chore: update b12f.io

2023-11-16 19:29:47 +01:00 · 2023-11-16 19:29:47 +01:00 · 3ce15a1bef
parent 945bc6498c
commit 3ce15a1bef
4 changed files with 110 additions and 34 deletions
--- a/hosts/frikandel/email.nix
+++ b/hosts/frikandel/email.nix
@ -5,6 +5,7 @@
  lib,
  ...
 }: let
+  hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ];
  dkimDNSb12fio = ''
  default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
    "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ;
@ -29,12 +30,13 @@ in {
      group = "maddy";
    };
    "mta-sts.b12f.io" = {};
+    "mta-sts.${hzDomain}" = {};
  };

-  services.nginx.virtualHosts = {
-    "mta-sts.b12f.io" = {
+  services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // {
+      "mta-sts.${hostName}" = {
        forceSSL = true;
-      useACMEHost = "mta-sts.b12f.io";
+        useACMEHost = "mta-sts.${hostName}";
        locations."/" = {
          root = pkgs.runCommand "create-well-known-mta-sts" {} ''
            mkdir -p "$out/.well-known"
@ -42,13 +44,13 @@ in {
              version: STSv1
              mode: enforce
              max_age: 604800
-            mx: mail.b12f.io
+              mx: mail.${hostName}
            " > "$out/.well-known/mta-sts.txt"
          '';
          tryFiles = "$uri $uri/ =404";
        };
      };
-  };
+    }) {} [ "b12f.io" hzDomain ];

  systemd.tmpfiles.rules = [
    "d '/run/maddy' 0750 maddy maddy - -"
@ -115,16 +117,25 @@ in {
          }
        }

-        destination b12f.io {
        modify {
-                replace_rcpt regexp ".*" "mail@b12f.io"
+          replace_rcpt &local_rewrites
        }
+
+        # at this point rcpt was normalized to either:
+        #       postmaster@$(primary_domain),
+        #       local_mailbox_without_tag@$(local_domains),
+        #       replacements with alias
+
+        # destination_in block takes priority over destinations
+        destination_in &local_mailboxes {
          deliver_to &local_mailboxes
        }

-        destination postmaster $(local_domains) {
+        # if rcpt is not in local_mailboxes, but has our domains,
+        # replace rcpt to catchall and deliver it there
+        destination $(local_domains) {
          modify {
-            replace_rcpt &local_rewrites
+            replace_rcpt regexp ".*" "mail@$(primary_domain)"
          }
          deliver_to &local_mailboxes
        }
--- a/hosts/frikandel/website.nix
+++ b/hosts/frikandel/website.nix
@ -7,8 +7,8 @@
    name = "benjaminbaedorf.eu";
    src = pkgs.fetchgit {
      url = "https://git.pub.solar/b12f/benjaminbaedorf.eu.git";
-      rev = "1e6060483c79c0e1548b7d57d6da99c11abb47a6";
-      hash = "sha256-TY/M9Fqtd9r0L7ZTvjnjXVzECJ91bBx/n33orvBIa+g=";
+      rev = "a6cc1d054fef083698331ad4cef6cc6e57ed218c";
+      hash = "sha256-uW6TwmXu0Tpapz+sewfCPYkDJcwTpMYPXLUGcd//UH0=";
      sparseCheckout = [
        "fonts"
        "cows.jpg"
--- a/terraform/b12f.io.tf
+++ b/terraform/b12f.io.tf
@ -83,14 +83,14 @@ resource "hostingde_record" "b12f-autodiscover" {
  ttl = 300
 }

-# resource "hostingde_record" "b12f-mx" {
-#   zone_id = hostingde_zone.b12f.id
-#   name = "b12f.io"
-#   type = "MX"
-#   content = "mail.b12f.io"
-#   priority = 10
-#   ttl = 300
-# }
+resource "hostingde_record" "b12f-mx" {
+  zone_id = hostingde_zone.b12f.id
+  name = "b12f.io"
+  type = "MX"
+  content = "mail.b12f.io"
+  priority = 10
+  ttl = 300
+}

 resource "hostingde_record" "b12f-mta-sts" {
  zone_id = hostingde_zone.b12f.id
--- a/terraform/h.net.tf
+++ b/terraform/h.net.tf
@ -0,0 +1,65 @@
+locals {
+  domain = join("", ["hw", "dz", "z.", "net"])
+}
+
+resource "hostingde_zone" "hz" {
+  name = local.domain
+  type = "NATIVE"
+}
+
+resource "hostingde_record" "hz-AAAA" {
+  zone_id = hostingde_zone.hz.id
+  name = local.domain
+  type = "AAAA"
+  content = "2a01:4f8:c2c:b60::"
+  ttl = 300
+}
+
+resource "hostingde_record" "hz-A" {
+  zone_id = hostingde_zone.hz.id
+  name = local.domain
+  type = "A"
+  content = "128.140.109.213"
+  ttl = 300
+}
+
+resource "hostingde_record" "hz-mail" {
+  zone_id = hostingde_zone.hz.id
+  name = "mail.${local.domain}"
+  type = "CNAME"
+  content = local.domain
+  ttl = 300
+}
+
+resource "hostingde_record" "hz-autoconfig" {
+  zone_id = hostingde_zone.hz.id
+  name = "autoconfig.${local.domain}"
+  type = "CNAME"
+  content = "mail.${local.domain}"
+  ttl = 300
+}
+
+resource "hostingde_record" "hz-autodiscover" {
+  zone_id = hostingde_zone.hz.id
+  name = "autodiscover.${local.domain}"
+  type = "CNAME"
+  content = "mail.${local.domain}"
+  ttl = 300
+}
+
+resource "hostingde_record" "hz-mx" {
+  zone_id = hostingde_zone.hz.id
+  name = local.domain
+  type = "MX"
+  content = "mail.${local.domain}"
+  priority = 10
+  ttl = 300
+}
+
+resource "hostingde_record" "hz-mta-sts" {
+  zone_id = hostingde_zone.hz.id
+  name = "mta-sts.${local.domain}"
+  type = "CNAME"
+  content = "frikandel.${local.domain}"
+  ttl = 300
+}