summaryrefslogtreecommitdiff
path: root/hosts/surtr/email/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/email/default.nix')
-rw-r--r--hosts/surtr/email/default.nix28
1 files changed, 22 insertions, 6 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 23ac8aa1..bd72b10e 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -38,8 +38,9 @@ let
38 set -e 38 set -e
39 export PATH="${lib.makeBinPath (with pkgs; [inetutils nftables])}:$PATH" 39 export PATH="${lib.makeBinPath (with pkgs; [inetutils nftables])}:$PATH"
40 40
41 typeset -a as_sets route route6 41 typeset -a as_sets mnt_bys route route6
42 as_sets=(${lib.escapeShellArgs config.services.email.nologinASSets}) 42 as_sets=(${lib.escapeShellArgs config.services.email.nologin.ASSets})
43 mnt_bys=(${lib.escapeShellArgs config.services.email.nologin.MNTBys})
43 44
44 for as_set in $as_sets; do 45 for as_set in $as_sets; do
45 while IFS=$'\n' read line; do 46 while IFS=$'\n' read line; do
@@ -50,6 +51,15 @@ let
50 fi 51 fi
51 done < <(whois -h whois.radb.net "!i''${as_set},1" | egrep -o 'AS[0-9]+' | xargs -- whois -h whois.radb.net -- -i origin) 52 done < <(whois -h whois.radb.net "!i''${as_set},1" | egrep -o 'AS[0-9]+' | xargs -- whois -h whois.radb.net -- -i origin)
52 done 53 done
54 for mnt_by in $mnt_bys; do
55 while IFS=$'\n' read line; do
56 if [[ "''${line}" =~ "^route:\s+(.+)$" ]]; then
57 route+=($match[1])
58 elif [[ "''${line}" =~ "^route6:\s+(.+)$" ]]; then
59 route6+=($match[1])
60 fi
61 done < <(whois -h whois.radb.net "!o''${mnt_by}")
62 done
53 63
54 printf -v elements4 '%s,' "''${route[@]}" 64 printf -v elements4 '%s,' "''${route[@]}"
55 elements4=''${elements4%,} 65 elements4=''${elements4%,}
@@ -67,9 +77,15 @@ let
67 emailDomains = spmDomains ++ ["kleen.consulting"]; 77 emailDomains = spmDomains ++ ["kleen.consulting"];
68in { 78in {
69 options = { 79 options = {
70 services.email.nologinASSets = mkOption { 80 services.email.nologin = {
71 type = types.listOf types.str; 81 ASSets = mkOption {
72 default = []; 82 type = types.listOf types.str;
83 default = [];
84 };
85 MNTBys = mkOption {
86 type = types.listOf types.str;
87 default = [];
88 };
73 }; 89 };
74 }; 90 };
75 91
@@ -957,7 +973,7 @@ in {
957 ''; 973 '';
958 }; 974 };
959 975
960 services.email.nologinASSets = ["AS-MICROSOFT"]; 976 services.email.nologin.MNTBys = ["MICROSOFT-MAINT"];
961 systemd.services.nftables.serviceConfig = { 977 systemd.services.nftables.serviceConfig = {
962 ExecStart = lib.mkAfter [ nftables-nologin-script ]; 978 ExecStart = lib.mkAfter [ nftables-nologin-script ];
963 ExecReload = lib.mkAfter [ nftables-nologin-script ]; 979 ExecReload = lib.mkAfter [ nftables-nologin-script ];
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 21:50:57 +0000