kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cli and domain

Browse Source
This commit is contained in:
Kopatz
2025-09-16 20:44:06 +02:00
parent 686c4782f1
commit 53d8df2632
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/misc/cli-tools.nix
View File

@@ -59,7 +59,7 @@ in {
git git
gh # github gh # github
killall killall
xclip #xclip
usbutils usbutils
inputs.agenix.packages."x86_64-linux".default inputs.agenix.packages."x86_64-linux".default
fastfetch fastfetch
@@ -85,7 +85,7 @@ in {
nvd # nix diff, example: nvd diff /nix/var/nix/profiles/system-389-link /nix/var/nix/profiles/system-390-link nvd # nix diff, example: nvd diff /nix/var/nix/profiles/system-389-link /nix/var/nix/profiles/system-390-link
compsize compsize
trashy # move files to trash trashy # move files to trash
shell-gpt #shell-gpt #openai bitches stole my credits :(
libheif # convert heic to jpg with `heif-convert something.heic something.jpg` libheif # convert heic to jpg with `heif-convert something.heic something.jpg`
imagemagick # convert images imagemagick # convert images
tree tree
@@ -93,6 +93,8 @@ in {
nix-tree # show nix derivations nix-tree # show nix derivations
binwalk # show what's inside a binary binwalk # show what's inside a binary
iotop iotop
inetutils
nettools
]; ];
}; };
} }

2
modules/services/nginx.nix
View File

@@ -45,7 +45,7 @@ in {
more_set_headers 'X-XSS-Protection 1; mode=block'; more_set_headers 'X-XSS-Protection 1; mode=block';
# add_header X-Frame-Options 'ALLOW-FROM kopatz.ddns.net'; # add_header X-Frame-Options 'ALLOW-FROM kopatz.ddns.net';
more_set_headers 'X-Content-Type-Options nosniff'; more_set_headers 'X-Content-Type-Options nosniff';
more_set_headers "Content-Security-Policy: frame-ancestors https://kopatz.ddns.net https://kop.oasch.net"; more_set_headers "Content-Security-Policy: frame-ancestors https://kopatz.ddns.net https://kop.oasch.net https://kopatz.dev";
more_set_headers "Referrer-Policy: same-origin"; more_set_headers "Referrer-Policy: same-origin";
more_set_headers "Permissions-Policy: geolocation=(), microphone=()"; more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
''; '';

3
systems/amd-server-vm/mail.nix
View File

@@ -44,6 +44,7 @@ in
"-o smtpd_tls_security_level=encrypt" "-o smtpd_tls_security_level=encrypt"
"-o smtpd_sasl_auth_enable=yes" "-o smtpd_sasl_auth_enable=yes"
"-o smtpd_client_restrictions=permit_sasl_authenticated,reject" "-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
# TODO: look into check_sender_access hash:/etc/postfix/sender_access
"-o smtpd_sender_restrictions=reject_unknown_sender_domain" "-o smtpd_sender_restrictions=reject_unknown_sender_domain"
"-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject" "-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"
"-o smtpd_relay_restrictions=permit_sasl_authenticated,reject" "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
@@ -81,8 +82,6 @@ in
smtp_tls_ciphers = "high"; # ciphers used in opportunistic TLS smtp_tls_ciphers = "high"; # ciphers used in opportunistic TLS
smtp_tls_exclude_ciphers = "aNULL, MD5, DES"; # exclude weak ciphers smtp_tls_exclude_ciphers = "aNULL, MD5, DES"; # exclude weak ciphers
smtp_tls_protocols = ">=TLSv1.2"; smtp_tls_protocols = ">=TLSv1.2";
# displays TLS information in the E-Mail header
smtp_tls_received_header = "yes";
smtp_tls_note_starttls_offer = "yes"; # log the hostname of remote servers that offer STARTTLS smtp_tls_note_starttls_offer = "yes"; # log the hostname of remote servers that offer STARTTLS
# TLS logging # TLS logging
smtpd_tls_loglevel = 1; smtpd_tls_loglevel = 1;