summary refs log tree commit diff stats
path: root/system/services/acme (unfollow)
Commit message (Collapse)Author
2023-03-19Refactor(system/hardware): Move hardware to hostene
The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
2023-03-19Fix(system/hardware): Use actually needed modules and UUIDene
The old values did work, but these should just make things a bit clearer.
2023-03-19Fix(system/services/minecraft): Remove to make compileene
2023-03-19Fix(system/mail): Only accept connections on safe portsene
It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
2023-03-18Feat(system/mail): Add other users, so the admin thing worksene
2023-03-18Style(system/mail): Reorder optionsene
I just think this is easier to read.
2023-03-18Feat(system/mail): Use '/' to separate mailboxesene
This is something that just makes the file system easier to traverse, but isn't really necessary.
2023-03-18Fix(system/mail): Declare the password directlyene
As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
2023-03-18Fix(system/users): Remove unneeded root ssh login keysene
All users are in the wheel group, thus direct login as root is no longer needed.
2023-03-18Fix(system/mail): Make extraVirtualAliases fairerene
2023-03-18Fix(system/mail): Disable protocols with STARTTLSene
This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
2023-03-18Chore(flake): Updateene
2023-03-18Refactor: Use better file layoutene
2023-03-07Fix: Try to fix ipv6sils
2023-03-07Feat: Added admin@vhack.eu mailsils
2023-03-07Fix: Add imap and smtp subdomains to certsils
2023-03-07Feat: Add mailserversils
2023-03-07Feat: Add Websitesils
This provides an html file located at /srv/www/vhack.eu/index.html over https.
2023-02-05Feat: Use default.nixene
2023-02-05Fix: correct host name and convenience changesene
We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
2023-02-04Flake: Changed the configuration to a flakeene
Nix flakes make a lot of things very easy.
2023-02-04Fix: Made the Minecraft config compileene
Someone put a string, where a list of strings belonged. I took the freedom to change that.
2023-02-04Feat: Imported the headless profileene
We run a headless server, so some things, like emergency boot mode, don't really make sense. This import disables these.
2023-01-23Update: Save hashed password for silssils
2023-01-21Feat: Track last login in motdene
2023-01-21Feat: Save passwords in hashed form directlyene
Saving hashed passwords should be relatively safe, as long as the hashing algorithm isn't flawed. Considering, that we use yescrypt with higher than average parameters ('jFT' instead of 'j9T'), we should be safe for now.
2023-01-21Fix: Resolve merge conflictsene
2023-01-20Revert "Fix: revert changes in configuration.nix"sils
This reverts commit 5a137ce8b8f4b1dcfee03d001938c0fa25df842f.
2023-01-20Fix: revert changes in configuration.nixsils
resolve conflicts with target branch
2023-01-19Feat: User configuration, with secure passwordsene
The passwords will be stored in a specific password file, which because it isn't part of this repository is secure. Refs: #9
2023-01-17Fix: Changed setting namesene
The names of the settings in the GitHub repository are outdated, this commit changes the setting name to the real ones.
2023-01-17Sec: Persistent ssh host keysene
I changed the valid ssh-host-keys from both rsa and ed25519 to only ed25519 and moved them to `/srv/ssh` to make them persistent. In addition to that, I also increased the rounds for the ed25519 key to 1000. This fixes the ssh-host-key issue introduced by pull request #5. Fixes: #5
2023-01-17Fix: changed to TOML configene
This module generates a TOML config from a nix set.
2023-01-17Fix: typo in programs fieldene
2023-01-17Feat: Added a nice motd through rust-motdene
I'm not sure if this is really helpful
2023-01-17Feat: Added /boot as persistent subvolumeene
Co-authored-by: sils <sils@sils.li>
2023-01-15