cli and domain

2025-09-16 20:44:06 +02:00
parent 686c4782f1
commit 53d8df2632
3 changed files with 6 additions and 5 deletions
--- a/modules/misc/cli-tools.nix
+++ b/modules/misc/cli-tools.nix
@@ -59,7 +59,7 @@ in {
        git
        gh # github
        killall
-        xclip
+        #xclip
        usbutils
        inputs.agenix.packages."x86_64-linux".default
        fastfetch
@@ -85,7 +85,7 @@ in {
        nvd # nix diff, example: nvd diff /nix/var/nix/profiles/system-389-link /nix/var/nix/profiles/system-390-link
        compsize
        trashy # move files to trash
-        shell-gpt
+        #shell-gpt #openai bitches stole my credits :(
        libheif # convert heic to jpg with `heif-convert something.heic something.jpg`
        imagemagick # convert images
        tree
@@ -93,6 +93,8 @@ in {
        nix-tree # show nix derivations
        binwalk # show what's inside a binary
        iotop
+        inetutils 
+        nettools
      ];
    };
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -45,7 +45,7 @@ in {
        more_set_headers 'X-XSS-Protection 1; mode=block';
        #  add_header X-Frame-Options 'ALLOW-FROM kopatz.ddns.net';
        more_set_headers 'X-Content-Type-Options nosniff';
-        more_set_headers "Content-Security-Policy: frame-ancestors https://kopatz.ddns.net https://kop.oasch.net";
+        more_set_headers "Content-Security-Policy: frame-ancestors https://kopatz.ddns.net https://kop.oasch.net https://kopatz.dev";
        more_set_headers "Referrer-Policy: same-origin";
        more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
      '';
--- a/systems/amd-server-vm/mail.nix
+++ b/systems/amd-server-vm/mail.nix
@@ -44,6 +44,7 @@ in
                   "-o smtpd_tls_security_level=encrypt"
                   "-o smtpd_sasl_auth_enable=yes"
                   "-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
+                   # TODO: look into check_sender_access hash:/etc/postfix/sender_access
                   "-o smtpd_sender_restrictions=reject_unknown_sender_domain"
                   "-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"
                   "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
@@ -81,8 +82,6 @@ in
        smtp_tls_ciphers = "high"; # ciphers used in opportunistic TLS
        smtp_tls_exclude_ciphers = "aNULL, MD5, DES"; # exclude weak ciphers
        smtp_tls_protocols = ">=TLSv1.2";
-        # displays TLS information in the E-Mail header
-        smtp_tls_received_header = "yes";
        smtp_tls_note_starttls_offer = "yes"; # log the hostname of remote servers that offer STARTTLS
        # TLS logging
        smtpd_tls_loglevel = 1;