{ lib, pkgs, config, ... }:
let
- domains = (lib.remove null (lib.flatten (map
- (zone: map
- (e: if e.receive
- then {
- domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
- mail = zone.name;
- }
- else null
- )
- (zone.withEmail or [])
- )
- config.myEnv.dns.masterZones
- )));
+ getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
+ bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones;
+ domains = lib.flatten (builtins.attrValues bydomain);
mxes = lib.mapAttrsToList
(n: v: v.mx.subdomain)
(lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
- # FIXME: increase the id number in modules/private/dns.nix when this
- # file change (date -u +'%Y%m%d%H%M%S'Z)
- file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
+ file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" (
builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
- ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
+ ++ (map (v: "mx: ${v}.${d.domain}") mxes)
++ [ "max_age: 604800" ]
));
root = pkgs.runCommand "mta-sts_root" {} ''
mkdir -p $out
${builtins.concatStringsSep "\n" (map (d:
- "cp ${file d} $out/${d.domain}.txt"
+ "cp ${file d} $out/${d.fqdn}.txt"
) domains)}
'';
cfg = config.myServices.websites.tools.email;
in
{
config = lib.mkIf cfg.enable {
+ security.acme.certs.mail.extraDomainNames = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
services.websites.env.tools.vhostConfs.mta_sts = {
certName = "mail";
- addToCerts = true;
- hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
+ hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
root = root;
extraConfig = [
''
projects / perso / Immae / Config / Nix.git / blobdiff