From 1e90277f195a7de44d808759dddc90b76204d253 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Fri, 12 Jan 2024 15:22:36 +0300
Subject: [PATCH] Use dmarc messaging

---
 hosts/cube/acme.nix |  8 +++++---
 hosts/cube/mail.nix | 21 ++++++++++++++++-----
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/hosts/cube/acme.nix b/hosts/cube/acme.nix
index 18e11bf..2eb5208 100644
--- a/hosts/cube/acme.nix
+++ b/hosts/cube/acme.nix
@@ -1,6 +1,8 @@
 { config, ulib, ... }: with ulib;
 
-serverSystemConfiguration {
+let
+  inherit (config.networking) domain;
+in serverSystemConfiguration {
   security.acme = {
     acceptTerms = true;
 
@@ -11,8 +13,8 @@ serverSystemConfiguration {
       email           = "security@rgbcu.be";
     };
 
-    certs.${config.networking.domain} = {
-      extraDomainNames = [ "*.${config.networking.domain}" ];
+    certs.${domain} = {
+      extraDomainNames = [ "*.${domain}" ];
       group            = "nginx";
     };
   };
diff --git a/hosts/cube/mail.nix b/hosts/cube/mail.nix
index cd89eaa..027006d 100644
--- a/hosts/cube/mail.nix
+++ b/hosts/cube/mail.nix
@@ -1,17 +1,28 @@
 { config, ulib, ... }: with ulib;
 
-serverSystemConfiguration {
+let
+  inherit (config.networking) domain;
+
+  fqdn   = "mail.${domain}"; 
+in serverSystemConfiguration {
   mailserver = enabled {
-    domains = [ config.networking.domain ];
-    fqdn    = "mail.${config.networking.domain}";
+    inherit fqdn;
+
+    domains = [ domain ];
 
     certificateScheme = "acme";
 
     hierarchySeparator = "/";
     useFsLayout        = true;
 
-    loginAccounts."contact@${config.networking.domain}" = {
-      aliases = [ "@${config.networking.domain}" ];
+    dmarcReporting = enabled {
+      inherit domain;
+
+      organizationName = "Doofemshmirtz Evil Inc.";
+    };
+
+    loginAccounts."contact@${domain}" = {
+      aliases = [ "@${domain}" ];
 
       hashedPasswordFile = config.age.secrets."cube.mail.password.hash".path;
     };