| Commit message (Collapse) | Author |
|
I just think this is easier to read.
|
|
This is something that just makes the file system easier to traverse, but
isn't really necessary.
|
|
As outlined in commit 19f0808, placing a password hash in the world
readable nix-store is perfectly safe as long as the hashing function is
not reversible, which should be a necessity for a password hash.
|
|
All users are in the wheel group, thus direct login as root is no longer
needed.
|
|
|
|
This is inherently unsafe because it requires an unencrypted handshake.
Considering that all protocols also work directly with TLS i.e., the
encrypted variant, disabling this shouldn't be a drawback.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This provides an html file located at /srv/www/vhack.eu/index.html over
https.
|
|
|
|
We used the domain name instead of the host name, which obviously
doesn't work for multiple host. In addition to that I changed some
directory to make importing easier and enabled the "nix-command" and
"flakes" experimental options, to make the `nix flake check` command
usable.
Refs: #15
|
|
Nix flakes make a lot of things very easy.
|
|
Someone put a string, where a list of strings belonged. I took the
freedom to change that.
|
|
We run a headless server, so some things, like emergency boot mode, don't really make sense. This
import disables these.
|
|
|
|
|
|
Saving hashed passwords should be relatively safe, as long as the hashing
algorithm isn't flawed. Considering, that we use yescrypt with higher
than average parameters ('jFT' instead of 'j9T'), we should be safe for
now.
|
|
|
|
This reverts commit 5a137ce8b8f4b1dcfee03d001938c0fa25df842f.
|
|
resolve conflicts with target branch
|
|
The passwords will be stored in a specific password file, which because it
isn't part of this repository is secure.
Refs: #9
|
|
The names of the settings in the GitHub repository are outdated, this
commit changes the setting name to the real ones.
|
|
I changed the valid ssh-host-keys from both rsa and ed25519 to
only ed25519 and moved them to `/srv/ssh` to make them persistent.
In addition to that, I also increased the rounds for the e |