diff options
Diffstat (limited to 'systems/eldiron/websites/mail/mta-sts.nix')
-rw-r--r-- | systems/eldiron/websites/mail/mta-sts.nix | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/systems/eldiron/websites/mail/mta-sts.nix b/systems/eldiron/websites/mail/mta-sts.nix new file mode 100644 index 0000000..2438702 --- /dev/null +++ b/systems/eldiron/websites/mail/mta-sts.nix | |||
@@ -0,0 +1,42 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies); | ||
4 | bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones; | ||
5 | domains = lib.flatten (builtins.attrValues bydomain); | ||
6 | mxes = lib.mapAttrsToList | ||
7 | (n: v: v.mx.subdomain) | ||
8 | (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers); | ||
9 | file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" ( | ||
10 | builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ] | ||
11 | ++ (map (v: "mx: ${v}.${d.domain}") mxes) | ||
12 | ++ [ "max_age: 604800" ] | ||
13 | )); | ||
14 | root = pkgs.runCommand "mta-sts_root" {} '' | ||
15 | mkdir -p $out | ||
16 | ${builtins.concatStringsSep "\n" (map (d: | ||
17 | "cp ${file d} $out/${d.fqdn}.txt" | ||
18 | ) domains)} | ||
19 | ''; | ||
20 | cfg = config.myServices.websites.tools.email; | ||
21 | in | ||
22 | { | ||
23 | config = lib.mkIf cfg.enable { | ||
24 | security.acme.certs.mail.extraDomainNames = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains; | ||
25 | services.websites.env.tools.vhostConfs.mta_sts = { | ||
26 | certName = "mail"; | ||
27 | hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains; | ||
28 | root = root; | ||
29 | extraConfig = [ | ||
30 | '' | ||
31 | RewriteEngine on | ||
32 | RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ | ||
33 | RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] | ||
34 | <Directory ${root}> | ||
35 | Require all granted | ||
36 | Options -Indexes | ||
37 | </Directory> | ||
38 | '' | ||
39 | ]; | ||
40 | }; | ||
41 | }; | ||
42 | } | ||