blob: bedefdaf8643b0c63b14ec445f8704f21cc442c3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
{ lib, pkgs, config, myconfig, ... }:
let
domains = (lib.remove null (lib.flatten (map
(zone: map
(e: if e.receive
then {
domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
mail = zone.name;
}
else null
)
(zone.withEmail or [])
)
myconfig.env.dns.masterZones
)));
# FIXME: increase the id number in modules/private/dns.nix when this
# file change (date -u +'%Y%m%d%H%M%S'Z)
file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" ''
version: STSv1
mode: testing
mx: mx-1.${domain.mail}
mx: mx-2.${domain.mail}
max_age: 604800
'';
root = pkgs.runCommand "mta-sts_root" {} ''
mkdir -p $out
${builtins.concatStringsSep "\n" (map (d:
"cp ${file d} $out/${d.domain}.txt"
) domains)}
'';
in
{
config.myServices.websites.webappDirs = {
_mta-sts = root;
};
config.services.websites.env.tools.vhostConfs.mta_sts = {
certName = "mail";
addToCerts = true;
hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
root = "/run/current-system/webapps/_mta-sts";
extraConfig = [
''
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
<Directory /run/current-system/webapps/_mta-sts>
Require all granted
Options -Indexes
</Directory>
''
];
};
}
|
