nixos-server - nixos-config for vhack.eu servers https://vhack.eu

	Commit message (Collapse)	Author	Age
*	Feat(system/services/rust-motd): Show status of ssl-certs	ene	2023-03-25
\|
*	Fix(system/services/rust-motd): Add fail2ban binary	ene	2023-03-25
\|
*	Merge pull request 'server1_fail2ban' (#24) from server1_fail2ban into ↵	ene	2023-03-25
\|\ \| \| \| \| \| \| \| \| \| \|	server1_develop Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/24
\| *	Feat(system/services/fail2ban): Add dovecot jail	ene	2023-03-25
\| \| \| \| \| \| \| \|	This should reduce the log spam even further.
\| *	Fix(system/services/fail2ban): Make db persistent	ene	2023-03-25
\| \|
* \|	Merge pull request 'Feat(system/services/fail2ban): Add fail2ban' (#23) from ↵	ene	2023-03-25
\|\\| \| \| \| \| \| \| \| \| \| \|	server1_fail2ban into server1_develop CC: #23
\| *	Feat(system/services/fail2ban): Add fail2ban	ene	2023-03-25
\|/ \| \| \|	This should clear the logs somewhat.
*	Fix(acme): Store certs permanently.	sils	2023-03-20
\| \| \| \| \|	Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
*	Revert "Fix(system/mail): Change placeholder"	sils	2023-03-20
\| \| \| \| \| \|	This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
*	Fix(system/mail): Change placeholder	ene	2023-03-20
\| \| \| \|	The old one, could have exposed a weak hash.
*	Merge branch 'server1_hardware' into server1_develop	ene	2023-03-20
\|\
\| *	Revert "Fix(hosts/server1/networking): Remove ipv6 route"	ene	2023-03-19
\| \| \| \| \| \| \| \|	The commit didn't work and effectively disabled ipv6
\| *	Fix(hosts/server1/networking): Remove ipv6 route	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \| \| \|	This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
\| *	Refactor(system/hardware): Move hardware to host	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \|	The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
\| *	Fix(system/hardware): Use actually needed modules and UUID	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \|	The old values did work, but these should just make things a bit clearer.
* \|	Merge branch 'server1_mail' into server1_develop	ene	2023-03-20
\|\\|
\| *	Fix(system/services/minecraft): Remove to make compile	ene	2023-03-19
\| \|
\| *	Fix(system/mail): Only accept connections on safe ports	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \|	It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
\| *	Feat(system/mail): Add other users, so the admin thing works	ene	2023-03-18
\| \|
\| *	Style(system/mail): Reorder options	ene	2023-03-18
\| \| \| \| \| \| \| \|	I just think this is easier to read.
\| *	Feat(system/mail): Use '/' to separate mailboxes	ene	2023-03-18
\| \| \| \| \| \| \| \| \| \|	This is something that just makes the file system easier to traverse, but isn't really necessary.
\| *	Fix(system/mail): Declare the password directly	ene	2023-03-18
\| \| \| \| \| \| \| \| \| \| \| \|	As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
\| *	Fix(system/users): Remove unneeded root ssh login keys	ene	2023-03-18
\| \| \| \| \| \| \| \| \| \|	All users are in the wheel group, thus direct login as root is no longer needed.
\| *	Fix(system/mail): Make extraVirtualAliases fairer	ene	2023-03-18
\| \|
\| *	Fix(system/mail): Disable protocols with STARTTLS	ene	2023-03-18
\| \| \| \| \| \| \| \| \| \| \| \|	This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
\| *	Chore(flake): Update	ene	2023-03-18
\| \|
\| *	Refactor: Use better file layout	ene	2023-03-18
\| \|
\| *	Fix: Try to fix ipv6	sils	2023-03-07
\| \|
\| *	Feat: Added admin@vhack.eu mail	sils	2023-03-07
\| \|
\| *	Fix: Add imap and smtp subdomains to cert	sils	2023-03-07
\| \|
\| *	Feat: Add mailserver	sils	2023-03-07
\| \|
* \|	Merge branch 'server1_network' into server1_develop	ene	2023-03-20
\|\ \
\| * \|	Fix(hosts/server1/networking): Correct ipv6	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \| \| \|	The used ips were straight up wrong.
\| * \|	Fix(hosts/server1/networking): Fix Gateways	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Assigning a specific interface for a gateway should make it easier for nixos to configure it.
* \| \|	Revert "Revert "Merge pull request 'Feat: Add Website' (#17) from ↵	ene	2023-03-20
\|/ / \| \| \| \| \| \| \| \| \| \| \| \|	server1_nginx into server1"" This reverts commit b0599a3d23878da7335e6ae754ebffbd9ac7cbc3. This may seem ridiculous, and it is, but some things are just necessary.
* \|	Fix(services): Remove Minecraft	ene	2023-03-19
\| \| \| \| \| \| \| \|	This doesn't compile.
* \|	Revert "Merge pull request 'Feat: Add Website' (#17) from server1_nginx into ↵	ene	2023-03-19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	server1" This reverts commit 563521c360073d5c28d2553ec4e1792eb2b14258, reversing changes made to c50431b189e982a631d2d4864b304f33169bacdb. This is necessary, because it makes a stable base unavailable.
* \|	Merge pull request 'Feat: Add Website' (#17) from server1_nginx into server1	sils	2023-03-07
\|\\| \| \| \| \| \| \|	Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/17
\| *	Feat: Add Website	sils	2023-03-07
\|/ \| \| \| \|	This provides an html file located at /srv/www/vhack.eu/index.html over https.
*	Merge pull request 'Merge to server1' (#16) from server1_develop into server1	ene	2023-02-08
\|\ \| \| \| \| \| \|	Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
\| *	Merge branch 'server1_minecraft2' into server1	ene	2023-02-08
\| \|\
\| \| *	Fix: Made the Minecraft config compile	ene	2023-02-04
\| \|/ \|/\| \| \| \| \| \| \|	Someone put a string, where a list of strings belonged. I took the freedom to change that.
\| *	Merge branch 'server1_flake' into server1	ene	2023-02-08
\|/\|
\| *	Feat: Use default.nix	ene	2023-02-05
\| \|
\| *	Fix: correct host name and convenience changes	ene	2023-02-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
\| *	Flake: Changed the configuration to a flake	ene	2023-02-04
\| \| \| \| \| \| \| \|	Nix flakes make a lot of things very easy.
* \|	Merge pull request 'Imported the headless profile' (#13) from ↵	sils	2023-02-04
\|\\| \| \| \| \| \| \| \| \| \| \| \| \|	server1_headless into server1 Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/13 Reviewed-by: sils <sils@sils.li>
\| *	Feat: Imported the headless profile	ene	2023-02-04
\|/ \| \| \| \|	We run a headless server, so some things, like emergency boot mode, don't really make sense. This import disables these.
*	Merge pull request 'User Configuration' (#12) from server1_users into server1	sils	2023-01-23
\|\ \| \| \| \| \| \| \| \|	Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/12 Reviewed-by: sils <sils@sils.li>
\| *	Update: Save hashed password for sils	sils	2023-01-23
\| \|