2 files changed, 43 insertions, 0 deletions

diff --git a/modules/by-name/dn/dns/dns/types/records/MTA-STS.nix b/modules/by-name/dn/dns/dns/types/records/MTA-STS.nix
new file mode 100644
index 0000000..030490e
--- /dev/null
+++ b/modules/by-name/dn/dns/dns/types/records/MTA-STS.nix
@@ -0,0 +1,42 @@
+#
+# SPDX-FileCopyrightText: 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de>
+#
+# SPDX-License-Identifier: MPL-2.0 or MIT
+#
+# This is a “fake” record type, not actually part of DNS.
+# It gets compiled down to a TXT record.
+# RFC 8461
+{
+  lib,
+  util,
+  ...
+}: let
+  inherit (lib) mkOption types;
+in rec {
+  rtype = "TXT";
+  options = {
+    id = mkOption {
+      type = types.str;
+      example = "20160831085700Z";
+      description = ''
+        A short string used to track policy updates.  This string MUST
+        uniquely identify a given instance of a policy, such that senders
+        can determine when the policy has been updated by comparing to the
+        "id" of a previously seen policy.  There is no implied ordering of
+        "id" fields between revisions.
+      '';
+    };
+  };
+  dataToString = data: let
+    items =
+      ["v=STSv1"]
+      ++ lib.pipe data [
+        (builtins.intersectAttrs options) # remove garbage list `_module`
+        (lib.filterAttrs (k: v: v != null && v != ""))
+        (lib.mapAttrsToList (k: v: "${k}=${v}"))
+      ];
+    result = lib.concatStringsSep "; " items + ";";
+  in
+    util.writeCharacterString result;
+  nameFixup = name: _self: "_mta-sts.${name}";
+}
diff --git a/modules/by-name/dn/dns/dns/types/records/default.nix b/modules/by-name/dn/dns/dns/types/records/default.nix
index b6f6270..76a86cd 100644
--- a/modules/by-name/dn/dns/dns/types/records/default.nix
+++ b/modules/by-name/dn/dns/dns/types/records/default.nix
@@ -37,6 +37,7 @@
     # Pseudo types
     "DKIM"
     "DMARC"
+    "MTA-STS"
   ];
 in
   genAttrs types (t: import (./. + "/${t}.nix") {inherit lib simple util;})