Allow DNS for non skynet.ie domains #122

Merged
silver merged 12 commits from #55-non-skynet-dns into main 2024-07-17 19:08:53 +00:00
Showing only changes of commit c5c44acc8b - Show all commits

View file

@ -267,7 +267,8 @@ in {
}; };
# set up dns record for it # set up dns record for it
services.skynet.dns.records = [ services.skynet.dns.records =
[
# core record # core record
{ {
record = "@"; record = "@";
@ -300,37 +301,6 @@ in {
} }
# TXT records, all tehse are inside escaped strings to allow using "" # TXT records, all tehse are inside escaped strings to allow using ""
# SPF record
{
record = "${cfg.domain}.";
r_type = "TXT";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
}
# DKIM keys
{
record = "mail._domainkey.skynet.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
}
{
record = "mail._domainkey.ulcompsoc.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
# DMARC
{
record = "_dmarc.${cfg.domain}.";
r_type = "TXT";
# p : quarantine => sends to spam, reject => never sent
# rua : mail that receives reports about DMARC activity
# pct : percentage of unathenticated messages that DMARC stops
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
}
# reverse pointer # reverse pointer
{ {
@ -363,6 +333,42 @@ in {
r_type = "SRV"; r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}."; value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
} }
]
# SPF record
++ [
{
record = "${cfg.domain}.";
r_type = "TXT";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
}
]
# DKIM keys
++ [
{
record = "mail._domainkey.skynet.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
}
{
domain = "ulcompsoc.ie";
record = "mail._domainkey.ulcompsoc.ie.";
r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
]
# DMARC
++ [
{
record = "_dmarc.${cfg.domain}.";
r_type = "TXT";
# p : quarantine => sends to spam, reject => never sent
# rua : mail that receives reports about DMARC activity
# pct : percentage of unathenticated messages that DMARC stops
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
}
]; ];
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html