| Commit message (Collapse) | Author | Age |
... | |
| |/
| |
| |
| | |
This should clear the logs somewhat.
|
| |
| |
| |
| |
| | |
Before, new certs were requested at every rebuild.
This caused issues due to letsencrypt ratelimiting.
|
| |
| |
| |
| |
| |
| | |
This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58.
It may be a security-risk, but I care much more about a running
mailserver for now.
|
| |
| |
| |
| | |
The old one, could have exposed a weak hash.
|
| |\ |
|
| | |
| | |
| | |
| | | |
The commit didn't work and effectively disabled ipv6
|
| | |
| | |
| | |
| | |
| | |
| | | |
This is somewhat misconfigured, as it makes to config not compilable. I
assume, that this route setting is needed, but believe, that having a
compiling config is better.
|
| | |
| | |
| | |
| | |
| | | |
The hardware settings are (somewhat) host specific, and putting them in
`system` just builds the wrong expectations.
|
| | |
| | |
| | |
| | |
| | | |
The old values did work, but these should just make things a bit
clearer.
|
| |\| |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
It is sort of standard to ignore connections over the unencrypted port
25, thus we are doing the same.
|
| | | |
|
| | |
| | |
| | |
| | | |
I just think this is easier to read.
|
| | |
| | |
| | |
| | |
| | | |
This is something that just makes the file system easier to traverse, but
isn't really necessary.
|
| | |
| | |
| | |
| | |
| | |
| | | |
As outlined in commit 19f0808, placing a password hash in the world
readable nix-store is perfectly safe as long as the hashing function is
not reversible, which should be a necessity for a password hash.
|
| | |
| | |
| | |
| | |
| | | |
All users are in the wheel group, thus direct login as root is no longer
needed.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
This is inherently unsafe because it requires an unencrypted handshake.
Considering that all protocols also work directly with TLS i.e., the
encrypted variant, disabling this shouldn't be a drawback.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | | |
The used ips were straight up wrong.
|
| |/ /
|/| |
| | |
| | |
| | | |
Assigning a specific interface for a gateway should make it easier for
nixos to configure it.
|
|/ /
| |
| |
| |
| |
| |
| | |
server1_nginx into server1""
This reverts commit b0599a3d23878da7335e6ae754ebffbd9ac7cbc3.
This may seem ridiculous, and it is, but some things are just necessary.
|
| |
| |
| |
| | |
This doesn't compile.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
server1"
This reverts commit 563521c360073d5c28d2553ec4e1792eb2b14258, reversing
changes made to c50431b189e982a631d2d4864b304f33169bacdb.
This is necessary, because it makes a stable base unavailable.
|
|\|
| |
| |
| | |
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/17
|
|/
|
|
|
| |
This provides an html file located at /srv/www/vhack.eu/index.html over
https.
|
|\
| |
| |
| | |
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
|
| |\ |
|
| |/
|/|
| |
| |
| | |
Someone put a string, where a list of strings belonged. I took the
freedom to change that.
|
|/| |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used the domain name instead of the host name, which obviously
doesn't work for multiple host. In addition to that I changed some
directory to make importing easier and enabled the "nix-command" and
"flakes" experimental options, to make the `nix flake check` command
usable.
Refs: #15
|
| |
| |
| |
| | |
Nix flakes make a lot of things very easy.
|
|\|
| |
| |
| |
| |
| |
| | |
server1_headless into server1
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/13
Reviewed-by: sils <sils@sils.li>
|
|/
|
|
|
| |
We run a headless server, so some things, like emergency boot mode, don't really make sense. This
import disables these.
|
|\
| |
| |
| |
| | |
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/12
Reviewed-by: sils <sils@sils.li>
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Saving hashed passwords should be relatively safe, as long as the hashing
algorithm isn't flawed. Considering, that we use yescrypt with higher
than average parameters ('jFT' instead of 'j9T'), we should be safe for
now.
|
| | |
|
| |\
| |/
|/| |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
persistent' (#9) from server1_ssh into server1
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/9
Reviewed-by: sils <sils@sils.li>
|
| | |
| | |
| | |
| | | |
This reverts commit 5a137ce8b8f4b1dcfee03d001938c0fa25df842f.
|