From d319188a11223b5c9d2b5a78edba60abe005b010 Mon Sep 17 00:00:00 2001
From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev>
Date: Tue, 31 Aug 2021 21:25:59 -0400
Subject: [PATCH] disable mta-sts

---
 machines/liza/configuration.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/machines/liza/configuration.nix b/machines/liza/configuration.nix
index eb4d7d1..68ef93c 100644
--- a/machines/liza/configuration.nix
+++ b/machines/liza/configuration.nix
@@ -1,6 +1,17 @@
 { config, pkgs, lib, ... }:
 
-{
+let
+  mta-sts-web = {
+    enableACME = true;
+    forceSSL = true;
+    locations."=/.well-known/mta-sts.txt".alias = pkgs.writeText "mta-sts.txt" ''
+      version: STSv1
+      mode: none
+      mx: mail.neet.dev
+      max_age: 86400
+    '';
+  };
+in {
   imports =[
     ./hardware-configuration.nix
   ];
@@ -178,6 +189,12 @@
     certificateScheme = 3; # use let's encrypt for certs
   };
   age.secrets.email-pw.file = ../../secrets/email-pw.age;
+  services.nginx.virtualHosts."runyan.org" = mta-sts-web;
+  services.nginx.virtualHosts."runyan.rocks" = mta-sts-web;
+  services.nginx.virtualHosts."thunderhex.com" = mta-sts-web;
+  services.nginx.virtualHosts."tar.ninja" = mta-sts-web;
+  services.nginx.virtualHosts."bsd.ninja" = mta-sts-web;
+  services.nginx.virtualHosts."bsd.rocks" = mta-sts-web;
 
   services.nextcloud = {
     enable = true;