diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/tools/mail/mta-sts.nix | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'modules/private/websites/tools/mail/mta-sts.nix')
-rw-r--r-- | modules/private/websites/tools/mail/mta-sts.nix | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix deleted file mode 100644 index 77ba2d4..0000000 --- a/modules/private/websites/tools/mail/mta-sts.nix +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | domains = (lib.remove null (lib.flatten (map | ||
4 | (zone: map | ||
5 | (e: if e.receive | ||
6 | then { | ||
7 | domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}"; | ||
8 | mail = zone.name; | ||
9 | } | ||
10 | else null | ||
11 | ) | ||
12 | (zone.withEmail or []) | ||
13 | ) | ||
14 | config.myEnv.dns.masterZones | ||
15 | ))); | ||
16 | mxes = lib.mapAttrsToList | ||
17 | (n: v: v.mx.subdomain) | ||
18 | (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers); | ||
19 | # FIXME: increase the id number in modules/private/dns.nix when this | ||
20 | # file change (date -u +'%Y%m%d%H%M%S'Z) | ||
21 | file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ( | ||
22 | builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ] | ||
23 | ++ (map (v: "mx: ${v}.${domain.mail}") mxes) | ||
24 | ++ [ "max_age: 604800" ] | ||
25 | )); | ||
26 | root = pkgs.runCommand "mta-sts_root" {} '' | ||
27 | mkdir -p $out | ||
28 | ${builtins.concatStringsSep "\n" (map (d: | ||
29 | "cp ${file d} $out/${d.domain}.txt" | ||
30 | ) domains)} | ||
31 | ''; | ||
32 | cfg = config.myServices.websites.tools.email; | ||
33 | in | ||
34 | { | ||
35 | config = lib.mkIf cfg.enable { | ||
36 | services.websites.env.tools.vhostConfs.mta_sts = { | ||
37 | certName = "mail"; | ||
38 | addToCerts = true; | ||
39 | hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains; | ||
40 | root = root; | ||
41 | extraConfig = [ | ||
42 | '' | ||
43 | RewriteEngine on | ||
44 | RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ | ||
45 | RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] | ||
46 | <Directory ${root}> | ||
47 | Require all granted | ||
48 | Options -Indexes | ||
49 | </Directory> | ||
50 | '' | ||
51 | ]; | ||
52 | }; | ||
53 | }; | ||
54 | } | ||