summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* Feat(system/services): Enable keycloaksils2023-06-06
|
* Feat(system/services/keycloak): Add keycloaksils2023-06-06
|
* Feat(system/file_system_layout): Add bindmount for postgresqlsils2023-06-06
|
* Fix(system/services/opensshd): Rename passwordAuthentication tosils2023-06-06
| | | | settings.PassowrdAuthentication
* Fix(system/mail): give certificateScheme string as valuesils2023-06-06
|
* Fix(hosts/server1): Rename boot.cleanTmpDir to boot.tmp.cleanOnBootsils2023-06-06
|
* Fix(system/packages): Explicitly enable zsh to make Nix Vars availablesils2023-06-06
|
* Build(flake): Updatesils2023-06-06
| | | | This updates the Version of NixOS used.
* Revert: Remove Conduitsils2023-06-06
| | | | | | It didn't deploy either and we'd probably use synapse anyway This reverts commit fbba7df4b7c9de5b1926612647e1d9d06b7d22cf.
* Feat(system/matrix/conduit): Add matrix-conduitSoispha2023-05-20
|
* Build(cog): Addsils2023-05-20
| | | | Co-authored-by: Soispha <soispha@vhack.eu>
* Build(git-crypt): Add collaboratorsils2023-05-20
| | | | | | New collaborators: D9C3B27F Silas <sils@sils.li>
* Build(flake): UpdateSoispha2023-05-20
|
* Style(system): FormatSoispha2023-05-20
|
* Refactor(system/mail): Hide user emailsSoispha2023-05-20
|
* Build(git-crypt): AddSoispha2023-05-20
|
* Chore(flake): UpdateSoispha2023-05-02
|
* Fix(update): RemoveSoispha2023-05-02
| | | | It will (at some point) be installed through direnv, when it is in nixpkgs.
* Chore(flake): UpdateSoispha2023-04-29
|
* Feat(update): Use update flakeSoispha2023-04-29
| | | | This comes with better dependency handling and further visual upgrades.
* Chore(flake): UpdateSoispha2023-04-27
|
* Merge pull request 'Fix(system/services/nginx): Correct path to index.html' ↵sils2023-04-21
|\ | | | | | | | | | | (#30) from website into develop Reviewed-on: https://codeberg.org/vhack.eu/nixos-server/pulls/30
| * Fix(system/services/nginx): Correct path to index.htmlsils2023-04-21
|/
* Merge pull request 'Feat(system/services/nginx): Change to declarative ↵sils2023-04-21
|\ | | | | | | | | | | websites' (#29) from server1_webpage into develop Reviewed-on: https://codeberg.org/vhack.eu/nixos-server/pulls/29
| * Feat(system/services/nginx): Change to declarative websitesSoispha2023-04-19
| |
* | Merge pull request 'server1_build' (#25) from server1_build into server1sils2023-04-20
|\| | | | | | | Reviewed-on: https://codeberg.org/vhack.eu/nixos-server/pulls/25
| * Docs(contributing): AddSoispha2023-04-18
| |
| * Docs(License): AddSoispha2023-04-18
| | | | | | | | | | | | | | | | | | | | See https://spdx.dev/resources/learn/ for information about 'LICENSE.spdx'. I'm not fully sure, if the spdx spec is correctly applied. The decision to go for the GPL-3.0-or-later is obviously open to be changed, if it should be desired.
| * Build: Add update scriptSoispha2023-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows to group different update commands together and to raise awareness of the update task. The `grep '[^0-9]_[0-9] flake.lock'` is needed to check if multiple imports exists for the same input as nix will name them 'nixpkgs_1' 'nixpkgs_2' and so on. Having multiple inputs for the same thing just increases the needed storage space, if no other inputs are set to follow, but can break a flake's evaluation because of a partial update e.g., nixpkgs follows our version, but we leave rust-overlay unfollowed. This example would result in a newer cargo version (rust-overlay) getting combined with old packages (nixpkgs), which introduces the aforementioned partial update.
| * Build(flake): Enable direnv integrationSoispha2023-04-18
| | | | | | | | | | | | | | | | | | | | [Direnv](https://github.com/direnv/direnv) in combination with [Nix integration](https://github.com/direnv/direnv/wiki/Nix) — in this case [Nix-direnv](https://github.com/nix-community/nix-direnv) — allows for reliable build environments (and some uncluttering of the PATH). Setting it up is rather easy, just see [Nix-direnv's install instructions](https://github.com/nix-community/nix-direnv#installation).
| * Chore(flake): Update and add follows for inputsSoispha2023-04-18
| |
* | Merge pull request 'server1_develop' (#22) from server1_develop into server1sils2023-04-11
|\| | | | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/22 Reviewed-by: sils <sils@sils.li>
| * Chore(flake): Updatesils2023-04-08
| | | | | | | | | | Shouldn't cause any trouble and is necessary to keep things secure.
| * Fix(system/mail): Allow opening ports in the firewallene2023-04-07
| | | | | | | | | | | | | | | | | | | | | | As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
| * Fix(system/services/rust-motd): Quote ssl-cert namesene2023-03-25
| |
| * Feat(system/services/rust-motd): Info about filesystemsene2023-03-25
| |
| * Feat(system/services/rust-motd): Show status of ssl-certsene2023-03-25
| |
| * Fix(system/services/rust-motd): Add fail2ban binaryene2023-03-25
| |
| * Merge pull request 'server1_fail2ban' (#24) from server1_fail2ban into ↵ene2023-03-25
| |\ | | | | | | | | | | | | | | | server1_develop Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/24
| | * Feat(system/services/fail2ban): Add dovecot jailene2023-03-25
| | | | | | | | | | | | This should reduce the log spam even further.
| | * Fix(system/services/fail2ban): Make db persistentene2023-03-25
| | |
| * | Merge pull request 'Feat(system/services/fail2ban): Add fail2ban' (#23) from ↵ene2023-03-25
| |\| | | | | | | | | | | | | | | | server1_fail2ban into server1_develop CC: #23
| | * Feat(system/services/fail2ban): Add fail2banene2023-03-25
| |/ | | | | | | This should clear the logs somewhat.
| * Fix(acme): Store certs permanently.sils2023-03-20
| | | | | | | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
| * Revert "Fix(system/mail): Change placeholder"sils2023-03-20
| | | | | | | | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
| * Fix(system/mail): Change placeholderene2023-03-20
| | | | | | | | The old one, could have exposed a weak hash.
| * Merge branch 'server1_hardware' into server1_developene2023-03-20
| |\
| | * Revert "Fix(hosts/server1/networking): Remove ipv6 route"ene2023-03-19
| | | | | | | | | | | | The commit didn't work and effectively disabled ipv6
| | * Fix(hosts/server1/networking): Remove ipv6 routeene2023-03-19
| | | | | | | | | | | | | | | | | | This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
| | * Refactor(system/hardware): Move hardware to hostene2023-03-19
| | | | | | | | | | | | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.