about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* modules/matrix: Provide postgresql with a correct sql statement postgrsql-rescueBenedikt Peetz8 hours
|
* pkgs/sharkey: 2025.2.2 -> 2025.2.3Benedikt Peetz12 hours
| | | | There is no change log, as this is a security update.
* modules/sharkey: Add required `@chown` syscall group to allow listBenedikt Peetz3 days
| | | | The `~@priviledged` needed to go, as `@chown` is part of this group.
* tests/sharkey-image: Rename to `sharkey-cpu`Benedikt Peetz3 days
| | | | Image upload still fails, even with this test passing.
* modules/sharkey: Ensure, that it can access the host's CPUsBenedikt Peetz4 days
| | | | This is, for some reason, needed for image uploads to sharkey.
* modules/system-info: Provide a nice warning message, if a port is not yet ↵Benedikt Peetz4 days
| | | | registered
* modules/matrix: Use the typed NixOS for user and db creationBenedikt Peetz4 days
| | | | | | Note, that I have no way to test if this is actually going to work (no tests for matrix). But, I assume that it is not going to pose problems, as we are not migrating the db and these options won't remove state.
* modules/matrix: Group `vhack` attr keys togetherBenedikt Peetz4 days
|
* modules/mastodon: Group `vhack` keys togetherBenedikt Peetz4 days
|
* flake.nix: Remove gnutlsBenedikt Peetz4 days
| | | | We are not generating taskserver certificates anymore.
* modules/taskchampion: Make its data directory owned by taskchampion userBenedikt Peetz5 days
|
* zones/vhack.eu: Actually set the `sharkey.vhack.eu` subdomainBenedikt Peetz5 days
|
* modules/stalwart-mail: Add recommended proxy settings for stalwarts-proxyBenedikt Peetz6 days
| | | | This includes setting things, like setting the `X-Forwarded-For` header.
* modules/constants: Also add a user to each group, so that duplicated gids ↵Benedikt Peetz6 days
| | | | are avoided
* tests/email-http: Use the factored out DNS serverBenedikt Peetz6 days
|
* hosts/server2: Use the internal stalwart directoryBenedikt Peetz6 days
|
* tests/email-http: Test the http self-service availabilityBenedikt Peetz6 days
|
* modules/stalwart-mail: Don't restart the systemd serviceBenedikt Peetz6 days
| | | | | | Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service.
* modules/stalwart-mail: Enable the http self-service interfaceBenedikt Peetz6 days
|
* modules/nginx: Set the "acme" group as group of the "acme" userBenedikt Peetz6 days
| | | | | For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group.
* modules/stalwart-mail: Allow both nginx and stalwart-mail access to the certBenedikt Peetz6 days
| | | | | This is needed for the http challenge (and for the potential to use nginx as a proxy in the future.)
* modules/stalwart-mail: Explicitly list out valid password hashesBenedikt Peetz6 days
| | | | | | If a password hash does not match stalwart's know ones, it will just treat it as plaintext. This is obviously very bad, and should be avoided.
* modules/stalwart-mail: Make `cfg.principals` nullableBenedikt Peetz6 days
| | | | This makes it possible to use the internal storage
* modules/stalwart-mail: Use correct group name for `redis-stalwart-mail`Benedikt Peetz6 days
|
* pkgs/stalwart-mail-free: Update package hash, as it changedBenedikt Peetz6 days
| | | | This has to do with the underlying stalwart-mail update.
* hosts/server2: Setup sharkeyBenedikt Peetz6 days
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Server2 is currently not so much under load, as such it seems better to split the load. # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu nextcloud.vhack.eu # <-- This redlib.vhack.eu sharkey.vhack.eu # <-- And this are the “only” really heavy services here. source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 53: dns TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls TCP 10222: taskchampion-sync UDP 53: dns # server3 ## Virtual Hosts b-peetz.de mail.vhack.eu mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 25: <port is 'mail-smtp' but service 'vhack.mail' is not enabled.> TCP 53: dns TCP 80: http TCP 443: https TCP 465: <port is 'mail-smtp-tls' but service 'vhack.mail' is not enabled.> TCP 993: <port is 'mail-imap-tls' but service 'vhack.mail' is not enabled.> TCP 4190: ??? TCP 64738: ??? UDP 53: dns UDP 64738: ???
* test/sharkey: InitBenedikt Peetz6 days
| | | | | | | | We can't test that much, as user creation and general configuration seems to be locked behind completing a point and click adventure, once Sharkey is actually setup. As such, we simply test, that Sharkey starts and provides its default HTML.
* modules/sharkey: InitBenedikt Peetz6 days
|
* pkgs/sharkey: InitBenedikt Peetz6 days
| | | | This is largely based on: https://github.com/sodiboo/system/blob/b63c7b27f49043e8701b3ff5e1441cd27d5a2fff/sharkey/package.nix
* tests/{common,email-dns}: Move last part of acme and dns handling to commonBenedikt Peetz6 days
| | | | This makes re-using it even easier.
* tests/email-dns: Factor out all of the secrets/acme stuff into a common dirBenedikt Peetz6 days
| | | | This makes it easier to re-use this test data for various tests.
* update.sh: Also run `nix flake update`Benedikt Peetz7 days
|
* flake.lock: UpdateBenedikt Peetz7 days
|
* zones/vhack.eu: Add a taskchampion subdomainBenedikt Peetz2025-04-11
|
* modules/system-info: Register taskchampion portBenedikt Peetz2025-04-11
|
* modules/taskchampion-sync: Persist data directoryBenedikt Peetz2025-04-11
|
* hosts/server2: Enable taskwarrior-syncBenedikt Peetz2025-04-11
|
* modules/taskchampion-sync: Add {u,g}ids to {group,user}Benedikt Peetz2025-04-11
|
* {modules,test}/taskchampion-sync: InitBenedikt Peetz2025-04-11
|
* zones/vhack.eu: add nextcloud subdomainSilas Schöffel2025-04-07
|
* nextcloud: init on server2Silas Schöffel2025-04-07
|
* hosts/server2: FormatBenedikt Peetz2025-04-01
|
* tests/email-dns/secrets/dkim/gen_key.sh: Add shellcheck shellBenedikt Peetz2025-04-01
|
* {hosts/server3,zones/vhack.eu}: Activate stalwart-mail on server3 for soisphaBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Correct specify the SRV targets as fully-qualifiedBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Set the SOA name server entry to a real domainBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Make it obvious, that the serial number must be changedBenedikt Peetz2025-04-01
| | | | | | | The comment alone would probably suffice, but having a convenient function that makes it obvious *what* part of the serial number you are actually supposed to change seems quite useful, when trying to reduce the possibilities of forgetting it.
* tests/dns: Avoid tracing the name-server interfacesBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Also revert the mail server changesBenedikt Peetz2025-03-30
|
* {hosts/server2,modules/mail}: Re-active the old mail serverBenedikt Peetz2025-03-30
| | | | | | | | | | Running two mail-servers on one system is a total /mess/. Both try to bind to the same ports, the old stack consists of **5** different systemd services whilst stalwart-mail's systemd service simply refuses to stop, etc. I'm confident that it can work, but it would probably be best to deploy the new mail-server on server3.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-28 23:24:02 +0000