<SPA>off</SPA>
97	<SSL>off</SSL>
98	<AuthRequired>on</AuthRequired>
99	</Protocol>
100	<Protocol>
101	<Type>POP3</Type>
102	<TTL>1</TTL>
103	<Server>pop3.immae.eu</Server>
104	<Port>110</Port>
105	<DomainRequired>on</DomainRequired>
106	<SPA>off</SPA>
107	<SSL>off</SSL>
108	<AuthRequired>on</AuthRequired>
109	</Protocol>
110	<Protocol>
111	<Type>SMTP</Type>
112	<TTL>1</TTL>
113	<Server>smtp.immae.eu</Server>
114	<Port>587</Port>
115	<DomainRequired>on</DomainRequired>
116	<SPA>off</SPA>
117	<SSL>off</SSL>
118	<AuthRequired>on</AuthRequired>
119	</Protocol>
120	<Protocol>
121	<Type>IMAP</Type>
122	<TTL>1</TTL>
123	<Server>imap.immae.eu</Server>
124	<Port>993</Port>
125	<DomainRequired>on</DomainRequired>
126	<SPA>off</SPA>
127	<SSL>on</SSL>
128	<AuthRequired>on</AuthRequired>
129	</Protocol>
130	<Protocol>
131	<Type>POP3</Type>
132	<TTL>1</TTL>
133	<Server>pop3.immae.eu</Server>
134	<Port>995</Port>
135	<DomainRequired>on</DomainRequired>
136	<SPA>off</SPA>
137	<SSL>on</SSL>
138	<AuthRequired>on</AuthRequired>
139	</Protocol>
140	<Protocol>
141	<Type>SMTP</Type>
142	<TTL>1</TTL>
143	<Server>smtp.immae.eu</Server>
144	<Port>465</Port>
145	<DomainRequired>on</DomainRequired>
146	<SPA>off</SPA>
147	<SSL>on</SSL>
148	<AuthRequired>on</AuthRequired>
149	</Protocol>
150	</Account>
151	</Response>
152	</Autodiscover>
153	'';
154	in
155	pkgs.runCommand "autoconfig" {} ''
156	mkdir -p $out/mail
157	ln -s ${autoconfig} $out/mail/config-v1.1.xml
158	mkdir -p $out/AutoDiscover
159	ln -s ${autodiscover} $out/AutoDiscover/AutoDiscover.xml
160	mkdir -p $out/Autodiscover
161	ln -s ${autodiscover} $out/Autodiscover/Autodiscover.xml
162	mkdir -p $out/autodiscover
163	ln -s ${autodiscover} $out/autodiscover/autodiscover.xml
164	'';
8415083e	165	cfg = config.myServices.websites.tools.email;
afcc5de0 IB	166	in
afcc5de0 IB	167	{
8415083e	168	config = lib.mkIf cfg.enable {
6ce9fbeb IB	169	security.acme.certs.mail.extraDomainNames =
	170	[ "mta-sts.mail.immae.eu" "autoconfig.mail.immae.eu" "autodiscover.mail.immae.eu" ]
	171	++ map (v: "mta-sts.${v.fqdn}") domains
	172	++ map (v: "autoconfig.${v.fqdn}") domains
	173	++ map (v: "autodiscover.${v.fqdn}") domains;
8415083e IB	174	services.websites.env.tools.vhostConfs.mta_sts = {
8415083e IB	175	certName = "mail";
1a64deeb	176	hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
750fe5a4	177	root = root;
8415083e IB	178	extraConfig = [
	179	''
	180	RewriteEngine on
	181	RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
	182	RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
750fe5a4	183	<Directory ${root}>
8415083e IB	184	Require all granted
	185	Options -Indexes
	186	</Directory>
	187	''
	188	];
	189	};
6ce9fbeb IB	190	services.websites.env.tools.vhostConfs.mail_autoconfig = {
	191	certName = "mail";
	192	hosts = ["autoconfig.mail.immae.eu" "autodiscover.mail.immae.eu" ]
	193	++ map (v: "autoconfig.${v.fqdn}") domains
	194	++ map (v: "autodiscover.${v.fqdn}") domains;
	195	root = autoconfigRoot;
	196	extraConfig = [
	197	''
	198	<Directory ${autoconfigRoot}>
	199	Require all granted
	200	Options -Indexes
	201	</Directory>
	202	''
	203	];
	204	};
afcc5de0	205	};
afcc5de0	206	}