summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
...
* Chore(flake): UpdateSoispha2023-05-02
|
* Fix(update): RemoveSoispha2023-05-02
| | | | It will (at some point) be installed through direnv, when it is in nixpkgs.
* Chore(flake): UpdateSoispha2023-04-29
|
* Feat(update): Use update flakeSoispha2023-04-29
| | | | This comes with better dependency handling and further visual upgrades.
* Chore(flake): UpdateSoispha2023-04-27
|
* Merge pull request 'Fix(system/services/nginx): Correct path to index.html' ↵sils2023-04-21
|\ | | | | | | | | | | (#30) from website into develop Reviewed-on: https://codeberg.org/vhack.eu/nixos-server/pulls/30
| * Fix(system/services/nginx): Correct path to index.htmlsils2023-04-21
|/
* Merge pull request 'Feat(system/services/nginx): Change to declarative ↵sils2023-04-21
|\ | | | | | | | | | | websites' (#29) from server1_webpage into develop Reviewed-on: https://codeberg.org/vhack.eu/nixos-server/pulls/29
| * Feat(system/services/nginx): Change to declarative websitesSoispha2023-04-19
| |
* | Merge pull request 'server1_build' (#25) from server1_build into server1sils2023-04-20
|\| | | | | | | Reviewed-on: https://codeberg.org/vhack.eu/nixos-server/pulls/25
| * Docs(contributing): AddSoispha2023-04-18
| |
| * Docs(License): AddSoispha2023-04-18
| | | | | | | | | | | | | | | | | | | | See https://spdx.dev/resources/learn/ for information about 'LICENSE.spdx'. I'm not fully sure, if the spdx spec is correctly applied. The decision to go for the GPL-3.0-or-later is obviously open to be changed, if it should be desired.
| * Build: Add update scriptSoispha2023-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows to group different update commands together and to raise awareness of the update task. The `grep '[^0-9]_[0-9] flake.lock'` is needed to check if multiple imports exists for the same input as nix will name them 'nixpkgs_1' 'nixpkgs_2' and so on. Having multiple inputs for the same thing just increases the needed storage space, if no other inputs are set to follow, but can break a flake's evaluation because of a partial update e.g., nixpkgs follows our version, but we leave rust-overlay unfollowed. This example would result in a newer cargo version (rust-overlay) getting combined with old packages (nixpkgs), which introduces the aforementioned partial update.
| * Build(flake): Enable direnv integrationSoispha2023-04-18
| | | | | | | | | | | | | | | | | | | | [Direnv](https://github.com/direnv/direnv) in combination with [Nix integration](https://github.com/direnv/direnv/wiki/Nix) — in this case [Nix-direnv](https://github.com/nix-community/nix-direnv) — allows for reliable build environments (and some uncluttering of the PATH). Setting it up is rather easy, just see [Nix-direnv's install instructions](https://github.com/nix-community/nix-direnv#installation).
| * Chore(flake): Update and add follows for inputsSoispha2023-04-18
| |
* | Merge pull request 'server1_develop' (#22) from server1_develop into server1sils2023-04-11
|\| | | | | | | | | Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/22 Reviewed-by: sils <sils@sils.li>
| * Chore(flake): Updatesils2023-04-08
| | | | | | | | | | Shouldn't cause any trouble and is necessary to keep things secure.
| * Fix(system/mail): Allow opening ports in the firewallene2023-04-07
| | | | | | | | | | | | | | | | | | | | | | As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
| * Fix(system/services/rust-motd): Quote ssl-cert namesene2023-03-25
| |
| * Feat(system/services/rust-motd): Info about filesystemsene2023-03-25
| |
| * Feat(system/services/rust-motd): Show status of ssl-certsene2023-03-25
| |
| * Fix(system/services/rust-motd): Add fail2ban binaryene2023-03-25
| |
| * Merge pull request 'server1_fail2ban' (#24) from server1_fail2ban into ↵ene2023-03-25
| |\ | | | | | | | | | | | | | | | server1_develop Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/24
| | * Feat(system/services/fail2ban): Add dovecot jailene2023-03-25
| | | | | | | | | | | | This should reduce the log spam even further.
| | * Fix(system/services/fail2ban): Make db persistentene2023-03-25
| | |
| * | Merge pull request 'Feat(system/services/fail2ban): Add fail2ban' (#23) from ↵ene2023-03-25
| |\| | | | | | | | | | | | | | | | server1_fail2ban into server1_develop CC: #23
| | * Feat(system/services/fail2ban): Add fail2banene2023-03-25
| |/ | | | | | | This should clear the logs somewhat.
| * Fix(acme): Store certs permanently.sils2023-03-20
| | | | | | | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
| * Revert "Fix(system/mail): Change placeholder"sils2023-03-20
| | | | | | | | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
| * Fix(system/mail): Change placeholderene2023-03-20
| | | | | | | | The old one, could have exposed a weak hash.
| * Merge branch 'server1_hardware' into server1_developene2023-03-20
| |\
| | * Revert "Fix(hosts/server1/networking): Remove ipv6 route"ene2023-03-19
| | | | | | | | | | | | The commit didn't work and effectively disabled ipv6
| | * Fix(hosts/server1/networking): Remove ipv6 routeene2023-03-19
| | | | | | | | | | | | | | | | | | This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
| | * Refactor(system/hardware): Move hardware to hostene2023-03-19
| | | | | | | | | | | | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
| | * Fix(system/hardware): Use actually needed modules and UUIDene2023-03-19
| | | | | | | | | | | | | | | The old values did work, but these should just make things a bit clearer.
| * | Merge branch 'server1_mail' into server1_developene2023-03-20
| |\|
| | * Fix(system/services/minecraft): Remove to make compileene2023-03-19
| | |
| | * Fix(system/mail): Only accept connections on safe portsene2023-03-19
| | | | | | | | | | | | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
| | * Feat(system/mail): Add other users, so the admin thing worksene2023-03-18
| | |
| | * Style(system/mail): Reorder optionsene2023-03-18
| | | | | | | | | | | | I just think this is easier to read.
| | * Feat(system/mail): Use '/' to separate mailboxesene2023-03-18
| | | | | | | | | | | | | | | This is something that just makes the file system easier to traverse, but isn't really necessary.
| | * Fix(system/mail): Declare the password directlyene2023-03-18
| | | | | | | | | | | | | | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
| | * Fix(system/users): Remove unneeded root ssh login keysene2023-03-18
| | | | | | | | | | | | | | | All users are in the wheel group, thus direct login as root is no longer needed.
| | * Fix(system/mail): Make extraVirtualAliases fairerene2023-03-18
| | |
| | * Fix(system/mail): Disable protocols with STARTTLSene2023-03-18
| | | | | | | | | | | | | | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
| | * Chore(flake): Updateene2023-03-18
| | |
| | * Refactor: Use better file layoutene2023-03-18
| | |
| | * Fix: Try to fix ipv6sils2023-03-07
| | |
| | * Feat: Added admin@vhack.eu mailsils2023-03-07
| | |
| | * Fix: Add imap and smtp subdomains to certsils2023-03-07
| | |