Allow DNS for non skynet.ie domains #122

Merged
silver merged 12 commits from #55-non-skynet-dns into main 2024-07-17 19:08:53 +00:00
Showing only changes of commit c5c44acc8b - Show all commits

View file

@ -267,103 +267,109 @@ in {
}; };
# set up dns record for it # set up dns record for it
services.skynet.dns.records = [ services.skynet.dns.records =
# core record [
{ # core record
record = "@"; {
r_type = "MX"; record = "@";
# the number is the priority in teh case of multiple mailservers r_type = "MX";
value = "10 mail.${cfg.domain}."; # the number is the priority in teh case of multiple mailservers
} value = "10 mail.${cfg.domain}.";
}
# basic one # basic one
{ {
record = "mail"; record = "mail";
r_type = "A"; r_type = "A";
value = config.services.skynet.host.ip; value = config.services.skynet.host.ip;
} }
#DNS config for K-9 Mail #DNS config for K-9 Mail
{ {
record = "imap"; record = "imap";
r_type = "CNAME"; r_type = "CNAME";
value = "mail"; value = "mail";
} }
{ {
record = "pop3"; record = "pop3";
r_type = "CNAME"; r_type = "CNAME";
value = "mail"; value = "mail";
} }
{ {
record = "smtp"; record = "smtp";
r_type = "CNAME"; r_type = "CNAME";
value = "mail"; value = "mail";
} }
# TXT records, all tehse are inside escaped strings to allow using "" # TXT records, all tehse are inside escaped strings to allow using ""
# reverse pointer
{
record = config.services.skynet.host.ip;
r_type = "PTR";
value = "${cfg.sub}.${cfg.domain}.";
}
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
# response should be:
# _imap._tcp SRV 0 1 143 imap.example.com.
{
record = "_imaps._tcp";
r_type = "SRV";
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_imap._tcp";
r_type = "SRV";
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submissions._tcp";
r_type = "SRV";
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submission._tcp";
r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
}
]
# SPF record # SPF record
{ ++ [
record = "${cfg.domain}."; {
r_type = "TXT"; record = "${cfg.domain}.";
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"''; r_type = "TXT";
} value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
}
]
# DKIM keys # DKIM keys
{ ++ [
record = "mail._domainkey.skynet.ie."; {
r_type = "TXT"; record = "mail._domainkey.skynet.ie.";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"''; r_type = "TXT";
} value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
{ }
record = "mail._domainkey.ulcompsoc.ie."; {
r_type = "TXT"; domain = "ulcompsoc.ie";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''; record = "mail._domainkey.ulcompsoc.ie.";
} r_type = "TXT";
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
}
]
# DMARC # DMARC
{ ++ [
record = "_dmarc.${cfg.domain}."; {
r_type = "TXT"; record = "_dmarc.${cfg.domain}.";
# p : quarantine => sends to spam, reject => never sent r_type = "TXT";
# rua : mail that receives reports about DMARC activity # p : quarantine => sends to spam, reject => never sent
# pct : percentage of unathenticated messages that DMARC stops # rua : mail that receives reports about DMARC activity
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # pct : percentage of unathenticated messages that DMARC stops
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed # adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent # aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"''; # sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
} value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
}
# reverse pointer ];
{
record = config.services.skynet.host.ip;
r_type = "PTR";
value = "${cfg.sub}.${cfg.domain}.";
}
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
# response should be:
# _imap._tcp SRV 0 1 143 imap.example.com.
{
record = "_imaps._tcp";
r_type = "SRV";
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_imap._tcp";
r_type = "SRV";
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submissions._tcp";
r_type = "SRV";
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
}
{
record = "_submission._tcp";
r_type = "SRV";
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
}
];
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html #https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
users.groups.nginx = {}; users.groups.nginx = {};