diff options
Diffstat (limited to 'sys/ns/mx.nix')
| -rw-r--r-- | sys/ns/mx.nix | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/sys/ns/mx.nix b/sys/ns/mx.nix new file mode 100644 index 0000000..892b684 --- /dev/null +++ b/sys/ns/mx.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + ... +}: +with lib; let + inherit (config.local) domains; +in { + options.local.ns.zones = mkOption { + type = with lib.types; + attrsOf (submodule ({ + config, + name, + ... + }: { + options.localMX = { + enable = mkEnableOption "local MX settings"; + }; + + config = mkIf config.localMX.enable { + mx = [ + { + name = "@"; + priority = 10; + host = "${domains.smtp.gated}."; + } + { + name = "@"; + priority = 20; + host = "${domains.smtp-backup.main}."; + } + # Many thanks to junkemailfilter.com for all their years of service. RIP. + #{ name = "@"; priority = 30; host = "mxbackup1.junkemailfilter.com."; } + #{ name = "@"; priority = 40; host = "mxbackup2.junkemailfilter.com."; } + ]; + + txt = + [ + { + name = "@"; + text = "v=spf1 mx a -all"; + } + { + name = "_dmarc"; + text = "v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;fo=1;rf=afrf;rua=mailto:postmaster@${name}"; + } + { + name = "_adsp._domainkey"; + text = "dkim=all"; + } + ] + ++ map + (selector: { + name = "${toString selector}._domainkey"; + text = readFile (./dkim + "/${toString selector}.txt"); + }) [202001 202102 202402 202408]; + }; + })); + }; +} |