diff options
-rw-r--r-- | mail.nix | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/mail.nix b/mail.nix index 2909d36..91cadd9 100644 --- a/mail.nix +++ b/mail.nix @@ -16,7 +16,7 @@ # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see <https://www.gnu.org/licenses/>. -{ config, options, ... }: +{ config, options, pkgs, ... }: let certDir = config.security.acme.certs.${hostname}.directory; domain = config.networking.domain; @@ -72,11 +72,28 @@ in { }; }; - nginx.virtualHosts.${hostname} = let alps = config.services.alps; - in { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; + nginx.virtualHosts = { + "mta-sts.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/".root = pkgs.writeTextFile { + name = "mta-sts.txt"; + text = '' + version: STSv1 + mode: enforce + max_age: 604800 + mx: ${hostname} + ''; + destination = "/.well-known/mta-sts.txt"; + }; + }; + + ${hostname} = let alps = config.services.alps; + in { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; + }; }; }; |