From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/private/websites/tools/mail/mta-sts.nix | 54 ------------------------- 1 file changed, 54 deletions(-) delete mode 100644 modules/private/websites/tools/mail/mta-sts.nix (limited to 'modules/private/websites/tools/mail/mta-sts.nix') diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix deleted file mode 100644 index 77ba2d4..0000000 --- a/modules/private/websites/tools/mail/mta-sts.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ lib, pkgs, config, ... }: -let - domains = (lib.remove null (lib.flatten (map - (zone: map - (e: if e.receive - then { - domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}"; - mail = zone.name; - } - else null - ) - (zone.withEmail or []) - ) - config.myEnv.dns.masterZones - ))); - mxes = lib.mapAttrsToList - (n: v: v.mx.subdomain) - (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers); - # FIXME: increase the id number in modules/private/dns.nix when this - # file change (date -u +'%Y%m%d%H%M%S'Z) - file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ( - builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ] - ++ (map (v: "mx: ${v}.${domain.mail}") mxes) - ++ [ "max_age: 604800" ] - )); - root = pkgs.runCommand "mta-sts_root" {} '' - mkdir -p $out - ${builtins.concatStringsSep "\n" (map (d: - "cp ${file d} $out/${d.domain}.txt" - ) domains)} - ''; - cfg = config.myServices.websites.tools.email; -in -{ - config = lib.mkIf cfg.enable { - services.websites.env.tools.vhostConfs.mta_sts = { - certName = "mail"; - addToCerts = true; - hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains; - root = root; - extraConfig = [ - '' - RewriteEngine on - RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$ - RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L] - - Require all granted - Options -Indexes - - '' - ]; - }; - }; -} -- cgit v1.2.3