From 53d8df263282c7f31e4f58a8a4bc74ddd9f3a91f Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Tue, 16 Sep 2025 20:44:06 +0200
Subject: [PATCH] cli and domain

---
 modules/misc/cli-tools.nix     | 6 ++++--
 modules/services/nginx.nix     | 2 +-
 systems/amd-server-vm/mail.nix | 3 +--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/modules/misc/cli-tools.nix b/modules/misc/cli-tools.nix
index b0c9273..11a6640 100644
--- a/modules/misc/cli-tools.nix
+++ b/modules/misc/cli-tools.nix
@@ -59,7 +59,7 @@ in {
         git
         gh # github
         killall
-        xclip
+        #xclip
         usbutils
         inputs.agenix.packages."x86_64-linux".default
         fastfetch
@@ -85,7 +85,7 @@ in {
         nvd # nix diff, example: nvd diff /nix/var/nix/profiles/system-389-link /nix/var/nix/profiles/system-390-link
         compsize
         trashy # move files to trash
-        shell-gpt
+        #shell-gpt #openai bitches stole my credits :(
         libheif # convert heic to jpg with `heif-convert something.heic something.jpg`
         imagemagick # convert images
         tree
@@ -93,6 +93,8 @@ in {
         nix-tree # show nix derivations
         binwalk # show what's inside a binary
         iotop
+        inetutils 
+        nettools
       ];
     };
 }
diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index a9edc29..13a80f2 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -45,7 +45,7 @@ in {
         more_set_headers 'X-XSS-Protection 1; mode=block';
         #  add_header X-Frame-Options 'ALLOW-FROM kopatz.ddns.net';
         more_set_headers 'X-Content-Type-Options nosniff';
-        more_set_headers "Content-Security-Policy: frame-ancestors https://kopatz.ddns.net https://kop.oasch.net";
+        more_set_headers "Content-Security-Policy: frame-ancestors https://kopatz.ddns.net https://kop.oasch.net https://kopatz.dev";
         more_set_headers "Referrer-Policy: same-origin";
         more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
       '';
diff --git a/systems/amd-server-vm/mail.nix b/systems/amd-server-vm/mail.nix
index 2b03a8a..ebc9549 100644
--- a/systems/amd-server-vm/mail.nix
+++ b/systems/amd-server-vm/mail.nix
@@ -44,6 +44,7 @@ in
                    "-o smtpd_tls_security_level=encrypt"
                    "-o smtpd_sasl_auth_enable=yes"
                    "-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
+                   # TODO: look into check_sender_access hash:/etc/postfix/sender_access
                    "-o smtpd_sender_restrictions=reject_unknown_sender_domain"
                    "-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"
                    "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
@@ -81,8 +82,6 @@ in
         smtp_tls_ciphers = "high"; # ciphers used in opportunistic TLS
         smtp_tls_exclude_ciphers = "aNULL, MD5, DES"; # exclude weak ciphers
         smtp_tls_protocols = ">=TLSv1.2";
-        # displays TLS information in the E-Mail header
-        smtp_tls_received_header = "yes";
         smtp_tls_note_starttls_offer = "yes"; # log the hostname of remote servers that offer STARTTLS
         # TLS logging
         smtpd_tls_loglevel = 1;