blob: 24387027a1e64ca8b8522f0c6e6865e1a5352bd2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
{ lib, pkgs, config, ... }:
let
getDomains = p: lib.mapAttrsToList (n: v: v) (lib.filterAttrs (n: v: v.receive) p.emailPolicies);
bydomain = builtins.mapAttrs (n: getDomains) config.myServices.dns.zones;
domains = lib.flatten (builtins.attrValues bydomain);
mxes = lib.mapAttrsToList
(n: v: v.mx.subdomain)
(lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
file = d: pkgs.writeText "mta-sts-${d.fqdn}.txt" (
builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
++ (map (v: "mx: ${v}.${d.domain}") mxes)
++ [ "max_age: 604800" ]
));
root = pkgs.runCommand "mta-sts_root" {} ''
mkdir -p $out
${builtins.concatStringsSep "\n" (map (d:
"cp ${file d} $out/${d.fqdn}.txt"
) domains)}
'';
cfg = config.myServices.websites.tools.email;
in
{
config = lib.mkIf cfg.enable {
security.acme.certs.mail.extraDomainNames = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
services.websites.env.tools.vhostConfs.mta_sts = {
certName = "mail";
hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.fqdn}") domains;
root = root;
extraConfig = [
''
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
<Directory ${root}>
Require all granted
Options -Indexes
</Directory>
''
];
};
};
}
|
