about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* pkgs/stalwart-mail-patched/spamfilter: Provide infrastructure to update itBenedikt Peetz2 days
| | | | Otherwise, this package will never be updated.
* pkgs/stalwart-mail-patched: Use different native-ca-roots patchBenedikt Peetz2 days
| | | | | | | | | | | | | | | My patch was no longer working, as it was written against an older version of stalwart. This patch is now sourced directly from a GitHub pr, that was closed at the 21st of may. Upstream says, that they will support that in a future version, but I am honestly just waiting for the rug pull at this point. They are no longer accepting PRs, focusing more and more on new features, whilst the actual software is still very difficult to debug. But, with all this said, their current source code is available under the AGPL, so even if they rug pull (which might be difficult, due to fact, that their CLA is from the FSFE), a base for forking still persists.
* tests/taskchampion-sync: Use correct test function nameBenedikt Peetz2 days
| | | | `wait_until_succeed` is not defined, but `wait_until_succeeds` is.
* tests/{atuin-sync,email-{dns,http},sharkey,taskchampion-sync}: Share acme setupBenedikt Peetz2 days
| | | | | | In the wake of `network-online.target`'s removal from `multi-user.target`, I noticed, that this acme ca setup code is effectively duplicated. This commit now deduplicates it.
* pkgs/sharkey: Remove nixpkgs unstable wrapperBenedikt Peetz2 days
| | | | 25.05 has hit.
* hosts/server2: Enable new `git-back` serviceBenedikt Peetz2 days
|
* flake.nix: Use nixos 25.05 branch of simply mail server instead of masterBenedikt Peetz2 days
|
* modules/redlib: Remove old `libreddit` aliasBenedikt Peetz3 days
|
* flake: Update to nixpkgs 25.05Benedikt Peetz3 days
|
* modules/git-back: Init with the out-of-tree backBenedikt Peetz3 days
|
* pkgs/back: RemoveBenedikt Peetz3 days
| | | | Back has been moved out-of-tree.
* flake.nix: Use the packaged version of `ragenix`Benedikt Peetz3 days
|
* hosts/default.nix: Remove now unneeded `finalizeFunction`Benedikt Peetz3 days
|
* tests/README.md: FormatBenedikt Peetz3 days
|
* pkgs/stalwart-mail: Update to nixos 25.05Benedikt Peetz3 days
| | | | | Now the stalwart-mail package is by default free. As such, we could drop the respective patches.
* hosts/server2: Enable atuin-syncBenedikt Peetz2025-05-05
|
* modules/atuin-sync: InitBenedikt Peetz2025-05-05
|
* modules/matrix: Provide postgresql with a correct sql statementBenedikt Peetz2025-05-04
|
* modules/nextcloud: add calendar, contacts, tasks appsSilas Schöffel2025-05-04
|
* pkgs/taskchampion-sync: Put the sync server behind a ngnix proxyBenedikt Peetz2025-04-28
| | | | | | I realized, that the new taskchampion-sync-server uses a http api (instead of the custom protocol of taskserver). As such, we obviously want to put it behind a ngnix reverse proxy.
* pkgs/sharkey: 2025.2.2 -> 2025.2.3Benedikt Peetz2025-04-28
| | | | There is no change log, as this is a security update.
* modules/sharkey: Add required `@chown` syscall group to allow listBenedikt Peetz2025-04-25
| | | | The `~@priviledged` needed to go, as `@chown` is part of this group.
* tests/sharkey-image: Rename to `sharkey-cpu`Benedikt Peetz2025-04-25
| | | | Image upload still fails, even with this test passing.
* modules/sharkey: Ensure, that it can access the host's CPUsBenedikt Peetz2025-04-24
| | | | This is, for some reason, needed for image uploads to sharkey.
* modules/system-info: Provide a nice warning message, if a port is not yet ↵Benedikt Peetz2025-04-24
| | | | registered
* modules/matrix: Use the typed NixOS for user and db creationBenedikt Peetz2025-04-24
| | | | | | Note, that I have no way to test if this is actually going to work (no tests for matrix). But, I assume that it is not going to pose problems, as we are not migrating the db and these options won't remove state.
