From 4eb8087847e96b38ada27404dacab29c1e60cb63 Mon Sep 17 00:00:00 2001 From: Noratrieb <48135649+Noratrieb@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:49:15 +0200 Subject: [PATCH 1/2] shorten proton ttl --- nix/modules/dns/noratrieb.dev.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nix/modules/dns/noratrieb.dev.nix b/nix/modules/dns/noratrieb.dev.nix index 69c36a1..1173bb1 100644 --- a/nix/modules/dns/noratrieb.dev.nix +++ b/nix/modules/dns/noratrieb.dev.nix @@ -37,13 +37,14 @@ let TXT = [ "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5" - "v=spf1 include:_spf.protonmail.ch ~all" + "t-verify=dae826f2ae9f73a71cc247183616b6c9" # tuta verification + (ttl 60 "v=spf1 include:_spf.protonmail.ch ~all") ]; MX = [ - (mx.mx 10 "mail.protonmail.ch.") - (mx.mx 20 "mailsec.protonmail.ch.") + (ttl 60 (mx.mx 10 "mail.protonmail.ch.")) + (ttl 60 (mx.mx 20 "mailsec.protonmail.ch.")) ]; subdomains = { From d3bb071aae3a8d8f113568c98e7b6f596eabf7cc Mon Sep 17 00:00:00 2001 From: Noratrieb <48135649+Noratrieb@users.noreply.github.com> Date: Mon, 29 Sep 2025 18:04:28 +0200 Subject: [PATCH 2/2] gamer --- nix/deploy/smoke-tests.sh | 7 +++---- nix/modules/dns/noratrieb.dev.nix | 16 ++++++++-------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/nix/deploy/smoke-tests.sh b/nix/deploy/smoke-tests.sh index 84107f9..5054a61 100755 --- a/nix/deploy/smoke-tests.sh +++ b/nix/deploy/smoke-tests.sh @@ -23,10 +23,9 @@ check_dig_answer A "nilstrieb.dev" "161.97.165.1" check_dig_answer NS noratrieb.dev "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev." # Mail stuff -check_dig_answer MX noratrieb.dev "mail.protonmail.ch." -check_dig_answer MX noratrieb.dev "mailsec.protonmail.ch." -check_dig_answer TXT noratrieb.dev "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5" -check_dig_answer TXT noratrieb.dev "v=spf1 include:_spf.protonmail.ch ~all" +check_dig_answer MX noratrieb.dev "mail.tutanota.de." +check_dig_answer TXT noratrieb.dev "t-verify=dae826f2ae9f73a71cc247183616b6c9" +check_dig_answer TXT noratrieb.dev "v=spf1 include:spf.tutanota.de -all" # Check HTTP responses http_hosts=( diff --git a/nix/modules/dns/noratrieb.dev.nix b/nix/modules/dns/noratrieb.dev.nix index 1173bb1..443234f 100644 --- a/nix/modules/dns/noratrieb.dev.nix +++ b/nix/modules/dns/noratrieb.dev.nix @@ -38,13 +38,11 @@ let TXT = [ "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5" "t-verify=dae826f2ae9f73a71cc247183616b6c9" # tuta verification - (ttl 60 "v=spf1 include:_spf.protonmail.ch ~all") + "v=spf1 include:spf.tutanota.de -all" ]; - MX = [ - (ttl 60 (mx.mx 10 "mail.protonmail.ch.")) - (ttl 60 (mx.mx 20 "mailsec.protonmail.ch.")) + (ttl 60 (mx.mx 10 "mail.tutanota.de.")) ]; subdomains = { @@ -92,13 +90,15 @@ let _atproto.TXT = [ "did=did:plc:pqyzoyxk7gfcbxk65mjyncyl" ]; # --- email + _mta-sts.CNAME = [ (cname "mta-sts.tutanota.de.") ]; + mta-sts.CNAME = [ (cname "mta-sts.tutanota.de.") ]; + _domainkey.subdomains = { - protonmail.CNAME = [ (cname "protonmail.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ]; - protonmail2.CNAME = [ (cname "protonmail2.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ]; - protonmail3.CNAME = [ (cname "protonmail3.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ]; + s1.CNAME = [ (cname "s1.domainkey.tutanota.de.") ]; + s2.CNAME = [ (cname "s2.domainkey.tutanota.de.") ]; }; _dmarc.TXT = [ - "v=DMARC1; p=quarantine" + "v=DMARC1; p=quarantine; adkim=s" ]; # retired