summary refs log tree commit diff stats
path: root/system (follow)
Commit message (Collapse)AuthorAge
...
| * Fix(system/services/keycloak): Change value of 'passwordFile' to pathsils2023-06-06
| |
| * Feat(system/services): Enable keycloaksils2023-06-06
| |
| * Feat(system/services/keycloak): Add keycloaksils2023-06-06
| |
| * Feat(system/file_system_layout): Add bindmount for postgresqlsils2023-06-06
| |
* | Feat(system/packages): Add git-crypt to standard packages to minimizesils2023-06-06
|/ | | | pain while rebuilding
* Fix(system/services/opensshd): Rename passwordAuthentication tosils2023-06-06
| | | | settings.PassowrdAuthentication
* Fix(system/mail): give certificateScheme string as valuesils2023-06-06
|
* Fix(system/packages): Explicitly enable zsh to make Nix Vars availablesils2023-06-06
|
* Revert: Remove Conduitsils2023-06-06
| | | | | | It didn't deploy either and we'd probably use synapse anyway This reverts commit fbba7df4b7c9de5b1926612647e1d9d06b7d22cf.
* Feat(system/matrix/conduit): Add matrix-conduitSoispha2023-05-20
|
* Style(system): FormatSoispha2023-05-20
|
* Refactor(system/mail): Hide user emailsSoispha2023-05-20
|
* Fix(system/services/nginx): Correct path to index.htmlsils2023-04-21
|
* Feat(system/services/nginx): Change to declarative websitesSoispha2023-04-19
|
* Fix(system/mail): Allow opening ports in the firewallene2023-04-07
| | | | | | | | | | | As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
* Fix(system/services/rust-motd): Quote ssl-cert namesene2023-03-25
|
* Feat(system/services/rust-motd): Info about filesystemsene2023-03-25
|
* Feat(system/services/rust-motd): Show status of ssl-certsene2023-03-25
|
* Fix(system/services/rust-motd): Add fail2ban binaryene2023-03-25
|
* Feat(system/services/fail2ban): Add dovecot jailene2023-03-25
| | | | This should reduce the log spam even further.
* Fix(system/services/fail2ban): Make db persistentene2023-03-25
|
* Feat(system/services/fail2ban): Add fail2banene2023-03-25
| | | | This should clear the logs somewhat.
* Fix(acme): Store certs permanently.sils2023-03-20
| | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
* Revert "Fix(system/mail): Change placeholder"sils2023-03-20
| | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
* Fix(system/mail): Change placeholderene2023-03-20
| | | | The old one, could have exposed a weak hash.
* Refactor(system/hardware): Move hardware to hostene2023-03-19
| | | | | The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
* Fix(system/hardware): Use actually needed modules and UUIDene2023-03-19
| | | | | The old values did work, but these should just make things a bit clearer.
* Fix(system/services/minecraft): Remove to make compileene2023-03-19
|
* Fix(system/mail): Only accept connections on safe portsene2023-03-19
| | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
* Feat(system/mail): Add other users, so the admin thing worksene2023-03-18
|
* Style(system/mail): Reorder optionsene2023-03-18
| | | | I just think this is easier to read.
* Feat(system/mail): Use '/' to separate mailboxesene2023-03-18
| | | | | This is something that just makes the file system easier to traverse, but isn't really necessary.
* Fix(system/mail): Declare the password directlyene2023-03-18
| | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
* Fix(system/users): Remove unneeded root ssh login keysene2023-03-18
| | | | | All users are in the wheel group, thus direct login as root is no longer needed.
* Fix(system/mail): Make extraVirtualAliases fairerene2023-03-18
|
* Fix(system/mail): Disable protocols with STARTTLSene2023-03-18
| | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
* Refactor: Use better file layoutene2023-03-18
|
* Feat: Use default.nixene2023-02-05
|
* Fix: correct host name and convenience changesene2023-02-05
| | | | | | | | | | We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
* Flake: Changed the configuration to a flakeene2023-02-04
Nix flakes make a lot of things very easy.