diff options
author | Azat Bahawi <azat@bahawi.net> | 2023-05-06 18:55:06 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2023-05-06 18:55:06 +0300 |
commit | 8f7371998f813857f25afef4160075665f924ab7 (patch) | |
tree | 7bffc723cbed32ab8aacae2feaf60de039bd3ff3 /modules/nixos/nsd.nix | |
parent | 2023-05-04 (diff) |
2023-05-06
Diffstat (limited to 'modules/nixos/nsd.nix')
-rw-r--r-- | modules/nixos/nsd.nix | 58 |
1 files changed, 49 insertions, 9 deletions
diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix index 255c787..f8d9e4b 100644 --- a/modules/nixos/nsd.nix +++ b/modules/nixos/nsd.nix @@ -19,6 +19,27 @@ in { }; config = mkIf cfg.enable { + nixfiles.modules.nginx = let + domain = my.domain.shire; + in { + enable = true; + virtualHosts = mapAttrs' (_: v: + nameValuePair "mta-sts.${v}" { + locations."= /.well-known/mta-sts.txt" = { + extraConfig = '' + add_header default_type text/plain; + ''; + return = "200 '${concatStringsSep "\\r\\n" [ + "version: STSv1" + "mode: enforce" + "max_age: 2419200" + "mx: ${domain}" + ]}'"; + }; + }) + my.domain; + }; + services = { nsd = { enable = true; @@ -40,8 +61,8 @@ in { domain ? my.domain.shire, dkimKey ? null, }: { - MX = [(mx.mx 10 "${domain}.")]; - TXT = [(spf.strict ["a" "mx"])]; + MX = [(mx.mx 10 "${my.domain.shire}.")]; + TXT = [(spf.soft ["a"])]; DMARC = [ { p = "quarantine"; @@ -54,6 +75,7 @@ in { selector = "mail"; p = dkimKey; }; + subdomains._mta-sts.TXT = ["v=STSv1; id=20230506134541Z"]; }; mkZone = { @@ -88,10 +110,11 @@ in { ariadneIdProof.TXT = ["openpgp4fpr:${my.pgp.fingerprint}"]; in mkMerge [ - (mkZone { + (mkZone rec { domain = my.domain.shire; extra = mkMerge [ (mkEmailEntries { + inherit domain; dkimKey = "@DKIM_KEY@"; }) { @@ -103,6 +126,8 @@ in { yavanna = ips "yavanna"; "*.yavanna" = yavanna; + mta-sts = manwe; + ns1 = manwe; # ns2 = varda; @@ -124,37 +149,52 @@ in { } ]; }) - (mkZone { + (mkZone rec { domain = my.domain.azahi; extra = mkMerge [ (mkEmailEntries { + inherit domain; dkimKey = "@DKIM_KEY@"; }) ariadneIdProof { - subdomains.git = ips "manwe"; + subdomains = { + mta-sts = ips "manwe"; + + git = ips "manwe"; + }; } ]; }) - (mkZone { + (mkZone rec { domain = my.domain.gondor; extra = mkMerge [ (mkEmailEntries { + inherit domain; dkimKey = "@DKIM_KEY@"; }) { - subdomains.frodo = ips "manwe" // ariadneIdProof; + subdomains = { + mta-sts = ips "manwe"; + + frodo = ips "manwe" // ariadneIdProof; + }; } ]; }) - (mkZone { + (mkZone rec { domain = my.domain.rohan; extra = mkMerge [ (mkEmailEntries { + inherit domain; dkimKey = "@DKIM_KEY@"; }) { - subdomains.frodo = ips "manwe" // ariadneIdProof; + subdomains = { + mta-sts = ips "manwe"; + + frodo = ips "manwe" // ariadneIdProof; + }; } ]; }) |