diff options
Diffstat (limited to 'modules/private/dns.nix')
-rw-r--r-- | modules/private/dns.nix | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/modules/private/dns.nix b/modules/private/dns.nix index fb90824..ebced42 100644 --- a/modules/private/dns.nix +++ b/modules/private/dns.nix | |||
@@ -50,6 +50,18 @@ | |||
50 | '') | 50 | '') |
51 | cfg.zones } | 51 | cfg.zones } |
52 | ''; | 52 | ''; |
53 | mxes = lib.attrsets.filterAttrs | ||
54 | (n: v: v.mx.enable) | ||
55 | config.myEnv.servers; | ||
56 | ip4mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList | ||
57 | (n: v: "${v.mx.subdomain} IN A ${v.ips.main.ip4}") | ||
58 | mxes); | ||
59 | ip6mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList | ||
60 | (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN AAAA ${i}") v.ips.main.ip6)) | ||
61 | mxes); | ||
62 | mxmxes = n: conf: builtins.concatStringsSep "\n" (lib.mapAttrsToList | ||
63 | (_: v: "${n} IN MX ${v.mx.priority} ${v.mx.subdomain}.${conf.name}.") | ||
64 | mxes); | ||
53 | in lib.mkIf config.myServices.dns.enable { | 65 | in lib.mkIf config.myServices.dns.enable { |
54 | networking.firewall.allowedUDPPorts = [ 53 ]; | 66 | networking.firewall.allowedUDPPorts = [ 53 ]; |
55 | networking.firewall.allowedTCPPorts = [ 53 ]; | 67 | networking.firewall.allowedTCPPorts = [ 53 ]; |
@@ -94,10 +106,8 @@ | |||
94 | ${conf.entries} | 106 | ${conf.entries} |
95 | 107 | ||
96 | ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then '' | 108 | ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then '' |
97 | mx-1 IN A ${config.myEnv.servers.eldiron.ips.main.ip4} | 109 | ${ip4mxes} |
98 | mx-2 IN A ${config.myEnv.servers.immaeEu.ips.main.ip4} | 110 | ${ip6mxes} |
99 | ${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)} | ||
100 | ${builtins.concatStringsSep "\n" (map (i: "mx-2 IN AAAA ${i}") config.myEnv.servers.immaeEu.ips.main.ip6)} | ||
101 | ${lib.concatStringsSep "\n\n" (map (e: | 111 | ${lib.concatStringsSep "\n\n" (map (e: |
102 | let | 112 | let |
103 | n = if e.domain == "" then "@" else "${e.domain} "; | 113 | n = if e.domain == "" then "@" else "${e.domain} "; |
@@ -105,8 +115,7 @@ | |||
105 | in | 115 | in |
106 | '' | 116 | '' |
107 | ; ------------------ mail: ${n} --------------------------- | 117 | ; ------------------ mail: ${n} --------------------------- |
108 | ${n} IN MX 10 mx-1.${conf.name}. | 118 | ${mxmxes n conf} |
109 | ${n} IN MX 20 mx-2.${conf.name}. | ||
110 | 119 | ||
111 | ; https://tools.ietf.org/html/rfc6186 | 120 | ; https://tools.ietf.org/html/rfc6186 |
112 | _submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu. | 121 | _submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu. |
@@ -120,7 +129,7 @@ | |||
120 | ; MTA-STS | 129 | ; MTA-STS |
121 | ; https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/ | 130 | ; https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/ |
122 | ; https://support.google.com/a/answer/9261504 | 131 | ; https://support.google.com/a/answer/9261504 |
123 | _mta-sts${suffix} IN TXT "v=STSv1;id=20190630054629Z" | 132 | _mta-sts${suffix} IN TXT "v=STSv1;id=20200109150200Z" |
124 | _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu" | 133 | _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu" |
125 | mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4} | 134 | mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4} |
126 | ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)} | 135 | ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)} |