sys/ns: add locally-managed MX, DMARC, DKIM, SPF records

author: Alejandro Soto <alejandro@34project.org> 2024-08-04 16:37:43 -0600
committer: Alejandro Soto <alejandro@34project.org> 2024-08-04 16:57:20 -0600
commit: fef4cafe585eae8778dfa227130e780abdf839cb (patch)
tree: 58295602da41f2621cc567375044d5879ccb7fdc /sys/ns/mx.nix
parent: 9bc208cd34b2f015e205ccafba6f368091c1ad1a (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/sys/ns/mx.nix b/sys/ns/mx.nix
new file mode 100644
index 0000000..5c7d3d0
--- /dev/null
+++ b/sys/ns/mx.nix
@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+with lib; let
+  inherit (config.local) domains;
+in
+{
+  options.local.ns.zones = mkOption {
+    type = with lib.types; attrsOf (submodule ({ config, name, ... }: {
+      options.localMX = {
+        enable = mkEnableOption "local MX settings";
+      };
+
+      config = mkIf config.localMX.enable {
+        mx = [
+          { name = "@"; priority = 10; host = "${domains.smtp.main}."; }
+          { name = "@"; priority = 20; host = "mxbackup1.junkemailfilter.com."; }
+          { name = "@"; priority = 30; host = "mxbackup2.junkemailfilter.com."; }
+        ];
+
+        txt = [
+          { name = "@"; text = "v=spf1 mx a -all"; }
+          { name = "_dmarc"; text = "v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;fo=1;rf=afrf;rua=mailto:postmaster@${name}"; }
+          { name = "_adsp._domainkey"; text = "dkim=all"; }
+        ] ++ map
+          (selector: {
+            name = "${toString selector}._domainkey";
+            text = readFile (./dkim + "/${toString selector}.txt");
+          }) [ 202001 202102 202402 202408 ];
+      };
+    }));
+  };
+}
author	Alejandro Soto <alejandro@34project.org>	2024-08-04 16:37:43 -0600
committer	Alejandro Soto <alejandro@34project.org>	2024-08-04 16:57:20 -0600
commit	fef4cafe585eae8778dfa227130e780abdf839cb (patch)
tree	58295602da41f2621cc567375044d5879ccb7fdc /sys/ns/mx.nix
parent	9bc208cd34b2f015e205ccafba6f368091c1ad1a (diff)