diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-07-10 11:51:34 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-07-10 11:51:34 +0200 |
| commit | ffac1727b92167ca6847b7ae3adc71f091d8048f (patch) | |
| tree | 7ff9c375782d347d6ef3da3a3d02b7e39aad3c44 /hosts/surtr/email | |
| parent | 20e7a2a2544afd682f487327aa42d1899784db98 (diff) | |
| download | nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.gz nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.bz2 nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.xz nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.zip | |
...
Diffstat (limited to 'hosts/surtr/email')
| -rw-r--r-- | hosts/surtr/email/default.nix | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index b952070b..e3437a6b 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
| @@ -580,6 +580,7 @@ in { | |||
| 580 | "mailin.bouncy.email" = {}; | 580 | "mailin.bouncy.email" = {}; |
| 581 | "mailsub.bouncy.email" = {}; | 581 | "mailsub.bouncy.email" = {}; |
| 582 | "imap.bouncy.email" = {}; | 582 | "imap.bouncy.email" = {}; |
| 583 | "mta-sts.bouncy.email" = {}; | ||
| 583 | "surtr.yggdrasil.li" = {}; | 584 | "surtr.yggdrasil.li" = {}; |
| 584 | } // listToAttrs (map (domain: nameValuePair "spm.${domain}" {}) spmDomains); | 585 | } // listToAttrs (map (domain: nameValuePair "spm.${domain}" {}) spmDomains); |
| 585 | 586 | ||
| @@ -637,13 +638,28 @@ in { | |||
| 637 | proxy_set_header SPM-DOMAIN "${domain}"; | 638 | proxy_set_header SPM-DOMAIN "${domain}"; |
| 638 | ''; | 639 | ''; |
| 639 | }; | 640 | }; |
| 640 | }) spmDomains); | 641 | }) spmDomains) // { |
| 642 | "mta-sts.bouncy.email" = { | ||
| 643 | locations."/".root = pkgs.runCommand "mta-sts" {} '' | ||
| 644 | mkdir -p $out/.well-known | ||
| 645 | cp ${pkgs.writeText "mta-sts.txt" '' | ||
| 646 | version: STSv1 | ||
| 647 | mode: testing | ||
| 648 | mx: mailin.bouncy.email | ||
| 649 | max_age: 604800 | ||
| 650 | ''} $out/.well-known/mta-sts.txt | ||
| 651 | ''; | ||
| 652 | }; | ||
| 653 | }; | ||
| 641 | }; | 654 | }; |
| 642 | 655 | ||
| 643 | systemd.services.nginx.serviceConfig.LoadCredential = concatMap (domain: [ | 656 | systemd.services.nginx.serviceConfig.LoadCredential = concatMap (domain: [ |
| 644 | "spm.${domain}.key.pem:${config.security.acme.certs."spm.${domain}".directory}/key.pem" | 657 | "spm.${domain}.key.pem:${config.security.acme.certs."spm.${domain}".directory}/key.pem" |
| 645 | "spm.${domain}.pem:${config.security.acme.certs."spm.${domain}".directory}/fullchain.pem" | 658 | "spm.${domain}.pem:${config.security.acme.certs."spm.${domain}".directory}/fullchain.pem" |
| 646 | ]) spmDomains; | 659 | ]) spmDomains ++ [ |
| 660 | "mta-sts.bouncy.email.key.pem:${config.security.acme.certs."mta-sts.bouncy.email".directory}/key.pem" | ||
| 661 | "mta-sts.bouncy.email.pem:${config.security.acme.certs."mta-sts.bouncy.email".directory}/fullchain.pem" | ||
| 662 | ]; | ||
| 647 | 663 | ||
| 648 | systemd.services.spm = { | 664 | systemd.services.spm = { |
| 649 | serviceConfig = { | 665 | serviceConfig = { |