summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
...
| * Merge pull request 'server1_fail2ban' (#24) from server1_fail2ban into ↵ene2023-03-25
| |\ | | | | | | | | | | | | | | | server1_develop Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/24
| | * Feat(system/services/fail2ban): Add dovecot jailene2023-03-25
| | | | | | | | | | | | This should reduce the log spam even further.
| | * Fix(system/services/fail2ban): Make db persistentene2023-03-25
| | |
| * | Merge pull request 'Feat(system/services/fail2ban): Add fail2ban' (#23) from ↵ene2023-03-25
| |\| | | | | | | | | | | | | | | | server1_fail2ban into server1_develop CC: #23
| | * Feat(system/services/fail2ban): Add fail2banene2023-03-25
| |/ | | | | | | This should clear the logs somewhat.
| * Fix(acme): Store certs permanently.sils2023-03-20
| | | | | | | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
| * Revert "Fix(system/mail): Change placeholder"sils2023-03-20
| | | | | | | | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
| * Fix(system/mail): Change placeholderene2023-03-20
| | | | | | | | The old one, could have exposed a weak hash.
| * Merge branch 'server1_hardware' into server1_developene2023-03-20
| |\
| | * Revert "Fix(hosts/server1/networking): Remove ipv6 route"ene2023-03-19
| | | | | | | | | | | | The commit didn't work and effectively disabled ipv6
| | * Fix(hosts/server1/networking): Remove ipv6 routeene2023-03-19
| | | | | | | | | | | | | | | | | | This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
| | * Refactor(system/hardware): Move hardware to hostene2023-03-19
| | | | | | | | | | | | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
| | * Fix(system/hardware): Use actually needed modules and UUIDene2023-03-19
| | | | | | | | | | | | | | | The old values did work, but these should just make things a bit clearer.
| * | Merge branch 'server1_mail' into server1_developene2023-03-20
| |\|
| | * Fix(system/services/minecraft): Remove to make compileene2023-03-19
| | |
| | * Fix(system/mail): Only accept connections on safe portsene2023-03-19
| | | | | | | | | | | | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
| | * Feat(system/mail): Add other users, so the admin thing worksene2023-03-18
| | |
| | * Style(system/mail): Reorder optionsene2023-03-18
| | | | | | | | | | | | I just think this is easier to read.
| | * Feat(system/mail): Use '/' to separate mailboxesene2023-03-18
| | | | | | | | | | | | | | | This is something that just makes the file system easier to traverse, but isn't really necessary.
| | * Fix(system/mail): Declare the password directlyene2023-03-18
| | | | | | | | | | | | | | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
| | * Fix(system/users): Remove unneeded root ssh login keysene2023-03-18
| | | | | | | | | | | | | | | All users are in the wheel group, thus direct login as root is no longer needed.
| | * Fix(system/mail): Make extraVirtualAliases fairerene2023-03-18
| | |
| | * Fix(system/mail): Disable protocols with STARTTLSene2023-03-18
| | | | | | | | | | | | | | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
| | * Chore(flake): Updateene2023-03-18
| | |
| | * Refactor: Use better file layoutene2023-03-18
| | |
| | * Fix: Try to fix ipv6sils2023-03-07
| | |
| | * Feat: Added admin@vhack.eu mailsils2023-03-07
| | |
| | * Fix: Add imap and smtp subdomains to certsils2023-03-07
| | |
| | * Feat: Add mailserversils2023-03-07
| | |
| * | Merge branch 'server1_network' into server1_developene2023-03-20
| |\ \
| | * | Fix(hosts/server1/networking): Correct ipv6ene2023-03-19
| | | | | | | | | | | | | | | | The used ips were straight up wrong.
| | * | Fix(hosts/server1/networking): Fix Gatewaysene2023-03-19
| |/ / |/| | | | | | | | | | | Assigning a specific interface for a gateway should make it easier for nixos to configure it.
| * | Revert "Revert "Merge pull request 'Feat: Add Website' (#17) from ↵ene2023-03-20
|/ / | | | | | | | | | | | | server1_nginx into server1"" This reverts commit b0599a3d23878da7335e6ae754ebffbd9ac7cbc3. This may seem ridiculous, and it is, but some things are just necessary.
* | Fix(services): Remove Minecraftene2023-03-19
| | | | | | | | This doesn't compile.
* | Revert "Merge pull request 'Feat: Add Website' (#17) from server1_nginx into ↵ene2023-03-19
| | | | | | | | | | | | | | | | | | server1" This reverts commit 563521c360073d5c28d2553ec4e1792eb2b14258, reversing changes made to c50431b189e982a631d2d4864b304f33169bacdb. This is necessary, because it makes a stable base unavailable.
* | Merge pull request 'Feat: Add Website' (#17) from server1_nginx into server1sils2023-03-07
|\| | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/17
| * Feat: Add Websitesils2023-03-07
|/ | | | | This provides an html file located at /srv/www/vhack.eu/index.html over https.
* Merge pull request 'Merge to server1' (#16) from server1_develop into server1ene2023-02-08
|\ | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/16
| * Merge branch 'server1_minecraft2' into server1ene2023-02-08
| |\
| | * Fix: Made the Minecraft config compileene2023-02-04
| |/ |/| | | | | | | Someone put a string, where a list of strings belonged. I took the freedom to change that.
| * Merge branch 'server1_flake' into server1ene2023-02-08
|/|
| * Feat: Use default.nixene2023-02-05
| |
| * Fix: correct host name and convenience changesene2023-02-05
| | | | | | | | | | | | | | | | | | | | We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
| * Flake: Changed the configuration to a flakeene2023-02-04
| | | | | | | | Nix flakes make a lot of things very easy.
* | Merge pull request 'Imported the headless profile' (#13) from ↵sils2023-02-04
|\| | | | | | | | | | | | | server1_headless into server1 Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/13 Reviewed-by: sils <sils@sils.li>
| * Feat: Imported the headless profileene2023-02-04
|/ | | | | We run a headless server, so some things, like emergency boot mode, don't really make sense. This import disables these.
* Merge pull request 'User Configuration' (#12) from server1_users into server1sils2023-01-23
|\ | | | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/12 Reviewed-by: sils <sils@sils.li>
| * Update: Save hashed password for silssils2023-01-23
| |
| * Feat: Track last login in motdene2023-01-21
| |
| * Feat: Save passwords in hashed form directlyene2023-01-21
| | | | | | | | | | | | | | Saving hashed passwords should be relatively safe, as long as the hashing algorithm isn't flawed. Considering, that we use yescrypt with higher than average parameters ('jFT' instead of 'j9T'), we should be safe for now.