Add m-labs-intl.com domain to mailserver and hooks subdomain #39
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "134-intl-com"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Also needs setting up aliases or new accounts on new domain.
How many times did I tell you that PRs need to be separated by topic?
Obviously, configuration of the VPS does NOT belong in a PR titled "Add m-labs-intl.com domain to mailserver".
I'm growing tired of your lazy/careless approach.
@ -0,0 +4,4 @@
git fetch origin
git reset --hard origin/master
DOMAINNAME=m-labs-intl.com ./zola build -o /var/www/m-labs-intl.com/html/ --force
The plan is to build the website on Hydra and upload it from there. It's briefly mentioned in the original issue (M-Labs/web2019#134) and I reminded you of it at least twice and explained it at length. Are you paying attention?
@ -0,0 +30,4 @@
cd /home/zolaupd;
git clone https://git.m-labs.hk/M-Labs/web2019.git;
cd web2019;
wget https://github.com/getzola/zola/releases/download/v0.18.0/zola-v0.18.0-x86_64-unknown-linux-gnu.tar.gz;
None of this unmaintainable and undebuggable mess is necessary if you paid attention to what I kept repeating.
Those are very restrictive permissions for content that goes into a public repos.
@ -0,0 +49,4 @@
cp zolaupd /etc/cron.d/
systemctl enable cron
service cron reload
Is that for certbot or for your crappy code? If it's the latter then remove.
@ -0,0 +3,4 @@
apt install git nginx-full python3 python3.12-venv python3-pip
snap install --classic certbot
And this isn't installed with apt because?
Because it is not recommended by certbot devs, especially for LTS systems: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal.
Yet another problem and hack that would not exist if you had used the systems I had recommended.
@ -0,0 +57,4 @@
service nginx restart
certbot --nginx
How is certificate auto-renewal handled?
It automatically creates a cron job, that tests if certificate is about to expire time to time, and then updates if needed.
Cron job or systemd timers?
Why would we need both cron and systemd?
Cron job. The systemd is used for starting the rfq server.
You did not answer the second question.
f9a065ea27
to28f07245c6
@ -0,0 +87,4 @@
server mail.m-labs.hk:993;
}
upstream pop3s_backend {
What is this for? Do you know how email works?
@ -1155,3 +1155,3 @@
localDnsResolver = false; # conflicts with dnsmasq
fqdn = "mail.m-labs.hk";
domains = [ "m-labs.hk" "m-labs.ph" "193thz.com" "malloctech.fr" ];
domains = [ "m-labs.hk" "m-labs.ph" "193thz.com" "malloctech.fr" "m-labs-intl.com" ];
When will you clean up that PR?
@ -0,0 +13,4 @@
mkdir -p /var/www/m-labs-intl.com/html
chown -R zolaupd /var/www/m-labs-intl.com/
cp redeploy.sh /home/zolaupd/
Where is that file from?
Why do you keep ignoring my requests to break down PRs by function?
2a4830ec55
toe5e02c010e
e5e02c010e
to04dc9074e9
Add m-labs-intl.com domain to mailserverto Add m-labs-intl.com domain to mailserver and hooks subdomain04dc9074e9
to79af7c9cbd
@ -17,0 +18,4 @@
mail A 5.78.86.156
mail AAAA 2a01:4ff:1f0:83de::1
mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB"
Where is the DKIM private key ?
It's a copy from
m-labs.hk
, because the m-labs-intl is just a reverse proxy for email.https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html
There is one DKIM key per domain.
@ -17,0 +19,4 @@
mail A 5.78.86.156
mail AAAA 2a01:4ff:1f0:83de::1
mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB"
_dmarc TXT "v=DMARC1; p=none"
SPF?
320a7535a3
to5a3be3e3b4
@ -15,2 +15,4 @@
AAAA 2a01:4ff:1f0:83de::1
MX 10 mail.m-labs-intl.com.
TXT "v=spf1 mx a:router.alt.m-labs.hk a:mail.m-labs.hk -all"
As I said before, we need to proxy the outgoing emails through the VPS as well. Our mailserver also gets blocked due to its being in Hong Kong. This is not consistent with this SPF entry.
So just
mx
5a3be3e3b4
todaf9a4d539
daf9a4d539
tob601c12b7d
Fixed and merged manually.
Pull request closed