DNS: distinguish between mail_server and mail_domain

2023-11-13 17:17:07 +01:00 · 2023-11-13 17:17:07 +01:00 · c7625fad81
commit c7625fad81
parent 5305dfab12
2 changed files with 16 additions and 9 deletions
--- a/deploy-chatmail/src/deploy_chatmail/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/init.py
@ -295,7 +295,7 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
    dovecot_need_restart = _configure_dovecot(mail_server, debug=debug)
    postfix_need_restart = _configure_postfix(mail_domain, debug=debug)
    opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
-    nginx_need_restart = _configure_nginx(mail_domain)
+    nginx_need_restart = _configure_nginx(mail_domain, mail_server)

    # deploy web pages and info if we have them
    pkg_root = importlib.resources.files(__package__)
--- a/scripts/generate-dns-zone.sh
+++ b/scripts/generate-dns-zone.sh
@ -1,5 +1,6 @@
 #!/bin/sh
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
+: ${CHATMAIL_SERVER:=$CHATMAIL_DOMAIN}
 : ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}

 set -e
@ -8,16 +9,22 @@ EMAIL="root@$CHATMAIL_DOMAIN"
 ACME_ACCOUNT_URL="$($SSH -- acmetool account-url)"

 cat <<EOF
-$CHATMAIL_DOMAIN. MX 10 $CHATMAIL_DOMAIN.
-$CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_DOMAIN -all"
+$CHATMAIL_DOMAIN. MX 10 $CHATMAIL_SERVER.
+$CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_SERVER -all"
 _dmarc.$CHATMAIL_DOMAIN. TXT "v=DMARC1;p=reject;rua=mailto:$EMAIL;ruf=mailto:$EMAIL;fo=1;adkim=r;aspf=r"
-_submission._tcp.$CHATMAIL_DOMAIN.  SRV 0 1 587 $CHATMAIL_DOMAIN.
-_submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
-_imap._tcp.$CHATMAIL_DOMAIN.        SRV 0 1 143 $CHATMAIL_DOMAIN.
-_imaps._tcp.$CHATMAIL_DOMAIN.       SRV 0 1 993 $CHATMAIL_DOMAIN.
+_submission._tcp.$CHATMAIL_SERVER.  SRV 0 1 587 $CHATMAIL_SERVER.
+_submissions._tcp.$CHATMAIL_SERVER. SRV 0 1 465 $CHATMAIL_SERVER.
+_imap._tcp.$CHATMAIL_SERVER.        SRV 0 1 143 $CHATMAIL_SERVER.
+_imaps._tcp.$CHATMAIL_SERVER.       SRV 0 1 993 $CHATMAIL_SERVER.
 $CHATMAIL_DOMAIN. IN CAA 128 issue "letsencrypt.org; accounturi=$ACME_ACCOUNT_URL"
 _mta-sts.$CHATMAIL_DOMAIN. IN TXT "v=STSv1; id=$(date -u '+%Y%m%d%H%M')"
-_mta-sts.$CHATMAIL_DOMAIN. IN CNAME $CHATMAIL_DOMAIN.
-_smtp._tls.$CHATMAIL_DOMAIN. IN TXT "v=TLSRPTv1; rua=mailto:$EMAIL"
+_mta-sts.$CHATMAIL_SERVER. IN CNAME $CHATMAIL_SERVER.
+_smtp._tls.$CHATMAIL_SERVER. IN TXT "v=TLSRPTv1; rua=mailto:$EMAIL"
 EOF
+if [ "$CHATMAIL_DOMAIN" != "$CHATMAIL_SERVER" ]; then
+cat <<EOF
+_mta-sts.$CHATMAIL_DOMAIN. IN CNAME _mta-sts.$CHATMAIL_SERVER.
+_smtp._tls.$CHATMAIL_DOMAIN. IN CNAME _smtp._tls.$CHATMAIL_SERVER.
+EOF
+fi
 $SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'