restrict mailman to university networks

2023-07-10 11:52:51 +02:00 · 2023-07-10 11:52:51 +02:00 · d48222784b
commit d48222784b
parent 35ae1a27f5
1 changed files with 8 additions and 0 deletions
--- a/modules/mailman.nix
+++ b/modules/mailman.nix
@ -31,5 +31,13 @@
  services.nginx.virtualHosts."lists.${config.fsr.domain}" = {
    enableACME = true;
    forceSSL = true;
+    # deny non-uni access to prevent sending dozens of confirm emails
+    locations."/mailman3".extraConfig = ''
+      allow 141.30.0.0/16;
+      allow 141.76.0.0/16;
+      allow 172.16.0.0/16;
+      deny all;
+      uwsgi_pass unix:/run/mailman-web.socket;
+    '';
  };
 }