about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* pkgs/back: Do not store repositories in configBenedikt Peetz5 days
| | | | | Otherwise, back will need to be restarted every time a new repository is added or removed.
* {modules,tests}/back: Update to deal with newest backBenedikt Peetz5 days
|
* pkgs/back/assets/style.css: Format with prettierBenedikt Peetz5 days
|
* pkgs/back/README.md: Update to reflect current statusBenedikt Peetz5 days
|
* pkgs/back: Support listing all repos via the `/` pathBenedikt Peetz5 days
| | | | | | | | | | This change required porting all webhandling from rocket to hyper, because we needed fine grained control over the path the user requested. This should also improve the memory and resources footprint because hyper is more lower level. I also changed all of the templates from `format!()` calls to a real templating language because I needed to touch most code paths anyway.
* scripts/get_dns.sh: InitBenedikt Peetz5 days
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This script is useful, when migrating from a hosted DNS server to our own. An example output looks like this (for `get_dns.sh b-peetz.de`): ``` (A) 92.60.38.179 [b-peetz.de] (AAAA) 2a03:4000:33:25b::4f4e [b-peetz.de] (CAA) 0 issue "letsencrypt.org" [b-peetz.de] (CNAME) <Not set> [b-peetz.de] (DNAME) <Not set> [b-peetz.de] (MX) 10 mail.foss-syndicate.org. [b-peetz.de] (NS) second-dns.netcup.net. [b-peetz.de] (NS) third-dns.netcup.net. [b-peetz.de] (NS) root-dns.netcup.net. [b-peetz.de] (SOA) root-dns.netcup.net. dnsadmin.netcup.net. 2025012510 28800 7200 1209600 86400 [b-peetz.de] (SRV) <Not set> [b-peetz.de] (TXT) "v=spf1 +mx -all" [b-peetz.de] (PTR) <Not set> [b-peetz.de] (DNSKEY) <Not set> [b-peetz.de] (DS) <Not set> [b-peetz.de] (SSHFP) <Not set> [b-peetz.de] (TLSA) <Not set> [b-peetz.de] (OPENPGPKEY) <Not set> [b-peetz.de] (SVCB) <Not set> [b-peetz.de] (HTTPS) <Not set> [b-peetz.de] (TXT) "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ0lbL3BHTuWmiRj/8ZqbEsKK/yBrhXeKDmu8Oj1IGGbQCiqxGkkrdUMzRrZD+6hH0OWjppqc4Sw/oC8ilgSzSntYzkygGjM/7uBLhWVgLjcO7ovsoF7GIldhXcQSD/3hbI0QOoMV2/w7dEZmbYsulw6b2m8FbSAHPn+RvGmwjzQIDAQAB" [mail._domainkey.b-peetz.de] (TXT) "v=DMARC1; p=reject" [_dmarc.b-peetz.de] ```
* modules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` optionBenedikt Peetz5 days
|
* tests/email-dns: InitBenedikt Peetz5 days
| | | | | | | This test is somewhat involved, but tries to exercise our full mail handling capabilities. It effectively only tests that alice can send a message to bob, but it checks nearly all security mechanisms (DNSSEC is currently still missing).
* pkgs/fetchmail-common-name: Patch fetchmail to accept certificates without ↵Benedikt Peetz5 days
| | | | | | common name Pebble gives you SAN only certificates.
* test/email-ip: Rename from the general `email` testBenedikt Peetz5 days
|
* modules/stalwart-mail-free: Remove all `security` dependent checks if it's nullBenedikt Peetz5 days
|
* pkgs/stalwart-mail-free: Avoid running `stalwart-mail`'s testsBenedikt Peetz5 days
|
* pkgs/stalwart-mail-free: Update `cargoHash`Benedikt Peetz5 days
|
* modules/stalwart-mail: Capitalize default mailboxesBenedikt Peetz5 days
| | | | This seems to be somewhat of a standart.
* modules/stalwart-mail: Also listen on :25 without SSL but with STARTTLSBenedikt Peetz5 days
| | | | This is important, so that other MTA can send us mail.
* modules/stalwart-mail: Set a default value for `principals`Benedikt Peetz5 days
|
* modules/stalwart-mail: Include full systemd service and set correct dependenciesBenedikt Peetz5 days
| | | | | This also starts `nginx` so that we can complete http-01 acme challenges.
