DNS: added www subdomain to zonefile

cmdeploy/src/cmdeploy/__init__.py

@@ -255,7 +255,9 @@ def _configure_postfix(config: Config, debug: bool = False) -> bool:
     need_restart |= master_config.changed
 
     header_cleanup = files.put(
-        src=importlib.resources.files(__package__).joinpath("postfix/submission_header_cleanup"),
+        src=importlib.resources.files(__package__).joinpath(
+            "postfix/submission_header_cleanup"
+        ),
         dest="/etc/postfix/submission_header_cleanup",
         user="root",
         group="root",
@@ -422,7 +424,10 @@ def deploy_chatmail(config_path: Path) -> None:
     )
 
     # Deploy acmetool to have TLS certificates.
-    deploy_acmetool(nginx_hook=True, domains=[mail_domain, f"mta-sts.{mail_domain}"])
+    deploy_acmetool(
+        nginx_hook=True,
+        domains=[mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"],
+    )
 
     apt.packages(
         name="Install Postfix",

cmdeploy/src/cmdeploy/chatmail.zone.f

@@ -10,5 +10,6 @@ _imaps._tcp.{chatmail_domain}.       SRV 0 1 993 {chatmail_domain}.
 _dmarc.{chatmail_domain}.            TXT "v=DMARC1;p=reject;rua=mailto:{email};ruf=mailto:{email};fo=1;adkim=r;aspf=r"
 _mta-sts.{chatmail_domain}.          TXT "v=STSv1; id={sts_id}"
 mta-sts.{chatmail_domain}.           CNAME {chatmail_domain}.
+www.{chatmail_domain}.               CNAME {chatmail_domain}.
 _smtp._tls.{chatmail_domain}.        TXT "v=TLSRPTv1;rua=mailto:{email}"
 {dkim_entry}

cmdeploy/src/cmdeploy/dns.py

@@ -4,7 +4,6 @@ import requests
 import importlib
 import subprocess
 import datetime
-from ipaddress import ip_address
 
 
 class DNS:
@@ -184,14 +183,14 @@ def check_necessary_dns(out, mail_domain):
     ipv4 = dns.get("A", mail_domain)
     ipv6 = dns.get("AAAA", mail_domain)
     mta_entry = dns.get("CNAME", "mta-sts." + mail_domain)
-    mta_ip = dns.get("A", mta_entry)
-    if not mta_ip:
-        mta_ip = dns.get("AAAA", mta_entry)
+    www_entry = dns.get("CNAME", "www." + mail_domain)
     to_print = []
     if not (ipv4 or ipv6):
         to_print.append(f"\t{mail_domain}.\t\t\tA<your server's IPv4 address>")
-    if not mta_ip or not (mta_ip == ipv4 or mta_ip == ipv6):
+    if mta_entry != mail_domain + ".":
         to_print.append(f"\tmta-sts.{mail_domain}.\tCNAME\t{mail_domain}.")
+    if www_entry != mail_domain + ".":
+        to_print.append(f"\twww.{mail_domain}.\tCNAME\t{mail_domain}.")
     if to_print:
         to_print.insert(
             0,

cmdeploy/src/cmdeploy/nginx/nginx.conf.j2

@@ -41,11 +41,19 @@ http {
 			try_files $uri $uri/ =404;
 		}
 
-                location /metrics {
-                        default_type text/plain;
-                }
+		location /metrics {
+			default_type text/plain;
+		}
 
-        # add cgi-bin support
-        include /usr/share/doc/fcgiwrap/examples/nginx.conf;
+		# add cgi-bin support
+		include /usr/share/doc/fcgiwrap/examples/nginx.conf;
+	}
+
+	# Redirect www. to non-www
+	server {
+		listen 443 ssl;
+		listen [::]:443 ssl;
+		server_name www.{{ config.domain_name }};
+		return 301 $scheme://{{ config.domain_name }}$request_uri;
 	}
 }