gay

2024-12-21 12:49:44 +01:00 · 2024-12-21 12:49:44 +01:00 · e9fbd21380
commit e9fbd21380
parent 902bbb659e
2 changed files with 51 additions and 16 deletions
--- a/nixos/hosts/olympus/mailserver/configuration.nix
+++ b/nixos/hosts/olympus/mailserver/configuration.nix
@ -3,8 +3,10 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).

 { config, pkgs, ... }:
-let vs = config.vault-secrets.secrets;
-in {
+let
+  vs = config.vault-secrets.secrets;
+in
+{
  imports = [ ];

  # This value determines the NixOS release from which the default
@ -15,19 +17,31 @@ in {
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?

-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];

  # needed as the mailserver configures its down DNS resolver
  networking.extraHosts = ''
    10.42.42.6 vault.olympus
  '';

-  vault-secrets.secrets.mailserver = { services = [ "dovecot2" "postfix" ]; };
+  vault-secrets.secrets.mailserver = {
+    services = [
+      "dovecot2"
+      "postfix"
+    ];
+  };

  mailserver = {
    enable = true;
    fqdn = "mail.0x76.dev";
-    domains = [ "0x76.dev" "meowy.tech" "xirion.net" ];
+    domains = [
+      "0x76.dev"
+      "meowy.tech"
+      "xirion.net"
+    ];
    certificateScheme = "acme-nginx";
    enableManageSieve = true;

@ -44,7 +58,10 @@ in {
      # People
      "v@0x76.dev" = {
        hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
-        catchAll = [ "xirion.net" "0x76.dev" ];
+        catchAll = [
+          "xirion.net"
+          "0x76.dev"
+        ];
        aliases = [
          "postmaster@0x76.dev"
          "abuse@0x76.dev"
@ -102,15 +119,28 @@ in {
      autoIndexExclude = [ "\\Junk" ];
    };
  };
-  services = {

-    postfix.relayHost = "smtp.ziggozakelijk.nl";
-    postfix.relayPort = 587;
+  services = {
+    postfix = {
+
+      relayHost = "smtp.ziggozakelijk.nl";
+      relayPort = 587;
+    };
+
+    rspamd = {
+      overrides."whitelist.conf".text = ''
+        whitelist_from {
+          fckn.gay = true;
+        }
+      '';
+    };

    roundcube = {
      enable = true;
-      package = pkgs.roundcube.withPlugins
-        (plugins: [ plugins.persistent_login pkgs.v.roundcube-swipe ]);
+      package = pkgs.roundcube.withPlugins (plugins: [
+        plugins.persistent_login
+        pkgs.v.roundcube-swipe
+      ]);
      plugins = [
        "archive"
        "managesieve"
@ -144,7 +174,9 @@ in {
      '';
    };

-    nginx = { enable = true; };
+    nginx = {
+      enable = true;
+    };
  };

  security.acme.acceptTerms = true;
--- a/nixos/hosts/olympus/nginx/configuration.nix
+++ b/nixos/hosts/olympus/nginx/configuration.nix
@ -82,11 +82,13 @@ in
          forceSSL = true;

          root = "${website}";
+        };

-          # locations."/".extraConfig = ''
-          #   add_header Content-Type 'text/html; charset=UTF-8';
-          #   return 200 '<h1>Under Construction</h1>';
-          # '';
+        "vivian.is.fckn.gay" = {
+          enableACME = true;
+          forceSSL = true;
+
+          root = "${website}";
        };

        "immich.0x76.dev" = {
@ -186,6 +188,7 @@ in
        #      homeserverList = [ "chat.meowy.tech" ];
        #    };
        # };
+
        # };
        "admin.chat.meowy.tech" = {
          enableACME = true;