summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
...
* | Merge pull request 'server1_develop' (#22) from server1_develop into server1sils2023-04-11
|\| | | | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/22 Reviewed-by: sils <sils@sils.li>
| * Chore(flake): Updatesils2023-04-08
| | | | | | | | | | Shouldn't cause any trouble and is necessary to keep things secure.
| * Fix(system/mail): Allow opening ports in the firewallene2023-04-07
| | | | | | | | | | | | | | | | | | | | | | As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
| * Fix(system/services/rust-motd): Quote ssl-cert namesene2023-03-25
| |
| * Feat(system/services/rust-motd): Info about filesystemsene2023-03-25
| |
| * Feat(system/services/rust-motd): Show status of ssl-certsene2023-03-25
| |
| * Fix(system/services/rust-motd): Add fail2ban binaryene2023-03-25
| |
| * Merge pull request 'server1_fail2ban' (#24) from server1_fail2ban into ↵ene2023-03-25
| |\ | | | | | | | | | | | | | | | server1_develop Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/24
| | * Feat(system/services/fail2ban): Add dovecot jailene2023-03-25
| | | | | | | | | | | | This should reduce the log spam even further.
| | * Fix(system/services/fail2ban): Make db persistentene2023-03-25
| | |
| * | Merge pull request 'Feat(system/services/fail2ban): Add fail2ban' (#23) from ↵ene2023-03-25
| |\| | | | | | | | | | | | | | | | server1_fail2ban into server1_develop CC: #23
| | * Feat(system/services/fail2ban): Add fail2banene2023-03-25
| |/ | | | | | | This should clear the logs somewhat.
| * Fix(acme): Store certs permanently.sils2023-03-20
| | | | | | | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
| * Revert "Fix(system/mail): Change placeholder"sils2023-03-20
| | | | | | | | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
| * Fix(system/mail): Change placeholderene2023-03-20
| | | | | | | | The old one, could have exposed a weak hash.
| * Merge branch 'server1_hardware' into server1_developene2023-03-20
| |\
| | * Revert "Fix(hosts/server1/networking): Remove ipv6 route"ene2023-03-19
| | | | | | | | | | | | The commit didn't work and effectively disabled ipv6
| | * Fix(hosts/server1/networking): Remove ipv6 routeene2023-03-19
| | | | | | | | | | | | | | | | | | This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
| | * Refactor(system/hardware): Move hardware to hostene2023-03-19
| | | | | | | | | | | | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
| | * Fix(system/hardware): Use actually needed modules and UUIDene2023-03-19
| | | | | | | | | | | | | | | The old values did work, but these should just make things a bit clearer.
| * | Merge branch 'server1_mail' into server1_developene2023-03-20
| |\|
| | * Fix(system/services/minecraft): Remove to make compileene2023-03-19
| | |
| | * Fix(system/mail): Only accept connections on safe portsene2023-03-19
| | | | | | | | | | | | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
| | * Feat(system/mail): Add other users, so the admin thing worksene2023-03-18
| | |
| | * Style(system/mail): Reorder optionsene2023-03-18
| | | | | | | | | | | | I just think this is easier to read.
| | * Feat(system/mail): Use '/' to separate mailboxesene2023-03-18
| | | | | | | | | | | | | | | This is something that just makes the file system easier to traverse, but isn't really necessary.
| | * Fix(system/mail): Declare the password directlyene2023-03-18
| | | | | | | | | | | | | | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
| | * Fix(system/users): Remove unneeded root ssh login keysene2023-03-18
| | | | | | | | | | | | | | | All users are in the wheel group, thus direct login as root is no longer needed.
| | * Fix(system/mail): Make extraVirtualAliases fairerene2023-03-18
| | |
| | * Fix(system/mail): Disable protocols with STARTTLSene2023-03-18
| | | | | | | | | | | | | | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
| | * Chore(flake): Updateene2023-03-18
| | |
| | * Refactor: Use better file layoutene2023-03-18
| | |
| | * Fix: Try to fix ipv6sils2023-03-07
| | |
| | * Feat: Added admin@vhack.eu mailsils2023-03-07
| | |
| | * Fix: Add imap and smtp subdomains to certsils2023-03-07
| | |
| | * Feat: Add mailserversils2023-03-07
| | |
| * | Merge branch 'server1_network' into server1_developene2023-03-20
| |\ \
| | * | Fix(hosts/server1/networking): Correct ipv6ene2023-03-19
| | | | | | | | | | | | | | | | The used ips were straight up wrong.
| | * | Fix(hosts/server1/networking): Fix Gatewaysene2023-03-19
| |/ / |/| | | | | | | | | | | Assigning a specific interface for a gateway should make it easier for nixos to configure it.
| * | Revert "Revert "Merge pull request 'Feat: Add Website' (#17) from ↵ene2023-03-20
|/ / | | | | | | | | | | | | server1_nginx into server1"" This reverts commit b0599a3d23878da7335e6ae754ebffbd9ac7cbc3. This may seem ridiculous, and it is, but some things are just necessary.
* | Fix(services): Remove Minecraftene2023-03-19
| | | | | | | | This doesn't compile.
* | Revert "Merge pull request 'Feat: Add Website' (#17) from server1_nginx into ↵ene2023-03-19
| | | | | | | | | | | | | | | | | | server1" This reverts commit 563521c360073d5c28d2553ec4e1792eb2b14258, reversing changes made to c50431b189e982a631d2d4864b304f33169bacdb. This is necessary, because it makes a stable base unavailable.
* | Merge pull request 'Feat: Add Website' (#17) from server1_nginx into server1sils2023-03-07
|\| | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/17
| * Feat: Add Websitesils2023-03-07
|/ | | | | This provides an html file located at /srv/www/vhack.eu/index.html over https.
* Merge pull request 'Merge to server1' (#16) from server1_develop into server1ene2023-02-08
|\ | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
| * Merge branch 'server1_minecraft2' into server1ene2023-02-08
| |\
| | * Fix: Made the Minecraft config compileene2023-02-04
| |/ |/| | | | | | | Someone put a string, where a list of strings belonged. I took the freedom to change that.
| * Merge branch 'server1_flake' into server1ene2023-02-08
|/|
| * Feat: Use default.nixene2023-02-05
| |
| * Fix: correct host name and convenience changesene2023-02-05
| | | | | | | | | | | | | | | | | | | | We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15