From ebe977672a5665fe8d25138032db1ca791e9aae0 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 26 Apr 2024 22:40:18 +0200
Subject: [PATCH 1/2] mailman: restrict registration to tud nets

---
 modules/mail/mailman.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/mail/mailman.nix b/modules/mail/mailman.nix
index f9a9354..23d36a9 100644
--- a/modules/mail/mailman.nix
+++ b/modules/mail/mailman.nix
@@ -66,6 +66,14 @@
     ensureDatabases = [ "mailman" "mailman-web" ];
   };
   services.nginx.virtualHosts."lists.${config.networking.domain}" = {
+    locations."/accounts/signup" = {
+      extraConfig = ''
+        allow 141.30.0.0/16;
+        allow 141.76.0.0/16;
+        deny all;
+        uwsgi_pass unix:/run/mailman-web.socket;
+      '';
+    };
     locations."/robots.txt" = {
       extraConfig = ''
         add_header  Content-Type  text/plain;

From d03f4c6fb13ed27245a48b1ea681ccd21e40312b Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 26 Apr 2024 22:40:30 +0200
Subject: [PATCH 2/2] initrd: try loading network modules in stage 1

---
 modules/core/initrd-ssh.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/core/initrd-ssh.nix b/modules/core/initrd-ssh.nix
index 6b7a1a9..9fc5824 100644
--- a/modules/core/initrd-ssh.nix
+++ b/modules/core/initrd-ssh.nix
@@ -6,6 +6,7 @@
 { config, ... }:
 {
   boot.initrd = {
+   availableKernelModules = ["mlx5_core"];
     systemd = {
       enable = true;
       network = {