diff options
| -rw-r--r-- | sys/ns/default.nix | 1 | ||||
| -rw-r--r-- | sys/ns/dkim/README.md | 1 | ||||
| -rw-r--r-- | sys/ns/mx.nix | 31 |
3 files changed, 33 insertions, 0 deletions
diff --git a/sys/ns/default.nix b/sys/ns/default.nix index 47d97d7..d9e0063 100644 --- a/sys/ns/default.nix +++ b/sys/ns/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./mx.nix ./ns.nix ./nsd.nix ./rr.nix diff --git a/sys/ns/dkim/README.md b/sys/ns/dkim/README.md new file mode 100644 index 0000000..37073ba --- /dev/null +++ b/sys/ns/dkim/README.md @@ -0,0 +1 @@ +# This directory has been lustrated. diff --git a/sys/ns/mx.nix b/sys/ns/mx.nix new file mode 100644 index 0000000..5c7d3d0 --- /dev/null +++ b/sys/ns/mx.nix @@ -0,0 +1,31 @@ +{ config, lib, ... }: +with lib; let + inherit (config.local) domains; +in +{ + options.local.ns.zones = mkOption { + type = with lib.types; attrsOf (submodule ({ config, name, ... }: { + options.localMX = { + enable = mkEnableOption "local MX settings"; + }; + + config = mkIf config.localMX.enable { + mx = [ + { name = "@"; priority = 10; host = "${domains.smtp.main}."; } + { name = "@"; priority = 20; host = "mxbackup1.junkemailfilter.com."; } + { name = "@"; priority = 30; host = "mxbackup2.junkemailfilter.com."; } + ]; + + txt = [ + { name = "@"; text = "v=spf1 mx a -all"; } + { name = "_dmarc"; text = "v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;fo=1;rf=afrf;rua=mailto:postmaster@${name}"; } + { name = "_adsp._domainkey"; text = "dkim=all"; } + ] ++ map + (selector: { + name = "${toString selector}._domainkey"; + text = readFile (./dkim + "/${toString selector}.txt"); + }) [ 202001 202102 202402 202408 ]; + }; + })); + }; +} |