* modules/matrix: Group `vhack` attr keys togetherBenedikt Peetz2025-04-24
|
* modules/mastodon: Group `vhack` keys togetherBenedikt Peetz2025-04-24
|
* flake.nix: Remove gnutlsBenedikt Peetz2025-04-24
| | | | We are not generating taskserver certificates anymore.
* modules/taskchampion: Make its data directory owned by taskchampion userBenedikt Peetz2025-04-23
|
* zones/vhack.eu: Actually set the `sharkey.vhack.eu` subdomainBenedikt Peetz2025-04-23
|
* modules/stalwart-mail: Add recommended proxy settings for stalwarts-proxyBenedikt Peetz2025-04-23
| | | | This includes setting things, like setting the `X-Forwarded-For` header.
* modules/constants: Also add a user to each group, so that duplicated gids ↵Benedikt Peetz2025-04-23
| | | | are avoided
* tests/email-http: Use the factored out DNS serverBenedikt Peetz2025-04-23
|
* hosts/server2: Use the internal stalwart directoryBenedikt Peetz2025-04-23
|
* tests/email-http: Test the http self-service availabilityBenedikt Peetz2025-04-23
|
* modules/stalwart-mail: Don't restart the systemd serviceBenedikt Peetz2025-04-23
| | | | | | Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service.
* modules/stalwart-mail: Enable the http self-service interfaceBenedikt Peetz2025-04-23
|
* modules/nginx: Set the "acme" group as group of the "acme" userBenedikt Peetz2025-04-23
| | | | | For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group.
* modules/stalwart-mail: Allow both nginx and stalwart-mail access to the certBenedikt Peetz2025-04-23
| | | | | This is needed for the http challenge (and for the potential to use nginx as a proxy in the future.)
* modules/stalwart-mail: Explicitly list out valid password hashesBenedikt Peetz2025-04-23
| | | | | | If a password hash does not match stalwart's know ones, it will just treat it as plaintext. This is obviously very bad, and should be avoided.
* modules/stalwart-mail: Make `cfg.principals` nullableBenedikt Peetz2025-04-23
| | | | This makes it possible to use the internal storage
* modules/stalwart-mail: Use correct group name for `redis-stalwart-mail`Benedikt Peetz2025-04-23
|
* pkgs/stalwart-mail-free: Update package hash, as it changedBenedikt Peetz2025-04-23
| | | | This has to do with the underlying stalwart-mail update.
* hosts/server2: Setup sharkeyBenedikt Peetz2025-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Server2 is currently not so much under load, as such it seems better to split the load. # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu nextcloud.vhack.eu # <-- This redlib.vhack.eu sharkey.vhack.eu # <-- And this are the “only” really heavy services here. source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 53: dns TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls TCP 10222: taskchampion-sync UDP 53: dns # server3 ## Virtual Hosts b-peetz.de mail.vhack.eu mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 25: <port is 'mail-smtp' but service 'vhack.mail' is not enabled.> TCP 53: dns TCP 80: http TCP 443: https TCP 465: <port is 'mail-smtp-tls' but service 'vhack.mail' is not enabled.> TCP 993: <port is 'mail-imap-tls' but service 'vhack.mail' is not enabled.> TCP 4190: ??? TCP 64738: ??? UDP 53: dns UDP 64738: ???
* test/sharkey: InitBenedikt Peetz2025-04-22
| | | | | | | | We can't test that much, as user creation and general configuration seems to be locked behind completing a point and click adventure, once Sharkey is actually setup. As such, we simply test, that Sharkey starts and provides its default HTML.
* modules/sharkey: InitBenedikt Peetz2025-04-22
|
* pkgs/sharkey: InitBenedikt Peetz2025-04-22
| | | | This is largely based on: https://github.com/sodiboo/system/blob/b63c7b27f49043e8701b3ff5e1441cd27d5a2fff/sharkey/package.nix
* tests/{common,email-dns}: Move last part of acme and dns handling to commonBenedikt Peetz2025-04-22
| | | | This makes re-using it even easier.
* tests/email-dns: Factor out all of the secrets/acme stuff into a common dirBenedikt Peetz2025-04-22
| | | | This makes it easier to re-use this test data for various tests.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-09 21:37:18 +0000