* modules/stalwart-mail: Select DKIM keys per-domainBenedikt Peetz5 days
|
* modules/stalwart-mail: Avoid hardcoding `vhack.eu` email addressBenedikt Peetz5 days
|
* modules/dns: Add service dependenciesBenedikt Peetz5 days
|
* modules/dns: Set a reasonable verbosity levelBenedikt Peetz5 days
| | | | The default is way too quiet.
* modules/dns: Provide the option to open the required firewall portsBenedikt Peetz5 days
|
* modules/dns: Remove `lib.debug` callsBenedikt Peetz5 days
|
* modules/dns/dns/types/records/PTR.nix: Special case for reverse IP lookupsBenedikt Peetz5 days
| | | | This makes implementing a DNS server in tests easier.
* pkgs/stalwart-mail-free: Also patch to use the platform CA storeBenedikt Peetz5 days
| | | | | | | | This is needed for the test. The general changes are caused by the requirement to update the `chargoHash`, which currently only works with this counter intuitive attribute overriding.
* modules/dns/dns/types/records/MTA-STS.nix: InitBenedikt Peetz5 days
|
* modules/dns/dns/types/records/DMARC.nix: Reference the correct RFCBenedikt Peetz5 days
| | | | | RFC 7208 is titled “Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1”, whilst RFC 7489 is titled “Domain-based Message Authentication, Reporting, and Conformance (DMARC)”
* .envrc: Add ./scripts to PATHBenedikt Peetz5 days
|
* scripts/testInteractive: Actually build the *interactive* test driverBenedikt Peetz5 days
| | | | Otherwise, the experience is simply worse.
* modules/stalwart-mail: Move the package to the `pkgs` subtreeBenedikt Peetz5 days
|
* {modules,tests}/dns: InitBenedikt Peetz5 days
| | | | Most of the dns module was taken from: <https://github.com/nix-community/dns.nix>
* tests/email: Test the mvpBenedikt Peetz5 days
|
* module/stalwart-mail: Init initial versionBenedikt Peetz5 days
|
* scripts/test_build.sh: InitBenedikt Peetz5 days
|
* scripts/test_interactive.sh: Actually fail when `nix build` failsBenedikt Peetz5 days
|
* pkgs/back/update.sh: Don't worry about incompatible semver changesBenedikt Peetz7 days
| | | | | `back` is usually not big enough to be affected by semver incompatible changes. (And if it's affected, fixing it is usually really simple.)
* pkgs/back/.envrc: Stop fetching when loading the shellBenedikt Peetz7 days
|
* treewide: UpdateBenedikt Peetz7 days
|
* fix(hosts/server2/redirects): Also recognize the old source.vhack.eu redirectBenedikt Peetz2025-02-09
|
* modules/redlib: Use `nginx`'s module redirect mechanismBenedikt Peetz2025-02-09
|
* modules/nginx: Keep the `$request_uri` when redirectingBenedikt Peetz2025-02-09
|
* README.md: Fix typosBenedikt Peetz2025-02-09
|
* modules/nix-sync: Correctly merge `extraSettings` and the needed vhost configBenedikt Peetz2025-02-07
|
* hosts/server3/websites: Host nix-sync on server3Benedikt Peetz2025-02-07
|
* hosts/server2/websites: Correct extraSettings for wkdBenedikt Peetz2025-02-04
| | | | | The `/.well-known/openpgpkey/hu/` path does not exist. Thus remove the erroneous `hu/` at the end.
* hosts/server2/websites: Use the new repository urlsBenedikt Peetz2025-02-04
| | | | | | This changes: https://codeberg.org/bpeetz/b-peetz.de.git -> https://git.foss-syndicate.org/bpeetz/b-peetz.de.git https://codeberg.org/vhack.eu/gpg_wkd.git -> https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git
* modules/nix-sync: Actually enableBenedikt Peetz2025-02-04
| | | | | This includes the obvious changes, ensuring that it follows our current best-practices.
* docs(README.md): InitBenedikt Peetz2025-02-03
|
* refactor(modules/default.nix): Remove now unneeded arguments to `mkByName`Benedikt Peetz2025-02-03
|
* feat(secrets.nix): Automatically generate the secrets list for each hostBenedikt Peetz2025-01-29
|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-14 10:14:59 +0000