Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
| * | Fix(system/services/keycloak): Change value of 'passwordFile' to path | sils | 2023-06-06 | |
| | | ||||
| * | Feat(system/services): Enable keycloak | sils | 2023-06-06 | |
| | | ||||
| * | Feat(system/services/keycloak): Add keycloak | sils | 2023-06-06 | |
| | | ||||
| * | Feat(system/file_system_layout): Add bindmount for postgresql | sils | 2023-06-06 | |
| | | ||||
* | | Feat(system/packages): Add git-crypt to standard packages to minimize | sils | 2023-06-06 | |
|/ | | | | pain while rebuilding | |||
* | Fix(system/services/opensshd): Rename passwordAuthentication to | sils | 2023-06-06 | |
| | | | | settings.PassowrdAuthentication | |||
* | Fix(system/mail): give certificateScheme string as value | sils | 2023-06-06 | |
| | ||||
* | Fix(system/packages): Explicitly enable zsh to make Nix Vars available | sils | 2023-06-06 | |
| | ||||
* | Revert: Remove Conduit | sils | 2023-06-06 | |
| | | | | | | It didn't deploy either and we'd probably use synapse anyway This reverts commit fbba7df4b7c9de5b1926612647e1d9d06b7d22cf. | |||
* | Feat(system/matrix/conduit): Add matrix-conduit | Soispha | 2023-05-20 | |
| | ||||
* | Style(system): Format | Soispha | 2023-05-20 | |
| | ||||
* | Refactor(system/mail): Hide user emails | Soispha | 2023-05-20 | |
| | ||||
* | Fix(system/services/nginx): Correct path to index.html | sils | 2023-04-21 | |
| | ||||
* | Feat(system/services/nginx): Change to declarative websites | Soispha | 2023-04-19 | |
| | ||||
* | Fix(system/mail): Allow opening ports in the firewall | ene | 2023-04-07 | |
| | | | | | | | | | | | As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested. | |||
* | Fix(system/services/rust-motd): Quote ssl-cert names | ene | 2023-03-25 | |
| | ||||
* | Feat(system/services/rust-motd): Info about filesystems | ene | 2023-03-25 | |
| | ||||
* | Feat(system/services/rust-motd): Show status of ssl-certs | ene | 2023-03-25 | |
| | ||||
* | Fix(system/services/rust-motd): Add fail2ban binary | ene | 2023-03-25 | |
| | ||||
* | Feat(system/services/fail2ban): Add dovecot jail | ene | 2023-03-25 | |
| | | | | This should reduce the log spam even further. | |||
* | Fix(system/services/fail2ban): Make db persistent | ene | 2023-03-25 | |
| | ||||
* | Feat(system/services/fail2ban): Add fail2ban | ene | 2023-03-25 | |
| | | | | This should clear the logs somewhat. | |||
* | Fix(acme): Store certs permanently. | sils | 2023-03-20 | |
| | | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting. | |||
* | Revert "Fix(system/mail): Change placeholder" | sils | 2023-03-20 | |
| | | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now. | |||
* | Fix(system/mail): Change placeholder | ene | 2023-03-20 | |
| | | | | The old one, could have exposed a weak hash. | |||
* | Refactor(system/hardware): Move hardware to host | ene | 2023-03-19 | |
| | | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations. | |||
* | Fix(system/hardware): Use actually needed modules and UUID | ene | 2023-03-19 | |
| | | | | | The old values did work, but these should just make things a bit clearer. | |||
* | Fix(system/services/minecraft): Remove to make compile | ene | 2023-03-19 | |
| | ||||
* | Fix(system/mail): Only accept connections on safe ports | ene | 2023-03-19 | |
| | | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same. | |||
* | Feat(system/mail): Add other users, so the admin thing works | ene | 2023-03-18 | |
| | ||||
* | Style(system/mail): Reorder options | ene | 2023-03-18 | |
| | | | | I just think this is easier to read. | |||
* | Feat(system/mail): Use '/' to separate mailboxes | ene | 2023-03-18 | |
| | | | | | This is something that just makes the file system easier to traverse, but isn't really necessary. | |||
* | Fix(system/mail): Declare the password directly | ene | 2023-03-18 | |
| | | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash. | |||
* | Fix(system/users): Remove unneeded root ssh login keys | ene | 2023-03-18 | |
| | | | | | All users are in the wheel group, thus direct login as root is no longer needed. | |||
* | Fix(system/mail): Make extraVirtualAliases fairer | ene | 2023-03-18 | |
| | ||||
* | Fix(system/mail): Disable protocols with STARTTLS | ene | 2023-03-18 | |
| | | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback. | |||
* | Refactor: Use better file layout | ene | 2023-03-18 | |
| | ||||
* | Feat: Use default.nix | ene | 2023-02-05 | |
| | ||||
* | Fix: correct host name and convenience changes | ene | 2023-02-05 | |
| | | | | | | | | | | We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15 | |||
* | Flake: Changed the configuration to a flake | ene | 2023-02-04 | |
Nix flakes make a lot of things very easy. |