DANE

author: Gregor Kleen <pngwjpgh@users.noreply.github.com> 2016-10-24 19:47:13 +0200
committer: Gregor Kleen <pngwjpgh@users.noreply.github.com> 2016-10-24 19:47:13 +0200
commit: 67606c341a7bb78dad44d120b0387e82d5e26a28 (patch)
tree: 2dc5451e6b348eb90694f4d40c790757519bb127
parent: a593e9a4e8a58dc52ec69ec40b16273804dda379 (diff)
download: nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar
nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar.gz
nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar.bz2
nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar.xz
nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.zip
4 files changed, 14 insertions, 4 deletions
diff --git a/custom/tinc/laeradhr.nix b/custom/tinc/laeradhr.nix
index b40e3d2a..abf309f0 100644
--- a/custom/tinc/laeradhr.nix
+++ b/custom/tinc/laeradhr.nix
@@ -4,6 +4,7 @@
 , name
 , connect ? true
 , ipConf ? {}
+, useDNS ? true
 }:
@@ -19,10 +20,10 @@ in {
      tinc-up = ''
        #!${stdenv.shell}
        ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
-        ${openresolv}/bin/resolvconf -m 0 -a tinc.laeradhr <<EOF
+        ${if useDNS then ''${openresolv}/bin/resolvconf -m 0 -a tinc.laeradhr <<EOF
        domain yggdrasil
        nameserver 10.141.1.1
-        EOF
+        EOF'' else ""}
      '';
      tinc-down = ''
        #!${stdenv.shell}
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 7c028824..53b8b85e 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -4,6 +4,7 @@
 , name
 , connect ? true
 , ipConf ? {}
+, useDNS ? true
 }:
@@ -22,10 +23,10 @@ in {
      tinc-up = ''
        #!${stdenv.shell}
        ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
-        ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
+        ${if useDNS then ''${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
        domain yggdrasil
        nameserver 10.141.1.1
-        EOF
+        EOF'' else ""}
      '';
      tinc-down = ''
        #!${stdenv.shell}
diff --git a/hel.nix b/hel.nix
index 00ccf77e..c189b723 100644
--- a/hel.nix
+++ b/hel.nix
@@ -214,6 +214,10 @@
        smtp_sasl_password_maps = texthash:/var/db/postfix/sasl_passwd
        smtp_cname_overrides_servername = no
        smtp_always_send_ehlo = yes
+        smtp_tls_loglevel = 1
+        smtp_dns_support_level = dnssec
+        smtp_tls_security_level = dane
      '';
    };
diff --git a/ymir.nix b/ymir.nix
index 66371833..24827e65 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -245,6 +245,7 @@ in rec {
    inherit (pkgs) stdenv nettools openresolv;
    name = "ymir";
    connect = false;
+    useDNS = false;
    ipConf = {
      ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
    };
@@ -379,6 +380,9 @@ in rec {
      #enable TLS logging to see the ciphers for outbound connections
      smtp_tls_loglevel = 1
+      smtp_dns_support_level = dnssec
+      smtp_tls_security_level = dane
      transport_maps = regexp:${pkgs.writeText "transport" ''
        /^gkleen[@\+]/ uucp:isaac
        /@(lists?|l)\./ mlmmj:
author	Gregor Kleen <pngwjpgh@users.noreply.github.com>	2016-10-24 19:47:13 +0200
committer	Gregor Kleen <pngwjpgh@users.noreply.github.com>	2016-10-24 19:47:13 +0200
commit	67606c341a7bb78dad44d120b0387e82d5e26a28 (patch)
tree	2dc5451e6b348eb90694f4d40c790757519bb127
parent	a593e9a4e8a58dc52ec69ec40b16273804dda379 (diff)
download	nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar.gz nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar.bz2 nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.tar.xz nixos-67606c341a7bb78dad44d120b0387e82d5e26a28.zip