aboutsummaryrefslogtreecommitdiff
path: root/modules/private/dns.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/dns.nix')
-rw-r--r--modules/private/dns.nix23
1 files changed, 16 insertions, 7 deletions
diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index fb90824..ebced42 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -50,6 +50,18 @@
50 '') 50 '')
51 cfg.zones } 51 cfg.zones }
52 ''; 52 '';
53 mxes = lib.attrsets.filterAttrs
54 (n: v: v.mx.enable)
55 config.myEnv.servers;
56 ip4mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList
57 (n: v: "${v.mx.subdomain} IN A ${v.ips.main.ip4}")
58 mxes);
59 ip6mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList
60 (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN AAAA ${i}") v.ips.main.ip6))
61 mxes);
62 mxmxes = n: conf: builtins.concatStringsSep "\n" (lib.mapAttrsToList
63 (_: v: "${n} IN MX ${v.mx.priority} ${v.mx.subdomain}.${conf.name}.")
64 mxes);
53 in lib.mkIf config.myServices.dns.enable { 65 in lib.mkIf config.myServices.dns.enable {
54 networking.firewall.allowedUDPPorts = [ 53 ]; 66 networking.firewall.allowedUDPPorts = [ 53 ];
55 networking.firewall.allowedTCPPorts = [ 53 ]; 67 networking.firewall.allowedTCPPorts = [ 53 ];
@@ -94,10 +106,8 @@
94 ${conf.entries} 106 ${conf.entries}
95 107
96 ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then '' 108 ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then ''
97 mx-1 IN A ${config.myEnv.servers.eldiron.ips.main.ip4} 109 ${ip4mxes}
98 mx-2 IN A ${config.myEnv.servers.immaeEu.ips.main.ip4} 110 ${ip6mxes}
99 ${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)}
100 ${builtins.concatStringsSep "\n" (map (i: "mx-2 IN AAAA ${i}") config.myEnv.servers.immaeEu.ips.main.ip6)}
101 ${lib.concatStringsSep "\n\n" (map (e: 111 ${lib.concatStringsSep "\n\n" (map (e:
102 let 112 let
103 n = if e.domain == "" then "@" else "${e.domain} "; 113 n = if e.domain == "" then "@" else "${e.domain} ";
@@ -105,8 +115,7 @@
105 in 115 in
106 '' 116 ''
107 ; ------------------ mail: ${n} --------------------------- 117 ; ------------------ mail: ${n} ---------------------------
108 ${n} IN MX 10 mx-1.${conf.name}. 118 ${mxmxes n conf}
109 ${n} IN MX 20 mx-2.${conf.name}.
110 119
111 ; https://tools.ietf.org/html/rfc6186 120 ; https://tools.ietf.org/html/rfc6186
112 _submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu. 121 _submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu.
@@ -120,7 +129,7 @@
120 ; MTA-STS 129 ; MTA-STS
121 ; https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/ 130 ; https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/
122 ; https://support.google.com/a/answer/9261504 131 ; https://support.google.com/a/answer/9261504
123 _mta-sts${suffix} IN TXT "v=STSv1;id=20190630054629Z" 132 _mta-sts${suffix} IN TXT "v=STSv1;id=20200109150200Z"
124 _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu" 133 _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu"
125 mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4} 134 mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4}
126 ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)} 135 ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-25 06:48:05 +0000