summary refs log tree commit diff stats
path: root/system/packages (unfollow)
Commit message (Collapse)Author
2023-04-07Fix(system/mail): Allow opening ports in the firewallene
As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
2023-03-25Fix(system/services/rust-motd): Quote ssl-cert namesene
2023-03-25Feat(system/services/rust-motd): Info about filesystemsene
2023-03-25Feat(system/services/rust-motd): Show status of ssl-certsene
2023-03-25Fix(system/services/rust-motd): Add fail2ban binaryene
2023-03-25Feat(system/services/fail2ban): Add dovecot jailene
This should reduce the log spam even further.
2023-03-25Fix(system/services/fail2ban): Make db persistentene
2023-03-25Feat(system/services/fail2ban): Add fail2banene
This should clear the logs somewhat.
2023-03-20Fix(acme): Store certs permanently.sils
Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
2023-03-20Revert "Fix(system/mail): Change placeholder"sils
This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
2023-03-20Fix(system/mail): Change placeholderene
The old one, could have exposed a weak hash.
2023-03-20Revert "Revert "Merge pull request 'Feat: Add Website' (#17) from ↵ene
server1_nginx into server1"" This reverts commit b0599a3d23878da7335e6ae754ebffbd9ac7cbc3. This may seem ridiculous, and it is, but some things are just necessary.
2023-03-19Fix(hosts/server1/networking): Correct ipv6ene
The used ips were straight up wrong.
2023-03-19Fix(hosts/server1/networking): Fix Gatewaysene
Assigning a specific interface for a gateway should make it easier for nixos to configure it.
2023-03-19Fix(services): Remove Minecraftene
This doesn't compile.
2023-03-19Revert "Merge pull request 'Feat: Add Website' (#17) from server1_nginx into ↵ene
server1" This reverts commit 563521c360073d5c28d2553ec4e1792eb2b14258, reversing changes made to c50431b189e982a631d2d4864b304f33169bacdb. This is necessary, because it makes a stable base unavailable.
2023-03-19Revert "Fix(hosts/server1/networking): Remove ipv6 route"ene
The commit didn't work and effectively disabled ipv6
2023-03-19Fix(hosts/server1/networking): Remove ipv6 routeene
This is somewhat misconfigured, as it makes to config not compilable. I assume, that this route setting is needed, but believe, that having a compiling config is better.
2023-03-19Refactor(system/hardware): Move hardware to hostene
The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
2023-03-19Fix(system/hardware): Use actually needed modules and UUIDene
The old values did work, but these should just make things a bit clearer.
2023-03-19Fix(system/services/minecraft): Remove to make compileene
2023-03-19Fix(system/mail): Only accept connections on safe portsene
It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
2023-03-18Feat(system/mail): Add other users, so the admin thing worksene
2023-03-18Style(system/mail): Reorder optionsene
I just think this is easier to read.
2023-03-18Feat(system/mail): Use '/' to separate mailboxesene
This is something that just makes the file system easier to traverse, but isn't really necessary.
2023-03-18Fix(system/mail): Declare the password directlyene
As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
2023-03-18Fix(system/users): Remove unneeded root ssh login keysene
All users are in the wheel group, thus direct login as root is no longer needed.
2023-03-18Fix(system/mail): Make extraVirtualAliases fairerene
2023-03-18Fix(system/mail): Disable protocols with STARTTLSene
This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
2023-03-18Chore(flake): Updateene
2023-03-18Refactor: Use better file layoutene
2023-03-07Fix: Try to fix ipv6sils
2023-03-07Feat: Added admin@vhack.eu mailsils
2023-03-07Fix: Add imap and smtp subdomains to certsils
2023-03-07Feat: Add mailserversils
2023-03-07Feat: Add Websitesils
This provides an html file located at /srv/www/vhack.eu/index.html over https.
2023-02-05Feat: Use default.nixene
2023-02-05Fix: correct host name and convenience changesene
We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
2023-02-04Flake: Changed the configuration to a flakeene
Nix flakes make a lot of things very easy.
2023-02-04Fix: Made the Minecraft config compileene
Someone put a string, where a list of strings belonged. I took the freedom to change that.
2023-02-04Feat: Imported the headless profileene
We run a headless server, so some things, like emergency boot mode, don't really make sense. This import disables these.
2023-01-23Update: Save hashed password for silssils
2023-01-21Feat: Track last login in motdene
2023-01-21Feat: Save passwords in hashed form directlyene
Saving hashed passwords should be relatively safe, as long as the hashing algorithm isn't flawed. Considering, that we use yescrypt with higher than average parameters ('jFT' instead of 'j9T'), we should be safe for now.
2023-01-21Fix: Resolve merge conflictsene
2023-01-20Revert "Fix: revert changes in configuration.nix"sils
This reverts commit 5a137ce8b8f4b1dcfee03d001938c0fa25df842f.
2023-01-20Fix: revert changes in configuration.nixsils
resolve conflicts with target branch
2023-01-19Feat: User configuration, with secure passwordsene
The passwords will be stored in a specific password file, which because it isn't part of this repository is secure. Refs: #9
2023-01-17Fix: Changed setting namesene
The names of the settings in the GitHub repository are outdated, this commit changes the setting name to the real ones.
2023-01-17Sec: Persistent ssh host keysene
I changed the valid ssh-host-keys from both rsa and ed25519 to only ed25519 and moved them to `/srv/ssh` to make them persistent. In addition to that, I also increased the rounds for the ed25519 key to 1000. This fixes the ssh-host-key issue introduced by pull request #5. Fixes: #5