From abd52b6aa1664d8af1aaa22b540ae3c63e491125 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 11 Jun 2024 10:49:39 +0200
Subject: ...

---
 hosts/surtr/email/default.nix | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

(limited to 'hosts')

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 23ac8aa1..bd72b10e 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -38,8 +38,9 @@ let
     set -e
     export PATH="${lib.makeBinPath (with pkgs; [inetutils nftables])}:$PATH"
 
-    typeset -a as_sets route route6
-    as_sets=(${lib.escapeShellArgs config.services.email.nologinASSets})
+    typeset -a as_sets mnt_bys route route6
+    as_sets=(${lib.escapeShellArgs config.services.email.nologin.ASSets})
+    mnt_bys=(${lib.escapeShellArgs config.services.email.nologin.MNTBys})
 
     for as_set in $as_sets; do
         while IFS=$'\n' read line; do
@@ -50,6 +51,15 @@ let
             fi
         done < <(whois -h whois.radb.net "!i''${as_set},1" | egrep -o 'AS[0-9]+' | xargs -- whois -h whois.radb.net -- -i origin)
     done
+    for mnt_by in $mnt_bys; do
+        while IFS=$'\n' read line; do
+            if [[ "''${line}" =~ "^route:\s+(.+)$" ]]; then
+                route+=($match[1])
+            elif [[ "''${line}" =~ "^route6:\s+(.+)$" ]]; then
+                route6+=($match[1])
+            fi
+        done < <(whois -h whois.radb.net "!o''${mnt_by}")
+    done
 
     printf -v elements4 '%s,' "''${route[@]}"
     elements4=''${elements4%,}
@@ -67,9 +77,15 @@ let
   emailDomains = spmDomains ++ ["kleen.consulting"];
 in {
   options = {
-    services.email.nologinASSets = mkOption {
-      type = types.listOf types.str;
-      default = [];
+    services.email.nologin = {
+      ASSets = mkOption {
+        type = types.listOf types.str;
+        default = [];
+      };
+      MNTBys = mkOption {
+        type = types.listOf types.str;
+        default = [];
+      };
     };
   };
 
@@ -957,7 +973,7 @@ in {
       '';
     };
 
-    services.email.nologinASSets = ["AS-MICROSOFT"];
+    services.email.nologin.MNTBys = ["MICROSOFT-MAINT"];
     systemd.services.nftables.serviceConfig = {
       ExecStart = lib.mkAfter [ nftables-nologin-script ];
       ExecReload = lib.mkAfter [ nftables-nologin-script ];
-- 
cgit v1.2.3