Allow DNS for non skynet.ie domains #122
1 changed files with 98 additions and 92 deletions
|
@ -267,103 +267,109 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# set up dns record for it
|
# set up dns record for it
|
||||||
services.skynet.dns.records = [
|
services.skynet.dns.records =
|
||||||
# core record
|
[
|
||||||
{
|
# core record
|
||||||
record = "@";
|
{
|
||||||
r_type = "MX";
|
record = "@";
|
||||||
# the number is the priority in teh case of multiple mailservers
|
r_type = "MX";
|
||||||
value = "10 mail.${cfg.domain}.";
|
# the number is the priority in teh case of multiple mailservers
|
||||||
}
|
value = "10 mail.${cfg.domain}.";
|
||||||
|
}
|
||||||
|
|
||||||
# basic one
|
# basic one
|
||||||
{
|
{
|
||||||
record = "mail";
|
record = "mail";
|
||||||
r_type = "A";
|
r_type = "A";
|
||||||
value = config.services.skynet.host.ip;
|
value = config.services.skynet.host.ip;
|
||||||
}
|
}
|
||||||
#DNS config for K-9 Mail
|
#DNS config for K-9 Mail
|
||||||
{
|
{
|
||||||
record = "imap";
|
record = "imap";
|
||||||
r_type = "CNAME";
|
r_type = "CNAME";
|
||||||
value = "mail";
|
value = "mail";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
record = "pop3";
|
record = "pop3";
|
||||||
r_type = "CNAME";
|
r_type = "CNAME";
|
||||||
value = "mail";
|
value = "mail";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
record = "smtp";
|
record = "smtp";
|
||||||
r_type = "CNAME";
|
r_type = "CNAME";
|
||||||
value = "mail";
|
value = "mail";
|
||||||
}
|
}
|
||||||
|
|
||||||
# TXT records, all tehse are inside escaped strings to allow using ""
|
# TXT records, all tehse are inside escaped strings to allow using ""
|
||||||
|
|
||||||
|
# reverse pointer
|
||||||
|
{
|
||||||
|
record = config.services.skynet.host.ip;
|
||||||
|
r_type = "PTR";
|
||||||
|
value = "${cfg.sub}.${cfg.domain}.";
|
||||||
|
}
|
||||||
|
|
||||||
|
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
|
||||||
|
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
|
||||||
|
# response should be:
|
||||||
|
# _imap._tcp SRV 0 1 143 imap.example.com.
|
||||||
|
{
|
||||||
|
record = "_imaps._tcp";
|
||||||
|
r_type = "SRV";
|
||||||
|
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
record = "_imap._tcp";
|
||||||
|
r_type = "SRV";
|
||||||
|
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
record = "_submissions._tcp";
|
||||||
|
r_type = "SRV";
|
||||||
|
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
record = "_submission._tcp";
|
||||||
|
r_type = "SRV";
|
||||||
|
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
|
||||||
|
}
|
||||||
|
]
|
||||||
# SPF record
|
# SPF record
|
||||||
{
|
++ [
|
||||||
record = "${cfg.domain}.";
|
{
|
||||||
r_type = "TXT";
|
record = "${cfg.domain}.";
|
||||||
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
|
r_type = "TXT";
|
||||||
}
|
value = ''"v=spf1 a:${cfg.sub}.${cfg.domain} ip4:${config.services.skynet.host.ip} -all"'';
|
||||||
|
}
|
||||||
|
]
|
||||||
# DKIM keys
|
# DKIM keys
|
||||||
{
|
++ [
|
||||||
record = "mail._domainkey.skynet.ie.";
|
{
|
||||||
r_type = "TXT";
|
record = "mail._domainkey.skynet.ie.";
|
||||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
|
r_type = "TXT";
|
||||||
}
|
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxju1Ie60BdHwyFVPNQKovL/cX9IFPzBKgjnHZf+WBzDCFKSBpf7NvnfXajtFDQN0poaN/Qfifid+V55ZCNDBn8Y3qZa4Y69iNiLw2DdvYf0HdnxX6+pLpbmj7tikGGLJ62xnhkJhoELnz5gCOhpyoiv0tSQVaJpaGZmoll861/QIDAQAB"'';
|
||||||
{
|
}
|
||||||
record = "mail._domainkey.ulcompsoc.ie.";
|
{
|
||||||
r_type = "TXT";
|
domain = "ulcompsoc.ie";
|
||||||
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
|
record = "mail._domainkey.ulcompsoc.ie.";
|
||||||
}
|
r_type = "TXT";
|
||||||
|
value = ''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';
|
||||||
|
}
|
||||||
|
]
|
||||||
# DMARC
|
# DMARC
|
||||||
{
|
++ [
|
||||||
record = "_dmarc.${cfg.domain}.";
|
{
|
||||||
r_type = "TXT";
|
record = "_dmarc.${cfg.domain}.";
|
||||||
# p : quarantine => sends to spam, reject => never sent
|
r_type = "TXT";
|
||||||
# rua : mail that receives reports about DMARC activity
|
# p : quarantine => sends to spam, reject => never sent
|
||||||
# pct : percentage of unathenticated messages that DMARC stops
|
# rua : mail that receives reports about DMARC activity
|
||||||
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
# pct : percentage of unathenticated messages that DMARC stops
|
||||||
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
# adkim : alignment policy for DKIM, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||||
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
|
# aspf : alignment policy for SPF, s => Strict, subdomains arent allowed, r => relaxed, subdomains allowed
|
||||||
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
|
# sp : DMARC policy for subdomains, none => no action, reports to rua, quarantine => spam, reject => never sent
|
||||||
}
|
value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=s; aspf=s; sp=quarantine"'';
|
||||||
|
}
|
||||||
# reverse pointer
|
];
|
||||||
{
|
|
||||||
record = config.services.skynet.host.ip;
|
|
||||||
r_type = "PTR";
|
|
||||||
value = "${cfg.sub}.${cfg.domain}.";
|
|
||||||
}
|
|
||||||
|
|
||||||
# SRV records to help gmail on android etc find the correct mail.skynet.ie domain for config rather than just defaulting to skynet.ie
|
|
||||||
# https://serverfault.com/questions/935192/how-to-setup-auto-configure-email-for-android-mail-app-on-your-server/1018406#1018406
|
|
||||||
# response should be:
|
|
||||||
# _imap._tcp SRV 0 1 143 imap.example.com.
|
|
||||||
{
|
|
||||||
record = "_imaps._tcp";
|
|
||||||
r_type = "SRV";
|
|
||||||
value = "0 1 993 ${cfg.sub}.${cfg.domain}.";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
record = "_imap._tcp";
|
|
||||||
r_type = "SRV";
|
|
||||||
value = "0 1 143 ${cfg.sub}.${cfg.domain}.";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
record = "_submissions._tcp";
|
|
||||||
r_type = "SRV";
|
|
||||||
value = "0 1 465 ${cfg.sub}.${cfg.domain}.";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
record = "_submission._tcp";
|
|
||||||
r_type = "SRV";
|
|
||||||
value = "0 1 587 ${cfg.sub}.${cfg.domain}.";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
|
#https://nixos-mailserver.readthedocs.io/en/latest/add-roundcube.html
|
||||||
users.groups.nginx = {};
|
users.groups.nginx = {};
|
||||||
|
|
Loading…
Reference in a new issue