ktiu/omniflake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssh and block recipients

Browse source
This commit is contained in:
Till 2026-01-16 13:17:45 +01:00
parent 5d1d3c3195
commit 14a27d0b43
4 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ssh/till@nova.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDr1G6eXwR8t8k/2Vm1CX8ARt7q2GVPtX+xdOFqDonQy0yPai85s1Y+wkIivC9GvdyK1Q5EM2Vl7PKOvJxAJwwevgPTp6hsg9JOc2v0WNJ12p9a0NF2cXJwmgIVs2z0GTritJpO0VwWUdjI+RJORpTAkkMskEWB4IU/ub1nOUya2Hq7xvI9GcvnVoA7nWRs2X6VHHQLIbkrc9+a3MdGtJim1/yJ/CfiX/RueWZ8ANBpieUmgwjQJn6WYCCl/q2fId4vc/njtwmF/Tx5H4MxVCMpPmbbD7XAN04cXMpZOKKAHHbwM14SpslQFDPnfmF9f3BdEvTaxJOu7Fs8nE6XEJs+gUgY4lGQfaoPOKN7uyD/reVfqTwkvF7PzhiT7FEhPycpU5gNGyTka/o63xB3kCdlXhWBb3qmWB8E+0va0XdUj0STzjws3EtLLkoGJoXjp9UTQxqL31sxfPZQWQ7NmHne4/UR/R8xlv2Ul4VKBou8ZV6+5thsYo08JJiSbfnN9Ms= till@nova

2
system/default.nix
View file

@ -42,7 +42,9 @@
ntp.enable = true; ntp.enable = true;
openssh.enable = true; openssh.enable = true;
openssh.settings.PasswordAuthentication = false; openssh.settings.PasswordAuthentication = false;
openssh.settings.PermitRootLogin = "no";
}; };
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }

4
system/gnome.nix
View file

@ -28,7 +28,7 @@
programs.kdeconnect = { programs.kdeconnect = {
enable = true; enable = true;
package = pgks.gnomeExtensions.gsconnect; package = lib.mkForce pkgs.gnomeExtensions.gsconnect;
} };
} }

8
system/web-server/mail/postfix.nix
View file

@ -36,6 +36,12 @@ in {
@t9e.me anything @t9e.me anything
''; '';
mapFiles.reject-recipients = pkgs.writeText "postfix-reject-recipients" ''
123rf@ktiu.net REJECT
jcb-co.jp-ktiu@ktiu.net REJECT
info@ktiu.net REJECT
'';
enableSubmission = true; enableSubmission = true;
submissionOptions = { submissionOptions = {
@ -47,7 +53,7 @@ in {
smtpd_sasl_path = "/var/run/dovecot2/auth"; smtpd_sasl_path = "/var/run/dovecot2/auth";
smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_security_options = "noanonymous";
smtpd_client_restrictions = "permit_mynetworks,permit_sasl_authenticated,reject"; smtpd_client_restrictions = "permit_mynetworks,permit_sasl_authenticated,reject";
smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"; smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,check_recipient_access hash:/etc/postfix/recect-recipients,permit_sasl_authenticated,reject";
}; };
settings = { settings = {