diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-06-11 10:49:39 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-06-11 10:49:39 +0200 |
| commit | abd52b6aa1664d8af1aaa22b540ae3c63e491125 (patch) | |
| tree | 3698ec428b89c4298a796aab0d3b073f8e83a1bf | |
| parent | c2a1e00b26b7e65305a36aa817a311ecbd2d831c (diff) | |
| download | nixos-abd52b6aa1664d8af1aaa22b540ae3c63e491125.tar nixos-abd52b6aa1664d8af1aaa22b540ae3c63e491125.tar.gz nixos-abd52b6aa1664d8af1aaa22b540ae3c63e491125.tar.bz2 nixos-abd52b6aa1664d8af1aaa22b540ae3c63e491125.tar.xz nixos-abd52b6aa1664d8af1aaa22b540ae3c63e491125.zip | |
...
| -rw-r--r-- | hosts/surtr/email/default.nix | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 23ac8aa1..bd72b10e 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
| @@ -38,8 +38,9 @@ let | |||
| 38 | set -e | 38 | set -e |
| 39 | export PATH="${lib.makeBinPath (with pkgs; [inetutils nftables])}:$PATH" | 39 | export PATH="${lib.makeBinPath (with pkgs; [inetutils nftables])}:$PATH" |
| 40 | 40 | ||
| 41 | typeset -a as_sets route route6 | 41 | typeset -a as_sets mnt_bys route route6 |
| 42 | as_sets=(${lib.escapeShellArgs config.services.email.nologinASSets}) | 42 | as_sets=(${lib.escapeShellArgs config.services.email.nologin.ASSets}) |
| 43 | mnt_bys=(${lib.escapeShellArgs config.services.email.nologin.MNTBys}) | ||
| 43 | 44 | ||
| 44 | for as_set in $as_sets; do | 45 | for as_set in $as_sets; do |
| 45 | while IFS=$'\n' read line; do | 46 | while IFS=$'\n' read line; do |
| @@ -50,6 +51,15 @@ let | |||
| 50 | fi | 51 | fi |
| 51 | done < <(whois -h whois.radb.net "!i''${as_set},1" | egrep -o 'AS[0-9]+' | xargs -- whois -h whois.radb.net -- -i origin) | 52 | done < <(whois -h whois.radb.net "!i''${as_set},1" | egrep -o 'AS[0-9]+' | xargs -- whois -h whois.radb.net -- -i origin) |
| 52 | done | 53 | done |
| 54 | for mnt_by in $mnt_bys; do | ||
| 55 | while IFS=$'\n' read line; do | ||
| 56 | if [[ "''${line}" =~ "^route:\s+(.+)$" ]]; then | ||
| 57 | route+=($match[1]) | ||
| 58 | elif [[ "''${line}" =~ "^route6:\s+(.+)$" ]]; then | ||
| 59 | route6+=($match[1]) | ||
| 60 | fi | ||
| 61 | done < <(whois -h whois.radb.net "!o''${mnt_by}") | ||
| 62 | done | ||
| 53 | 63 | ||
| 54 | printf -v elements4 '%s,' "''${route[@]}" | 64 | printf -v elements4 '%s,' "''${route[@]}" |
| 55 | elements4=''${elements4%,} | 65 | elements4=''${elements4%,} |
| @@ -67,9 +77,15 @@ let | |||
| 67 | emailDomains = spmDomains ++ ["kleen.consulting"]; | 77 | emailDomains = spmDomains ++ ["kleen.consulting"]; |
| 68 | in { | 78 | in { |
| 69 | options = { | 79 | options = { |
| 70 | services.email.nologinASSets = mkOption { | 80 | services.email.nologin = { |
| 71 | type = types.listOf types.str; | 81 | ASSets = mkOption { |
| 72 | default = []; | 82 | type = types.listOf types.str; |
| 83 | default = []; | ||
| 84 | }; | ||
| 85 | MNTBys = mkOption { | ||
| 86 | type = types.listOf types.str; | ||
| 87 | default = []; | ||
| 88 | }; | ||
| 73 | }; | 89 | }; |
| 74 | }; | 90 | }; |
| 75 | 91 | ||
| @@ -957,7 +973,7 @@ in { | |||
| 957 | ''; | 973 | ''; |
| 958 | }; | 974 | }; |
| 959 | 975 | ||
| 960 | services.email.nologinASSets = ["AS-MICROSOFT"]; | 976 | services.email.nologin.MNTBys = ["MICROSOFT-MAINT"]; |
| 961 | systemd.services.nftables.serviceConfig = { | 977 | systemd.services.nftables.serviceConfig = { |
| 962 | ExecStart = lib.mkAfter [ nftables-nologin-script ]; | 978 | ExecStart = lib.mkAfter [ nftables-nologin-script ]; |
| 963 | ExecReload = lib.mkAfter [ nftables-nologin-script ]; | 979 | ExecReload = lib.mkAfter [ nftables-nologin-script ]; |