diff --git a/flake.lock b/flake.lock index c1d4159..ef67ff5 100644 --- a/flake.lock +++ b/flake.lock @@ -158,6 +158,26 @@ "type": "github" } }, + "hosts": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712248646, + "narHash": "sha256-pEiprVaO6CmIJ1qJMQn/y8vHvRQwiQq7CwbhzlneCOA=", + "owner": "StevenBlack", + "repo": "hosts", + "rev": "a340ebf0b8e9f81476c0ec0b6a9767858aea325c", + "type": "github" + }, + "original": { + "owner": "StevenBlack", + "repo": "hosts", + "type": "github" + } + }, "ide": { "inputs": { "flake-utils": "flake-utils", @@ -277,6 +297,7 @@ }, "root": { "inputs": { + "hosts": "hosts", "nixpkgs": "nixpkgs", "simple-nixos-mailserver": "simple-nixos-mailserver", "vpsadminos": "vpsadminos", diff --git a/flake.nix b/flake.nix index 49e238d..37c05c9 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; vpsadminos.url = "github:vpsfreecz/vpsadminos"; + hosts = { + url = "github:StevenBlack/hosts"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -18,6 +22,7 @@ , simple-nixos-mailserver , vpsadminos , webshite + , hosts , ... }: let @@ -35,6 +40,7 @@ modules = [ simple-nixos-mailserver.nixosModule vpsadminos.nixosConfigurations.container + hosts.nixosModule ./mailserver ]; pkgs = import nixpkgs { diff --git a/mailserver/configuration.nix b/mailserver/configuration.nix index 498eba1..58f97cf 100644 --- a/mailserver/configuration.nix +++ b/mailserver/configuration.nix @@ -16,10 +16,17 @@ }; }; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 53 80 443 ]; - allowedUDPPorts = [ 53 51820 ]; + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ 53 80 443 ]; + allowedUDPPorts = [ 53 51820 ]; + }; + stevenBlackHosts = { + enable = true; + blockFakenews = true; + blockGambling = true; + }; }; users = {