From dc7cd068d7934177c342fd0e115958d0f0dd1e52 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Sun, 25 Jun 2023 16:49:54 +0900 Subject: Complete MTA-STS setup --- mail.nix | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/mail.nix b/mail.nix index 2909d36..91cadd9 100644 --- a/mail.nix +++ b/mail.nix @@ -16,7 +16,7 @@ # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . -{ config, options, ... }: +{ config, options, pkgs, ... }: let certDir = config.security.acme.certs.${hostname}.directory; domain = config.networking.domain; @@ -72,11 +72,28 @@ in { }; }; - nginx.virtualHosts.${hostname} = let alps = config.services.alps; - in { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; + nginx.virtualHosts = { + "mta-sts.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/".root = pkgs.writeTextFile { + name = "mta-sts.txt"; + text = '' + version: STSv1 + mode: enforce + max_age: 604800 + mx: ${hostname} + ''; + destination = "/.well-known/mta-sts.txt"; + }; + }; + + ${hostname} = let alps = config.services.alps; + in { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${alps.bindIP}:${toString alps.port}"; + }; }; }; -- cgit 1.4.1