about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* tests/taskchampion-sync: Use correct test function nameBenedikt Peetz5 days
| | | | `wait_until_succeed` is not defined, but `wait_until_succeeds` is.
* tests/{atuin-sync,email-{dns,http},sharkey,taskchampion-sync}: Share acme setupBenedikt Peetz5 days
| | | | | | In the wake of `network-online.target`'s removal from `multi-user.target`, I noticed, that this acme ca setup code is effectively duplicated. This commit now deduplicates it.
* pkgs/sharkey: Remove nixpkgs unstable wrapperBenedikt Peetz5 days
| | | | 25.05 has hit.
* hosts/server2: Enable new `git-back` serviceBenedikt Peetz5 days
|
* flake.nix: Use nixos 25.05 branch of simply mail server instead of masterBenedikt Peetz5 days
|
* modules/redlib: Remove old `libreddit` aliasBenedikt Peetz6 days
|
* flake: Update to nixpkgs 25.05Benedikt Peetz6 days
|
* modules/git-back: Init with the out-of-tree backBenedikt Peetz6 days
|
* pkgs/back: RemoveBenedikt Peetz6 days
| | | | Back has been moved out-of-tree.
* flake.nix: Use the packaged version of `ragenix`Benedikt Peetz6 days
|
* hosts/default.nix: Remove now unneeded `finalizeFunction`Benedikt Peetz6 days
|
* tests/README.md: FormatBenedikt Peetz6 days
|
* pkgs/stalwart-mail: Update to nixos 25.05Benedikt Peetz6 days
| | | | | Now the stalwart-mail package is by default free. As such, we could drop the respective patches.
* hosts/server2: Enable atuin-syncBenedikt Peetz2025-05-05
|
* modules/atuin-sync: InitBenedikt Peetz2025-05-05
|
* modules/matrix: Provide postgresql with a correct sql statementBenedikt Peetz2025-05-04
|
* modules/nextcloud: add calendar, contacts, tasks appsSilas Schöffel2025-05-04
|
* pkgs/taskchampion-sync: Put the sync server behind a ngnix proxyBenedikt Peetz2025-04-28
| | | | | | I realized, that the new taskchampion-sync-server uses a http api (instead of the custom protocol of taskserver). As such, we obviously want to put it behind a ngnix reverse proxy.
* pkgs/sharkey: 2025.2.2 -> 2025.2.3Benedikt Peetz2025-04-28
| | | | There is no change log, as this is a security update.
* modules/sharkey: Add required `@chown` syscall group to allow listBenedikt Peetz2025-04-25
| | | | The `~@priviledged` needed to go, as `@chown` is part of this group.
* tests/sharkey-image: Rename to `sharkey-cpu`Benedikt Peetz2025-04-25
| | | | Image upload still fails, even with this test passing.
* modules/sharkey: Ensure, that it can access the host's CPUsBenedikt Peetz2025-04-24
| | | | This is, for some reason, needed for image uploads to sharkey.
* modules/system-info: Provide a nice warning message, if a port is not yet ↵Benedikt Peetz2025-04-24
| | | | registered
* modules/matrix: Use the typed NixOS for user and db creationBenedikt Peetz2025-04-24
| | | | | | Note, that I have no way to test if this is actually going to work (no tests for matrix). But, I assume that it is not going to pose problems, as we are not migrating the db and these options won't remove state.
* modules/matrix: Group `vhack` attr keys togetherBenedikt Peetz2025-04-24
|
* modules/mastodon: Group `vhack` keys togetherBenedikt Peetz2025-04-24
|
* flake.nix: Remove gnutlsBenedikt Peetz2025-04-24
| | | | We are not generating taskserver certificates anymore.
