| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
Shouldn't cause any trouble and is necessary to keep
things secure.
|
|
|
|
|
|
|
|
|
|
|
| |
As the previous configuration only opened some ports, receiving mail was
impossible. This allows NSM to open the required ports directly,
ensuring that none was missed.
SECURITY:
As all other options than SSL are still disabled, this change should not
introduce unencrypted mail transfer.
This has not been tested.
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
server1_develop
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/24
|
| |
| |
| |
| | |
This should reduce the log spam even further.
|
| | |
|
|\|
| |
| |
| |
| |
| | |
server1_fail2ban into server1_develop
CC: #23
|
|/
|
|
| |
This should clear the logs somewhat.
|
|
|
|
|
| |
Before, new certs were requested at every rebuild.
This caused issues due to letsencrypt ratelimiting.
|
|
|
|
|
|
| |
This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58.
It may be a security-risk, but I care much more about a running
mailserver for now.
|
|
|
|
| |
The old one, could have exposed a weak hash.
|
|\ |
|
| |
| |
| |
| | |
The commit didn't work and effectively disabled ipv6
|
| |
| |
| |
| |
| |
| | |
This is somewhat misconfigured, as it makes to config not compilable. I
assume, that this route setting is needed, but believe, that having a
compiling config is better.
|
| |
| |
| |
| |
| | |
The hardware settings are (somewhat) host specific, and putting them in
`system` just builds the wrong expectations.
|
| |
| |
| |
| |
| | |
The old values did work, but these should just make things a bit
clearer.
|
|\| |
|
| | |
|
| |
| |
| |
| |
| | |
It is sort of standard to ignore connections over the unencrypted port
25, thus we are doing the same.
|
| | |
|
| |
| |
| |
| | |
I just think this is easier to read.
|
| |
| |
| |
| |
| | |
This is something that just makes the file system easier to traverse, but
isn't really necessary.
|
| |
| |
| |
| |
| |
| | |
As outlined in commit 19f0808, placing a password hash in the world
readable nix-store is perfectly safe as long as the hashing function is
not reversible, which should be a necessity for a password hash.
|
| |
| |
| |
| |
| | |
All users are in the wheel group, thus direct login as root is no longer
needed.
|
| | |
|
| |
| |
| |
| |
| |
| | |
This is inherently unsafe because it requires an unencrypted handshake.
Considering that all protocols also work directly with TLS i.e., the
encrypted variant, disabling this shouldn't be a drawback.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | | |
The used ips were straight up wrong.
|
| | |
| | |
| | |
| | |
| | | |
Assigning a specific interface for a gateway should make it easier for
nixos to configure it.
|
|/ /
| |
| |
| |
| |
| |
| | |
server1_nginx into server1""
This reverts commit b0599a3d23878da7335e6ae754ebffbd9ac7cbc3.
This may seem ridiculous, and it is, but some things are just necessary.
|
| |
| |
| |
| | |
This doesn't compile.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
server1"
This reverts commit 563521c360073d5c28d2553ec4e1792eb2b14258, reversing
changes made to c50431b189e982a631d2d4864b304f33169bacdb.
This is necessary, because it makes a stable base unavailable.
|
|\|
| |
| |
| | |
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/17
|
|/
|
|
|
| |
This provides an html file located at /srv/www/vhack.eu/index.html over
https.
|
|\
| |
| |
| | |
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
|
| |\ |
|
| |/
|/|
| |
| |
| | |
Someone put a string, where a list of strings belonged. I took the
freedom to change that.
|
|/| |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used the domain name instead of the host name, which obviously
doesn't work for multiple host. In addition to that I changed some
directory to make importing easier and enabled the "nix-command" and
"flakes" experimental options, to make the `nix flake check` command
usable.
Refs: #15
|
| |
| |
| |
| | |
Nix flakes make a lot of things very easy.
|