diff --git a/shared/dns/knot.nix b/shared/dns/knot.nix index 7ad5650..e2220d0 100644 --- a/shared/dns/knot.nix +++ b/shared/dns/knot.nix @@ -94,7 +94,12 @@ let toNSRecord = host: "\tIN NS ${hostToDomain host}.net."; nsRecords = map toNSRecord mapping.dns.secondary; + # Gen MX + toMXRecord = host: "\tIN MX 10 ${hostToDomain host}.net."; + mxRecords = map toMXRecord mapping.mail.hosts; + dnsSecondaryConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.dns.secondary) nodes; + mailConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.mail.hosts) nodes; # Gen A NS nsARecords = lib.flatten (lib.mapAttrsToList (hostname: node: @@ -106,6 +111,16 @@ let lib.optional (supportsIPv6 node) "${hostToDomain hostname}.net. IN AAAA ${rmCidr node.ip6}" ) dnsSecondaryConfigs); + # Gen A MX + mxARecords = lib.flatten (lib.mapAttrsToList (hostname: node: + lib.optional (supportsIPv4 node) "${hostToDomain hostname}.net. IN A ${rmCidr node.ip4}" + ) mailConfigs); + + # Gen AAAA MX + mxAAAARecords = lib.flatten (lib.mapAttrsToList (hostname: node: + lib.optional (supportsIPv6 node) "${hostToDomain hostname}.net. IN AAAA ${rmCidr node.ip6}" + ) mailConfigs); + # Gen A records for lf zone lfARecords = lib.flatten (lib.mapAttrsToList (hostname: node: "${hostToLfDomain hostname} IN A 172.19.${toString node.zone}.${toString node.id}" @@ -134,9 +149,12 @@ let IN TXT "v=spf1 a:lasuite.federez.net ~all" ${builtins.concatStringsSep "\n" nsRecords} + ${builtins.concatStringsSep "\n" mxRecords} ${builtins.concatStringsSep "\n" nsARecords} ${builtins.concatStringsSep "\n" nsAAAARecords} + ${builtins.concatStringsSep "\n" mxARecords} + ${builtins.concatStringsSep "\n" mxAAAARecords} _dmarc IN TXT "v=DMARC1; p=quarantine; ruf=mailto:monitoring@federez.net" _mta-sts IN TXT "v=STSv1; id=1" diff --git a/shared/mail.nix b/shared/mail.nix index d9b4d0e..39aa6d8 100644 --- a/shared/mail.nix +++ b/shared/mail.nix @@ -9,4 +9,6 @@ in imports = [ ./mail/maddy.nix ]; + + _module.args.ensureAccountsWithoutIMAP = ensureAccountsWithoutIMAP; } \ No newline at end of file diff --git a/shared/mail/maddy.nix b/shared/mail/maddy.nix index 35e38e5..fbe336b 100644 --- a/shared/mail/maddy.nix +++ b/shared/mail/maddy.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ensureAccountsWithoutIMAP, ... }: let # Import nodes @@ -52,7 +52,6 @@ in hostname = "lasuite.federez.net"; user = "maddy"; group = "maddy"; - openFirewall = true; primaryDomain = "lasuite.federez.net"; tls = { loader = "file"; @@ -216,7 +215,7 @@ in dnsPropagationCheck = true; enableDebugLogs = true; environmentFile = "${pkgs.writeText "dns-creds" '' - RFC2136_NAMESERVER=172.19.${nodes.${mapping.dns.master}.zone}.${nodes.${mapping.dns.master}.id} + RFC2136_NAMESERVER=172.19.${toString nodes.${mapping.dns.master}.zone}.${toString nodes.${mapping.dns.master}.id} RFC2136_TSIG_KEY=letsencrypt RFC2136_TSIG_ALGORITHM=hmac-sha512. RFC2136_TSIG_SECRET_FILE="${config.age.secrets.challenge.path}"