Compare commits
20 Commits
2ee23bc03a
...
8ff15e4aba
Author | SHA1 | Date |
---|---|---|
Egor Savkin | 8ff15e4aba | |
Egor Savkin | 7131a54bb6 | |
Egor Savkin | bbfee50b53 | |
Egor Savkin | 4c300688d9 | |
Egor Savkin | 45b53991d1 | |
Egor Savkin | 5a408bdb63 | |
Egor Savkin | 2f1c794ac0 | |
Egor Savkin | 8068eb96b3 | |
Egor Savkin | 7b98b49fcd | |
Egor Savkin | 367d5a8c4c | |
Egor Savkin | 5fb951ba3c | |
Egor Savkin | 6832725535 | |
Egor Savkin | 4c9dff8d95 | |
Egor Savkin | f909cd71a3 | |
Egor Savkin | 3959250f0b | |
Sébastien Bourdeauducq | 476f5d1d6c | |
Sebastien Bourdeauducq | ecf40fb2db | |
Sébastien Bourdeauducq | 34102e66ad | |
Sébastien Bourdeauducq | 93ae830468 | |
Sébastien Bourdeauducq | 8af66556b9 |
|
@ -92,8 +92,16 @@ in
|
|||
firewall = {
|
||||
allowedTCPPorts = [ 53 80 443 2222 7402 ];
|
||||
allowedUDPPorts = [ 53 67 500 4500 ];
|
||||
trustedInterfaces = [ netifLan ];
|
||||
trustedInterfaces = [ netifLan netifUSA ];
|
||||
logRefusedConnections = false;
|
||||
extraCommands = ''
|
||||
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
|
||||
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
|
||||
'';
|
||||
extraStopCommands = ''
|
||||
iptables -D INPUT -s 5.78.86.156 -p gre -j ACCEPT
|
||||
iptables -D INPUT -s 5.78.86.156 -p ah -j ACCEPT
|
||||
'';
|
||||
};
|
||||
useDHCP = false;
|
||||
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off
|
||||
|
@ -531,11 +539,6 @@ in
|
|||
"/kasli/192.168.1.70"
|
||||
"/kasli-customer/192.168.1.75"
|
||||
"/stabilizer-customer/192.168.1.76"
|
||||
|
||||
# Google can't do DNS geolocation correctly and slows down websites of everyone using
|
||||
# their shitty font cloud hosting. In HK, you sometimes get IPs behind the GFW that you
|
||||
# cannot reach.
|
||||
"/fonts.googleapis.com/142.250.207.74"
|
||||
];
|
||||
|
||||
dhcp-match = "set:ipxe,175"; # https://forum.ipxe.org/showthread.php?tid=6077
|
||||
|
@ -1257,8 +1260,25 @@ in
|
|||
enablePop3 = true;
|
||||
enablePop3Ssl = true;
|
||||
certificateScheme = "acme-nginx";
|
||||
policydSPFExtraConfig = "skip_addresses = 5.78.86.156,2a01:4ff:1f0:83de::1";
|
||||
} // (import /etc/nixos/secret/email_settings.nix);
|
||||
services.postfix = {
|
||||
mapFiles.sender_transport = pkgs.writeText "sender_transport" ''
|
||||
@m-labs-intl.com intltunnel:
|
||||
'';
|
||||
config = {
|
||||
sender_dependent_default_transport_maps = "hash:/var/lib/postfix/conf/sender_transport";
|
||||
};
|
||||
masterConfig."intltunnel" = {
|
||||
type = "unix";
|
||||
command = "smtp";
|
||||
args = [
|
||||
"-o" "inet_interfaces=10.47.3.1"
|
||||
"-o" "smtp_helo_name=mail.m-labs-intl.com"
|
||||
"-o" "inet_protocols=ipv4"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
hostName = "mail.m-labs.hk";
|
||||
|
@ -1271,7 +1291,8 @@ in
|
|||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud29;
|
||||
package = pkgs.nextcloud30;
|
||||
extraApps = { inherit (config.services.nextcloud.package.packages.apps) forms; };
|
||||
hostName = "files.m-labs.hk";
|
||||
https = true;
|
||||
maxUploadSize = "2G";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$TTL 7200
|
||||
|
||||
@ SOA ns.m-labs-intl.com. sb.m-labs.hk. (
|
||||
2024081503
|
||||
2024101401
|
||||
7200
|
||||
3600
|
||||
86400
|
||||
|
@ -23,7 +23,6 @@ ns A 94.190.212.123
|
|||
ns AAAA 2001:470:18:390::2
|
||||
|
||||
mail A 5.78.86.156
|
||||
mail AAAA 2a01:4ff:1f0:83de::1
|
||||
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJVPuhSGXghO7ib8Em/Se3jfCCIJK5g4zn5pGZ3/e0I0f+zGHMuvwpjkAKf6eSmo/AAXEaco28pDi3qE5xfV512AJsORCfPoPFyNhLsj/qtri6hc5KVSWW0Ja3MSFBINDCaX78c7PXPY+3jJJGpwSBDLjdxj9AQwtfiCVlH4qE/QIDAQAB"
|
||||
_dmarc TXT "v=DMARC1; p=none"
|
||||
|
||||
|
|
Loading…
Reference in New Issue