summary refs log tree commit diff
path: root/fleet/hosts/trieste/lists.nix
diff options
context:
space:
mode:
Diffstat (limited to 'fleet/hosts/trieste/lists.nix')
-rw-r--r--fleet/hosts/trieste/lists.nix58
1 files changed, 58 insertions, 0 deletions
diff --git a/fleet/hosts/trieste/lists.nix b/fleet/hosts/trieste/lists.nix
new file mode 100644
index 0000000..a4e9a69
--- /dev/null
+++ b/fleet/hosts/trieste/lists.nix
@@ -0,0 +1,58 @@
+# SPDX-FileCopyrightText: V <v@unfathomable.blue>
+# SPDX-License-Identifier: OSL-3.0
+
+{ lib, pkgs, ... }:
+
+with lib;
+
+{
+  # Block HTML e-mail
+  # FIXME(V): This is global, and will affect anyone sending HTML mail to e.g. postmaster@
+  # We should fix this, and limit it to just the list: this is possible using http://mlmmj.org/docs/readme-access/
+  # Unfortunately this doesn't let us pick an error message, though. So maybe not.
+  services.postfix = {
+    enableHeaderChecks = true;
+    headerChecks = [
+      {
+        pattern = ''/^Content-Type: text\/html/'';  # This feels kind of brittle, but should work in 99% of cases.
+        action = "REJECT HTML e-mail is not allowed on this list. See https://useplaintext.email/ for more information.";
+      }
+    ];
+  };
+
+  services.mlmmj = {
+    enablePostfix = true;
+    enablePublicInbox = true;
+
+    control.customheaders = [ "X-Clacks-Overhead: GNU Terry Pratchett" ];
+
+    lists."lists.unfathomable.blue" = {
+      ripple-announce = {
+        description = "Progress updates and other major announcements about Ripple";
+        moderators = [
+          "v@unfathomable.blue"
+          "edef@unfathomable.blue"
+        ];
+        # FIXME(V): This doesn't have quite the effect I was looking for.
+        # It submits non-moderator posts for review, rather than outright rejecting them as I'd wanted.
+        # Perhaps this is good, though, as it allows guest posts?
+        # Downside is there's no immediate rejection, so the user is left with the impression that their mail disappeared…
+        # Maybe http://mlmmj.org/docs/readme-access/ would be more appropriate?
+        control.modonlypost = true;
+      };
+      ripple-devel.description = "Technical discourse and patches for Ripple";
+      ripple-discuss.description = "General discussion about Ripple";
+      # TODO(V): ripple-commits, read-only commit notifications
+    };
+  };
+
+  # By default, the index 404s with the rather confusing message "no inboxes, yet", even when there are inboxes configured.
+  services.public-inbox.settings.publicinbox.wwwlisting = "all";
+
+  services.caddy.config = ''
+    lists.unfathomable.blue {
+      import common
+      reverse_proxy unix//run/public-inbox/httpd.sock
+    }
+  '';
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-29 06:56:25 +0000