Allow DNS for non skynet.ie domains #122
1 changed files with 98 additions and 92 deletions
|
@ -267,7 +267,8 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# set up dns record for it
|
# set up dns record for it
|
||||||
services.skynet.dns.records = [
|
services.skynet.dns.records =
|
||||||
|
[
|
||||||
# core record
|
# core record
|
||||||
{
|
{
|
||||||
record = "@";
|
record = "@";
|
||||||
|
@ -300,37 +301,6 @@ in {
|
||||||
}
|
}
|
||||||
|
|
||||||
# TXT records, all tehse are inside escaped strings to allow using ""
|
# TXT records, all tehse are inside escaped strings to allow using ""
|
||||||
# SPF record
|
|
||||||
{
|
|
||||||
record = "${cfg.domain}.";
|
|
||||||
r_type = "TXT";
|
|
||||||
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
|
|
||||||
}
|
|
||||||
|
|
||||||
# DKIM keys
|
|
||||||
{
|
|
||||||
record = "mail._domainkey.skynet.ie.";
|
|
||||||
r_type = "TXT";
|
|
||||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
record = "mail._domainkey.ulcompsoc.ie.";
|
|
||||||
r_type = "TXT";
|
|
||||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
|
|
||||||
}
|
|
||||||
|
|
||||||
# DMARC
|
|
||||||
{
|
|
||||||
record = "_dmarc.${cfg.domain}.";
|
|
||||||
r_type = "TXT";
|
|
||||||
# p : quarantine => sends to spam, reject => never sent
|
|
||||||
# rua : mail that receives reports about DMARC activity
|
|
||||||
# pct : percentage of unathenticated messages that DMARC stops
|
|
||||||
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
|
||||||
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
|
||||||
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
|
|
||||||
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
|
|
||||||
}
|
|
||||||
|
|
||||||
# reverse pointer
|
# reverse pointer
|
||||||
{
|
{
|
||||||
|
@ -363,6 +333,42 @@ in {
|
||||||
r_type = "SRV";
|
r_type = "SRV";
|
||||||
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
|
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
# SPF record
|
||||||
|
++ [
|
||||||
|
{
|
||||||
|
record = "${cfg.domain}.";
|
||||||
|
r_type = "TXT";
|
||||||
|
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
|
||||||
|
}
|
||||||
|
]
|
||||||
|
# DKIM keys
|
||||||
|
++ [
|
||||||
|
{
|
||||||
|
record = "mail._domainkey.skynet.ie.";
|
||||||
|
r_type = "TXT";
|
||||||
|
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = "ulcompsoc.ie";
|
||||||
|
record = "mail._domainkey.ulcompsoc.ie.";
|
||||||
|
r_type = "TXT";
|
||||||
|
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
|
||||||
|
}
|
||||||
|
]
|
||||||
|
# DMARC
|
||||||
|
++ [
|
||||||
|
{
|
||||||
|
record = "_dmarc.${cfg.domain}.";
|
||||||
|
r_type = "TXT";
|
||||||
|
# p : quarantine => sends to spam, reject => never sent
|
||||||
|
# rua : mail that receives reports about DMARC activity
|
||||||
|
# pct : percentage of unathenticated messages that DMARC stops
|
||||||
|
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||||
|
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||||
|
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
|
||||||
|
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
|
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
|
||||||
|
|
Loading…
Reference in a new issue