From e9fbd213804fca3d7552d0d4bd97d7de0fc44e61 Mon Sep 17 00:00:00 2001
From: Vivian <vivian@0x76.dev>
Date: Sat, 21 Dec 2024 12:49:44 +0100
Subject: [PATCH] gay

---
 .../olympus/mailserver/configuration.nix      | 56 +++++++++++++++----
 nixos/hosts/olympus/nginx/configuration.nix   | 11 ++--
 2 files changed, 51 insertions(+), 16 deletions(-)

diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix
index 2515dab8..5a76c111 100644
--- a/nixos/hosts/olympus/mailserver/configuration.nix
+++ b/nixos/hosts/olympus/mailserver/configuration.nix
@@ -3,8 +3,10 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
 { config, pkgs, ... }:
-let vs = config.vault-secrets.secrets;
-in {
+let
+  vs = config.vault-secrets.secrets;
+in
+{
   imports = [ ];
 
   # This value determines the NixOS release from which the default
@@ -15,19 +17,31 @@ in {
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "22.11"; # Did you read the comment?
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 
   # needed as the mailserver configures its down DNS resolver
   networking.extraHosts = ''
     10.42.42.6 vault.olympus
   '';
 
-  vault-secrets.secrets.mailserver = { services = [ "dovecot2" "postfix" ]; };
+  vault-secrets.secrets.mailserver = {
+    services = [
+      "dovecot2"
+      "postfix"
+    ];
+  };
 
   mailserver = {
     enable = true;
     fqdn = "mail.0x76.dev";
-    domains = [ "0x76.dev" "meowy.tech" "xirion.net" ];
+    domains = [
+      "0x76.dev"
+      "meowy.tech"
+      "xirion.net"
+    ];
     certificateScheme = "acme-nginx";
     enableManageSieve = true;
 
@@ -44,7 +58,10 @@ in {
       # People
       "v@0x76.dev" = {
         hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
-        catchAll = [ "xirion.net" "0x76.dev" ];
+        catchAll = [
+          "xirion.net"
+          "0x76.dev"
+        ];
         aliases = [
           "postmaster@0x76.dev"
           "abuse@0x76.dev"
@@ -102,15 +119,28 @@ in {
       autoIndexExclude = [ "\\Junk" ];
     };
   };
-  services = {
 
-    postfix.relayHost = "smtp.ziggozakelijk.nl";
-    postfix.relayPort = 587;
+  services = {
+    postfix = {
+
+      relayHost = "smtp.ziggozakelijk.nl";
+      relayPort = 587;
+    };
+
+    rspamd = {
+      overrides."whitelist.conf".text = ''
+        whitelist_from {
+          fckn.gay = true;
+        }
+      '';
+    };
 
     roundcube = {
       enable = true;
-      package = pkgs.roundcube.withPlugins
-        (plugins: [ plugins.persistent_login pkgs.v.roundcube-swipe ]);
+      package = pkgs.roundcube.withPlugins (plugins: [
+        plugins.persistent_login
+        pkgs.v.roundcube-swipe
+      ]);
       plugins = [
         "archive"
         "managesieve"
@@ -144,7 +174,9 @@ in {
       '';
     };
 
-    nginx = { enable = true; };
+    nginx = {
+      enable = true;
+    };
   };
 
   security.acme.acceptTerms = true;
diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix
index 99155af5..9120b8b6 100644
--- a/nixos/hosts/olympus/nginx/configuration.nix
+++ b/nixos/hosts/olympus/nginx/configuration.nix
@@ -82,11 +82,13 @@ in
           forceSSL = true;
 
           root = "${website}";
+        };
 
-          # locations."/".extraConfig = ''
-          #   add_header Content-Type 'text/html; charset=UTF-8';
-          #   return 200 '<h1>Under Construction</h1>';
-          # '';
+        "vivian.is.fckn.gay" = {
+          enableACME = true;
+          forceSSL = true;
+
+          root = "${website}";
         };
 
         "immich.0x76.dev" = {
@@ -186,6 +188,7 @@ in
         #      homeserverList = [ "chat.meowy.tech" ];
         #    };
         # };
+
         # };
         "admin.chat.meowy.tech" = {
           enableACME = true;