and dns MX record + fixes

2025-07-31 18:21:09 +02:00 · 2025-07-31 18:21:09 +02:00 · 152e28053f
commit 152e28053f
parent fb29ad7d9a
3 changed files with 22 additions and 3 deletions
--- a/shared/dns/knot.nix
+++ b/shared/dns/knot.nix
@ -94,7 +94,12 @@ let
    toNSRecord = host: "\tIN NS ${hostToDomain host}.net.";
    nsRecords = map toNSRecord mapping.dns.secondary;

+    # Gen MX
+    toMXRecord = host: "\tIN MX 10 ${hostToDomain host}.net.";
+    mxRecords = map toMXRecord mapping.mail.hosts;
+
    dnsSecondaryConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.dns.secondary) nodes;
+    mailConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.mail.hosts) nodes;

    # Gen A NS
    nsARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
@ -106,6 +111,16 @@ let
        lib.optional (supportsIPv6 node) "${hostToDomain hostname}.net. IN AAAA ${rmCidr node.ip6}"
    ) dnsSecondaryConfigs);

+    # Gen A MX
+    mxARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
+        lib.optional (supportsIPv4 node) "${hostToDomain hostname}.net. IN A ${rmCidr node.ip4}"
+    ) mailConfigs);
+    
+    # Gen AAAA MX
+    mxAAAARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
+        lib.optional (supportsIPv6 node) "${hostToDomain hostname}.net. IN AAAA ${rmCidr node.ip6}"
+    ) mailConfigs);
+
    # Gen A records for lf zone
    lfARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
        "${hostToLfDomain hostname} IN A 172.19.${toString node.zone}.${toString node.id}"
@ -134,9 +149,12 @@ let
            IN  TXT "v=spf1 a:lasuite.federez.net ~all"

        ${builtins.concatStringsSep "\n" nsRecords}
+        ${builtins.concatStringsSep "\n" mxRecords}

        ${builtins.concatStringsSep "\n" nsARecords}
        ${builtins.concatStringsSep "\n" nsAAAARecords}
+        ${builtins.concatStringsSep "\n" mxARecords}
+        ${builtins.concatStringsSep "\n" mxAAAARecords}

        _dmarc              IN  TXT "v=DMARC1; p=quarantine; ruf=mailto:monitoring@federez.net"
        _mta-sts            IN  TXT "v=STSv1; id=1"
--- a/shared/mail.nix
+++ b/shared/mail.nix
@ -9,4 +9,6 @@ in
    imports = [
        ./mail/maddy.nix
    ];
+
+    _module.args.ensureAccountsWithoutIMAP = ensureAccountsWithoutIMAP;
 }
--- a/shared/mail/maddy.nix
+++ b/shared/mail/maddy.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ensureAccountsWithoutIMAP, ... }:

 let
    # Import nodes
@ -52,7 +52,6 @@ in
        hostname = "lasuite.federez.net";
        user = "maddy";
        group = "maddy";
-        openFirewall = true;
        primaryDomain = "lasuite.federez.net";
        tls = {
            loader = "file";
@ -216,7 +215,7 @@ in
                dnsPropagationCheck = true;
                enableDebugLogs = true;
                environmentFile = "${pkgs.writeText "dns-creds" ''
-                    RFC2136_NAMESERVER=172.19.${nodes.${mapping.dns.master}.zone}.${nodes.${mapping.dns.master}.id}
+                    RFC2136_NAMESERVER=172.19.${toString nodes.${mapping.dns.master}.zone}.${toString nodes.${mapping.dns.master}.id}
                    RFC2136_TSIG_KEY=letsencrypt
                    RFC2136_TSIG_ALGORITHM=hmac-sha512.
                    RFC2136_TSIG_SECRET_FILE="${config.age.secrets.challenge.path}"