From 3ce15a1beff22b3d35b250d3aff4ee3b515c225a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 16 Nov 2023 19:29:47 +0100 Subject: [PATCH] chore: update b12f.io --- hosts/frikandel/email.nix | 59 +++++++++++++++++++-------------- hosts/frikandel/website.nix | 4 +-- terraform/b12f.io.tf | 16 ++++----- terraform/h.net.tf | 65 +++++++++++++++++++++++++++++++++++++ 4 files changed, 110 insertions(+), 34 deletions(-) create mode 100644 terraform/h.net.tf diff --git a/hosts/frikandel/email.nix b/hosts/frikandel/email.nix index 228f65b..98538e6 100644 --- a/hosts/frikandel/email.nix +++ b/hosts/frikandel/email.nix @@ -5,6 +5,7 @@ lib, ... }: let + hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ]; dkimDNSb12fio = '' default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ; @@ -29,26 +30,27 @@ in { group = "maddy"; }; "mta-sts.b12f.io" = {}; + "mta-sts.${hzDomain}" = {}; }; - services.nginx.virtualHosts = { - "mta-sts.b12f.io" = { - forceSSL = true; - useACMEHost = "mta-sts.b12f.io"; - locations."/" = { - root = pkgs.runCommand "create-well-known-mta-sts" {} '' - mkdir -p "$out/.well-known" - echo " - version: STSv1 - mode: enforce - max_age: 604800 - mx: mail.b12f.io - " > "$out/.well-known/mta-sts.txt" - ''; - tryFiles = "$uri $uri/ =404"; + services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // { + "mta-sts.${hostName}" = { + forceSSL = true; + useACMEHost = "mta-sts.${hostName}"; + locations."/" = { + root = pkgs.runCommand "create-well-known-mta-sts" {} '' + mkdir -p "$out/.well-known" + echo " + version: STSv1 + mode: enforce + max_age: 604800 + mx: mail.${hostName} + " > "$out/.well-known/mta-sts.txt" + ''; + tryFiles = "$uri $uri/ =404"; + }; }; - }; - }; + }) {} [ "b12f.io" hzDomain ]; systemd.tmpfiles.rules = [ "d '/run/maddy' 0750 maddy maddy - -" @@ -115,16 +117,25 @@ in { } } - destination b12f.io { - modify { - replace_rcpt regexp ".*" "mail@b12f.io" - } - deliver_to &local_mailboxes + modify { + replace_rcpt &local_rewrites } - destination postmaster $(local_domains) { + # at this point rcpt was normalized to either: + # postmaster@$(primary_domain), + # local_mailbox_without_tag@$(local_domains), + # replacements with alias + + # destination_in block takes priority over destinations + destination_in &local_mailboxes { + deliver_to &local_mailboxes + } + + # if rcpt is not in local_mailboxes, but has our domains, + # replace rcpt to catchall and deliver it there + destination $(local_domains) { modify { - replace_rcpt &local_rewrites + replace_rcpt regexp ".*" "mail@$(primary_domain)" } deliver_to &local_mailboxes } diff --git a/hosts/frikandel/website.nix b/hosts/frikandel/website.nix index 701b129..8bce09e 100644 --- a/hosts/frikandel/website.nix +++ b/hosts/frikandel/website.nix @@ -7,8 +7,8 @@ name = "benjaminbaedorf.eu"; src = pkgs.fetchgit { url = "https://git.pub.solar/b12f/benjaminbaedorf.eu.git"; - rev = "1e6060483c79c0e1548b7d57d6da99c11abb47a6"; - hash = "sha256-TY/M9Fqtd9r0L7ZTvjnjXVzECJ91bBx/n33orvBIa+g="; + rev = "a6cc1d054fef083698331ad4cef6cc6e57ed218c"; + hash = "sha256-uW6TwmXu0Tpapz+sewfCPYkDJcwTpMYPXLUGcd//UH0="; sparseCheckout = [ "fonts" "cows.jpg" diff --git a/terraform/b12f.io.tf b/terraform/b12f.io.tf index dca4dd3..5f9588e 100644 --- a/terraform/b12f.io.tf +++ b/terraform/b12f.io.tf @@ -83,14 +83,14 @@ resource "hostingde_record" "b12f-autodiscover" { ttl = 300 } -# resource "hostingde_record" "b12f-mx" { -# zone_id = hostingde_zone.b12f.id -# name = "b12f.io" -# type = "MX" -# content = "mail.b12f.io" -# priority = 10 -# ttl = 300 -# } +resource "hostingde_record" "b12f-mx" { + zone_id = hostingde_zone.b12f.id + name = "b12f.io" + type = "MX" + content = "mail.b12f.io" + priority = 10 + ttl = 300 +} resource "hostingde_record" "b12f-mta-sts" { zone_id = hostingde_zone.b12f.id diff --git a/terraform/h.net.tf b/terraform/h.net.tf new file mode 100644 index 0000000..eae1e1a --- /dev/null +++ b/terraform/h.net.tf @@ -0,0 +1,65 @@ +locals { + domain = join("", ["hw", "dz", "z.", "net"]) +} + +resource "hostingde_zone" "hz" { + name = local.domain + type = "NATIVE" +} + +resource "hostingde_record" "hz-AAAA" { + zone_id = hostingde_zone.hz.id + name = local.domain + type = "AAAA" + content = "2a01:4f8:c2c:b60::" + ttl = 300 +} + +resource "hostingde_record" "hz-A" { + zone_id = hostingde_zone.hz.id + name = local.domain + type = "A" + content = "128.140.109.213" + ttl = 300 +} + +resource "hostingde_record" "hz-mail" { + zone_id = hostingde_zone.hz.id + name = "mail.${local.domain}" + type = "CNAME" + content = local.domain + ttl = 300 +} + +resource "hostingde_record" "hz-autoconfig" { + zone_id = hostingde_zone.hz.id + name = "autoconfig.${local.domain}" + type = "CNAME" + content = "mail.${local.domain}" + ttl = 300 +} + +resource "hostingde_record" "hz-autodiscover" { + zone_id = hostingde_zone.hz.id + name = "autodiscover.${local.domain}" + type = "CNAME" + content = "mail.${local.domain}" + ttl = 300 +} + +resource "hostingde_record" "hz-mx" { + zone_id = hostingde_zone.hz.id + name = local.domain + type = "MX" + content = "mail.${local.domain}" + priority = 10 + ttl = 300 +} + +resource "hostingde_record" "hz-mta-sts" { + zone_id = hostingde_zone.hz.id + name = "mta-sts.${local.domain}" + type = "CNAME" + content = "frikandel.${local.domain}" + ttl = 300 +}