ssh and block recipients

2026-01-16 13:17:45 +01:00 · 2026-01-16 13:17:45 +01:00 · 14a27d0b43
commit 14a27d0b43
parent 5d1d3c3195
4 changed files with 12 additions and 3 deletions
--- a/system/default.nix
+++ b/system/default.nix
@ -42,7 +42,9 @@
    ntp.enable = true;
    openssh.enable = true;
    openssh.settings.PasswordAuthentication = false;
+    openssh.settings.PermitRootLogin = "no";
  };

  system.stateVersion = "22.11";
+
 }
--- a/system/gnome.nix
+++ b/system/gnome.nix
@ -28,7 +28,7 @@

  programs.kdeconnect = {
    enable = true;
-    package = pgks.gnomeExtensions.gsconnect;
-  }
+    package = lib.mkForce pkgs.gnomeExtensions.gsconnect;
+  };

 }
--- a/system/web-server/mail/postfix.nix
+++ b/system/web-server/mail/postfix.nix
@ -36,6 +36,12 @@ in {
      @t9e.me anything
    '';

+    mapFiles.reject-recipients = pkgs.writeText "postfix-reject-recipients" ''
+      123rf@ktiu.net REJECT
+      jcb-co.jp-ktiu@ktiu.net REJECT
+      info@ktiu.net REJECT
+    '';
+

    enableSubmission = true;
    submissionOptions = {
@ -47,7 +53,7 @@ in {
      smtpd_sasl_path = "/var/run/dovecot2/auth";
      smtpd_sasl_security_options = "noanonymous";
      smtpd_client_restrictions = "permit_mynetworks,permit_sasl_authenticated,reject";
-      smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
+      smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,check_recipient_access hash:/etc/postfix/recect-recipients,permit_sasl_authenticated,reject";
    };

    settings = {