* modules/taskchampion: Make its data directory owned by taskchampion userBenedikt Peetz2025-04-23
|
* zones/vhack.eu: Actually set the `sharkey.vhack.eu` subdomainBenedikt Peetz2025-04-23
|
* modules/stalwart-mail: Add recommended proxy settings for stalwarts-proxyBenedikt Peetz2025-04-23
| | | | This includes setting things, like setting the `X-Forwarded-For` header.
* modules/constants: Also add a user to each group, so that duplicated gids ↵Benedikt Peetz2025-04-23
| | | | are avoided
* tests/email-http: Use the factored out DNS serverBenedikt Peetz2025-04-23
|
* hosts/server2: Use the internal stalwart directoryBenedikt Peetz2025-04-23
|
* tests/email-http: Test the http self-service availabilityBenedikt Peetz2025-04-23
|
* modules/stalwart-mail: Don't restart the systemd serviceBenedikt Peetz2025-04-23
| | | | | | Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service.
* modules/stalwart-mail: Enable the http self-service interfaceBenedikt Peetz2025-04-23
|
* modules/nginx: Set the "acme" group as group of the "acme" userBenedikt Peetz2025-04-23
| | | | | For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group.
* modules/stalwart-mail: Allow both nginx and stalwart-mail access to the certBenedikt Peetz2025-04-23
| | | | | This is needed for the http challenge (and for the potential to use nginx as a proxy in the future.)
* modules/stalwart-mail: Explicitly list out valid password hashesBenedikt Peetz2025-04-23
| | | | | | If a password hash does not match stalwart's know ones, it will just treat it as plaintext. This is obviously very bad, and should be avoided.
* modules/stalwart-mail: Make `cfg.principals` nullableBenedikt Peetz2025-04-23
| | | | This makes it possible to use the internal storage
* modules/stalwart-mail: Use correct group name for `redis-stalwart-mail`Benedikt Peetz2025-04-23
|
* pkgs/stalwart-mail-free: Update package hash, as it changedBenedikt Peetz2025-04-23
| | | | This has to do with the underlying stalwart-mail update.
* hosts/server2: Setup sharkeyBenedikt Peetz2025-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Server2 is currently not so much under load, as such it seems better to split the load. # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu nextcloud.vhack.eu # <-- This redlib.vhack.eu sharkey.vhack.eu # <-- And this are the “only” really heavy services here. source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 53: dns TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls TCP 10222: taskchampion-sync UDP 53: dns # server3 ## Virtual Hosts b-peetz.de mail.vhack.eu mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 25: <port is 'mail-smtp' but service 'vhack.mail' is not enabled.> TCP 53: dns TCP 80: http TCP 443: https TCP 465: <port is 'mail-smtp-tls' but service 'vhack.mail' is not enabled.> TCP 993: <port is 'mail-imap-tls' but service 'vhack.mail' is not enabled.> TCP 4190: ??? TCP 64738: ??? UDP 53: dns UDP 64738: ???
* test/sharkey: InitBenedikt Peetz2025-04-22
| | | | | | | | We can't test that much, as user creation and general configuration seems to be locked behind completing a point and click adventure, once Sharkey is actually setup. As such, we simply test, that Sharkey starts and provides its default HTML.
* modules/sharkey: InitBenedikt Peetz2025-04-22
|
* pkgs/sharkey: InitBenedikt Peetz2025-04-22
| | | | This is largely based on: https://github.com/sodiboo/system/blob/b63c7b27f49043e8701b3ff5e1441cd27d5a2fff/sharkey/package.nix
* tests/{common,email-dns}: Move last part of acme and dns handling to commonBenedikt Peetz2025-04-22
| | | | This makes re-using it even easier.
* tests/email-dns: Factor out all of the secrets/acme stuff into a common dirBenedikt Peetz2025-04-22
| | | | This makes it easier to re-use this test data for various tests.
* update.sh: Also run `nix flake update`Benedikt Peetz2025-04-22
|
* flake.lock: UpdateBenedikt Peetz2025-04-22
|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-12 23:08:45 +0000