summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* Fix(hosts/server1/networking): Remove ipv6 routeene2023-03-19
| | | | | | This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
* Refactor(system/hardware): Move hardware to hostene2023-03-19
| | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
* Fix(system/hardware): Use actually needed modules and UUIDene2023-03-19
| | | | | The old values did work, but these should just make things a bit clearer.
* Fix(system/services/minecraft): Remove to make compileene2023-03-19
|
* Fix(system/mail): Only accept connections on safe portsene2023-03-19
| | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
* Feat(system/mail): Add other users, so the admin thing worksene2023-03-18
|
* Style(system/mail): Reorder optionsene2023-03-18
| | | | I just think this is easier to read.
* Feat(system/mail): Use '/' to separate mailboxesene2023-03-18
| | | | | This is something that just makes the file system easier to traverse, but isn't really necessary.
* Fix(system/mail): Declare the password directlyene2023-03-18
| | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
* Fix(system/users): Remove unneeded root ssh login keysene2023-03-18
| | | | | All users are in the wheel group, thus direct login as root is no longer needed.
* Fix(system/mail): Make extraVirtualAliases fairerene2023-03-18
|
* Fix(system/mail): Disable protocols with STARTTLSene2023-03-18
| | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
* Chore(flake): Updateene2023-03-18
|
* Refactor: Use better file layoutene2023-03-18
|
* Fix: Try to fix ipv6sils2023-03-07
|
* Feat: Added admin@vhack.eu mailsils2023-03-07
|
* Fix: Add imap and smtp subdomains to certsils2023-03-07
|
* Feat: Add mailserversils2023-03-07
|
* Feat: Add Websitesils2023-03-07
| | | | | This provides an html file located at /srv/www/vhack.eu/index.html over https.
* Merge pull request 'Merge to server1' (#16) from server1_develop into server1ene2023-02-08
|\ | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
| * Merge branch 'server1_minecraft2' into server1ene2023-02-08
| |\
| | * Fix: Made the Minecraft config compileene2023-02-04
| |/ |/| | | | | | | Someone put a string, where a list of strings belonged. I took the freedom to change that.
| * Merge branch 'server1_flake' into server1ene2023-02-08
|/|
| * Feat: Use default.nixene2023-02-05
| |
| * Fix: correct host name and convenience changesene2023-02-05
| | | | | | | | | | | | | | | | | | | | We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
| * Flake: Changed the configuration to a flakeene2023-02-04
| | | | | | | | Nix flakes make a lot of things very easy.
* | Merge pull request 'Imported the headless profile' (#13) from ↵sils2023-02-04
|\| | | | | | | | | | | | | server1_headless into server1 Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/13 Reviewed-by: sils <sils@sils.li>
| * Feat: Imported the headless profileene2023-02-04
|/ | | | | We run a headless server, so some things, like emergency boot mode, don't really make sense. This import disables these.
* Merge pull request 'User Configuration' (#12) from server1_users into server1sils2023-01-23
|\ | | | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/12 Reviewed-by: sils <sils@sils.li>
| * Update: Save hashed password for silssils2023-01-23
| |
| * Feat: Track last login in motdene2023-01-21
| |
| * Feat: Save passwords in hashed form directlyene2023-01-21
| | | | | | | | | | | | | | Saving hashed passwords should be relatively safe, as long as the hashing algorithm isn't flawed. Considering, that we use yescrypt with higher than average parameters ('jFT' instead of 'j9T'), we should be safe for now.
| * Fix: Resolve merge conflictsene2023-01-21
| |
| * Merge branch 'server1' into server1_userssils2023-01-20
| |\ | |/ |/|
* | Merge pull request 'Remove ssh from the config file and make it's keys ↵sils2023-01-20
|\ \ | | | | | | | | | | | | | | | | | | persistent' (#9) from server1_ssh into server1 Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/9 Reviewed-by: sils <sils@sils.li>
| * | Revert "Fix: revert changes in configuration.nix"sils2023-01-20
| | | | | | | | | | | | This reverts commit 5a137ce8b8f4b1dcfee03d001938c0fa25df842f.
| * | Merge branch 'server1' into server1_sshsils2023-01-20
| |\ \ | |/ / |/| |
| * | Fix: revert changes in configuration.nixsils2023-01-20
| | | | | | | | | | | | resolve conflicts with target branch
| * | Sec: Persistent ssh host keysene2023-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I changed the valid ssh-host-keys from both rsa and ed25519 to only ed25519 and moved them to `/srv/ssh` to make them persistent. In addition to that, I also increased the rounds for the ed25519 key to 1000. This fixes the ssh-host-key issue introduced by pull request #5. Fixes: #5
| | * Merge branch 'server1' into server1_userssils2023-01-20
| | |\ | |_|/ |/| |
* | | Merge pull request 'server1_rust-motd' (#11) from server1_rust-motd into server1sils2023-01-20
|\ \ \ | |/ / |/| | | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/11 Reviewed-by: sils <sils@sils.li>
| * | Merge branch 'server1' into server1_rust-motdene2023-01-17
| |\ \ | |/ / |/| |
| * | Fix: Changed setting namesene2023-01-17
| | | | | | | | | | | | | | | The names of the settings in the GitHub repository are outdated, this commit changes the setting name to the real ones.
| * | Fix: changed to TOML configene2023-01-17
| | | | | | | | | | | | This module generates a TOML config from a nix set.
| * | Fix: typo in programs fieldene2023-01-17
| | |
| * | Feat: Added a nice motd through rust-motdene2023-01-17
| | | | | | | | | | | | I'm not sure if this is really helpful
| | * Feat: User configuration, with secure passwordsene2023-01-19
| |/ |/| | | | | | | | | | | The passwords will be stored in a specific password file, which because it isn't part of this repository is secure. Refs: #9
* | Merge pull request 'Feat: Added /boot as persistent subvolume' (#10) from ↵sils2023-01-17
|\ \ | |/ |/| | | | | | | | | server1_boot into server1 Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/10 Reviewed-by: sils <sils@sils.li>
| * Feat: Added /boot as persistent subvolumeene2023-01-17
|/ | | | Co-authored-by: sils <sils@sils.li>
* Merge pull request 'Fix: Import pkgs and improve security' (#8) from ↵ene2023-01-15
|\ | | | | | | | | | | | | server1_minecraft into server1 Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/8 Reviewed-by: ene <ene@sils.li>