From 0fb1da319945eed0cb50c3d65036e7028dcd8cbd Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 1 Sep 2023 14:15:17 +0200
Subject: [PATCH] mail improvements

---
 flake.lock                                   | 42 ++++++++++----------
 hosts/falkenstein-1/modules/mail/default.nix | 10 +++++
 users/rouven/modules/accounts/default.nix    |  2 -
 3 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9ca92d4..a174451 100644
--- a/flake.lock
+++ b/flake.lock
@@ -236,11 +236,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1693293723,
-        "narHash": "sha256-pUw9KoWq9S0Cv9EIm601s0xh1zqcxs57JJtPzGrhFAU=",
+        "lastModified": 1693527216,
+        "narHash": "sha256-SxmuXa1bCN+4SGkNdJ/mQA4BM/7CJQS/qdDieCKRlSA=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "40d7e6c9c85d4f1ce2345f6e9d59fc091243124d",
+        "rev": "a38ec6d6ca9e5dbbd2e313f3173f2e967ed71fc1",
         "type": "github"
       },
       "original": {
@@ -255,11 +255,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693187908,
-        "narHash": "sha256-cTcNpsqi1llmUFl9bmCdD0mTyfjhBrNFPhu2W12WXzA=",
+        "lastModified": 1693399033,
+        "narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8bde7a651b94ba30bd0baaa9c4a08aae88cc2e92",
+        "rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10",
         "type": "github"
       },
       "original": {
@@ -275,11 +275,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1689427686,
-        "narHash": "sha256-8bmjK6SsS2wvusgZvgqqE0GzSLMavUIv52fRVQHquwc=",
+        "lastModified": 1693308856,
+        "narHash": "sha256-PnUsLLiO1qyGbNR5v9fNEf/PxDTYLI+3Ye2OzQxLeqE=",
         "owner": "therealr5",
         "repo": "TruckSimulatorBot-images",
-        "rev": "2b9bb4ec7aca230d8df32d1a617cc21d5e5b7d78",
+        "rev": "d5cfb66fd8ebd499d1f4037c9a13374e994de2ae",
         "type": "github"
       },
       "original": {
@@ -448,11 +448,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1693250523,
-        "narHash": "sha256-y3up5gXMTbnCsXrNEB5j+7TVantDLUYyQLu/ueiXuyg=",
+        "lastModified": 1693377291,
+        "narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3efb0f6f404ec8dae31bdb1a9b17705ce0d6986e",
+        "rev": "e7f38be3775bab9659575f192ece011c033655f0",
         "type": "github"
       },
       "original": {
@@ -499,11 +499,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690850453,
-        "narHash": "sha256-3yB3oPLYoGA/k9I+bkdOJojFEgy3zSwGbrD+I/GcqoA=",
+        "lastModified": 1693549723,
+        "narHash": "sha256-44VdV79IVnHeM9npfzPMzrYFCzsjOMw50NViAyBbTqE=",
         "owner": "therealr5",
         "repo": "purge",
-        "rev": "b85cfc3d2e0ad2b6bac8ef8b95fc1a43f084c89c",
+        "rev": "5564156ed380db5619a5cf166467168ed23f701c",
         "type": "github"
       },
       "original": {
@@ -586,11 +586,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1693263624,
-        "narHash": "sha256-GzmVIUKStC1HCzUb0YdGDPAewv4+KxCHKQZEZZDpApY=",
+        "lastModified": 1693404499,
+        "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "c89ee06488706b587a22085b1844bf9ca6ba5687",
+        "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a",
         "type": "github"
       },
       "original": {
@@ -636,11 +636,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690880109,
-        "narHash": "sha256-7V18Y6jeTJjLmJjNiAbyo9JuVmEUNoJ1smfaEiRYO0M=",
+        "lastModified": 1693549594,
+        "narHash": "sha256-gXWdnVGC2vPjxrA9h7mdATFoNFj6JmCrswR2VBlZVVM=",
         "owner": "therealr5",
         "repo": "TruckSimulatorBot",
-        "rev": "63fc5e8bb508e12e8e9984b8207a94730101a9ec",
+        "rev": "8865519845ba8099c529bb8b553d83ee2bc15bdd",
         "type": "github"
       },
       "original": {
diff --git a/hosts/falkenstein-1/modules/mail/default.nix b/hosts/falkenstein-1/modules/mail/default.nix
index d0154a4..86571e9 100644
--- a/hosts/falkenstein-1/modules/mail/default.nix
+++ b/hosts/falkenstein-1/modules/mail/default.nix
@@ -3,6 +3,15 @@
 let
   domain = "rfive.de";
   hostname = "falkenstein.vpn.${domain}";
+  # see https://www.kuketz-blog.de/e-mail-anbieter-ip-stripping-aus-datenschutzgruenden/
+  header_cleanup = pkgs.writeText "header_cleanup_outgoing" ''
+    /^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2
+    /^\s*User-Agent/ IGNORE
+    /^\s*X-Enigmail/ IGNORE
+    /^\s*X-Mailer/ IGNORE
+    /^\s*X-Originating-IP/ IGNORE
+    /^\s*Mime-Version/ IGNORE
+  '';
 in
 {
   networking.firewall.allowedTCPPorts = [
@@ -62,6 +71,7 @@ in
           "permit_mynetworks"
           "reject_unauth_destination"
         ];
+        smtp_header_checks = "pcre:${header_cleanup}";
         alias_maps = [ "hash:/etc/aliases" ];
         smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ];
         non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ];
diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix
index b417a4a..39fd8a1 100644
--- a/users/rouven/modules/accounts/default.nix
+++ b/users/rouven/modules/accounts/default.nix
@@ -14,8 +14,6 @@ in
     w3m
     urlview
   ];
-  services.mbsync.enable = true;
-  systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
   programs = {
     thunderbird = {
       enable = true;