about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* modules/sharkey: Ensure, that it can access the host's CPUsBenedikt Peetz2025-04-24
| | | | This is, for some reason, needed for image uploads to sharkey.
* modules/system-info: Provide a nice warning message, if a port is not yet ↵Benedikt Peetz2025-04-24
| | | | registered
* modules/matrix: Use the typed NixOS for user and db creationBenedikt Peetz2025-04-24
| | | | | | Note, that I have no way to test if this is actually going to work (no tests for matrix). But, I assume that it is not going to pose problems, as we are not migrating the db and these options won't remove state.
* modules/matrix: Group `vhack` attr keys togetherBenedikt Peetz2025-04-24
|
* modules/mastodon: Group `vhack` keys togetherBenedikt Peetz2025-04-24
|
* flake.nix: Remove gnutlsBenedikt Peetz2025-04-24
| | | | We are not generating taskserver certificates anymore.
* modules/taskchampion: Make its data directory owned by taskchampion userBenedikt Peetz2025-04-23
|
* zones/vhack.eu: Actually set the `sharkey.vhack.eu` subdomainBenedikt Peetz2025-04-23
|
* modules/stalwart-mail: Add recommended proxy settings for stalwarts-proxyBenedikt Peetz2025-04-23
| | | | This includes setting things, like setting the `X-Forwarded-For` header.
* modules/constants: Also add a user to each group, so that duplicated gids ↵Benedikt Peetz2025-04-23
| | | | are avoided
* tests/email-http: Use the factored out DNS serverBenedikt Peetz2025-04-23
|
* hosts/server2: Use the internal stalwart directoryBenedikt Peetz2025-04-23
|
* tests/email-http: Test the http self-service availabilityBenedikt Peetz2025-04-23
|
* modules/stalwart-mail: Don't restart the systemd serviceBenedikt Peetz2025-04-23
| | | | | | Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service.
* modules/stalwart-mail: Enable the http self-service interfaceBenedikt Peetz2025-04-23
|
* modules/nginx: Set the "acme" group as group of the "acme" userBenedikt Peetz2025-04-23
| | | | | For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group.
* modules/stalwart-mail: Allow both nginx and stalwart-mail access to the certBenedikt Peetz2025-04-23
| | | | | This is needed for the http challenge (and for the potential to use nginx as a proxy in the future.)
* modules/stalwart-mail: Explicitly list out valid password hashesBenedikt Peetz2025-04-23
| | | | | | If a password hash does not match stalwart's know ones, it will just treat it as plaintext. This is obviously very bad, and should be avoided.
* modules/stalwart-mail: Make `cfg.principals` nullableBenedikt Peetz2025-04-23
| | | | This makes it possible to use the internal storage
* modules/stalwart-mail: Use correct group name for `redis-stalwart-mail`Benedikt Peetz2025-04-23
|
* pkgs/stalwart-mail-free: Update package hash, as it changedBenedikt Peetz2025-04-23
| | | | This has to do with the underlying stalwart-mail update.
* hosts/server2: Setup sharkeyBenedikt Peetz2025-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Server2 is currently not so much under load, as such it seems better to split the load. # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu nextcloud.vhack.eu # <-- This redlib.vhack.eu sharkey.vhack.eu # <-- And this are the “only” really heavy services here. source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 53: dns TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls TCP 10222: taskchampion-sync UDP 53: dns # server3 ## Virtual Hosts b-peetz.de mail.vhack.eu mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 25: <port is 'mail-smtp' but service 'vhack.mail' is not enabled.> TCP 53: dns TCP 80: http TCP 443: https TCP 465: <port is 'mail-smtp-tls' but service 'vhack.mail' is not enabled.> TCP 993: <port is 'mail-imap-tls' but service 'vhack.mail' is not enabled.> TCP 4190: ??? TCP 64738: ??? UDP 53: dns UDP 64738: ???
* test/sharkey: InitBenedikt Peetz2025-04-22
| | | | | | | | We can't test that much, as user creation and general configuration seems to be locked behind completing a point and click adventure, once Sharkey is actually setup. As such, we simply test, that Sharkey starts and provides its default HTML.
* modules/sharkey: InitBenedikt Peetz2025-04-22
|
* pkgs/sharkey: InitBenedikt Peetz2025-04-22
| | | | This is largely based on: https://github.com/sodiboo/system/blob/b63c7b27f49043e8701b3ff5e1441cd27d5a2fff/sharkey/package.nix
* tests/{common,email-dns}: Move last part of acme and dns handling to commonBenedikt Peetz2025-04-22
| | | | This makes re-using it even easier.
* tests/email-dns: Factor out all of the secrets/acme stuff into a common dirBenedikt Peetz2025-04-22
| | | | This makes it easier to re-use this test data for various tests.
* update.sh: Also run `nix flake update`Benedikt Peetz2025-04-22
|
* flake.lock: UpdateBenedikt Peetz2025-04-22
|
* zones/vhack.eu: Add a taskchampion subdomainBenedikt Peetz2025-04-11
|
* modules/system-info: Register taskchampion portBenedikt Peetz2025-04-11
|
* modules/taskchampion-sync: Persist data directoryBenedikt Peetz2025-04-11
|
* hosts/server2: Enable taskwarrior-syncBenedikt Peetz2025-04-11
|
* modules/taskchampion-sync: Add {u,g}ids to {group,user}Benedikt Peetz2025-04-11
|
* {modules,test}/taskchampion-sync: InitBenedikt Peetz2025-04-11
|
* zones/vhack.eu: add nextcloud subdomainSilas Schöffel2025-04-07
|
* nextcloud: init on server2Silas Schöffel2025-04-07
|
* hosts/server2: FormatBenedikt Peetz2025-04-01
|
* tests/email-dns/secrets/dkim/gen_key.sh: Add shellcheck shellBenedikt Peetz2025-04-01
|
* {hosts/server3,zones/vhack.eu}: Activate stalwart-mail on server3 for soisphaBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Correct specify the SRV targets as fully-qualifiedBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Set the SOA name server entry to a real domainBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Make it obvious, that the serial number must be changedBenedikt Peetz2025-04-01
| | | | | | | The comment alone would probably suffice, but having a convenient function that makes it obvious *what* part of the serial number you are actually supposed to change seems quite useful, when trying to reduce the possibilities of forgetting it.
* tests/dns: Avoid tracing the name-server interfacesBenedikt Peetz2025-04-01
|
* zones/vhack.eu: Also revert the mail server changesBenedikt Peetz2025-03-30
|
* {hosts/server2,modules/mail}: Re-active the old mail serverBenedikt Peetz2025-03-30
| | | | | | | | | | Running two mail-servers on one system is a total /mess/. Both try to bind to the same ports, the old stack consists of **5** different systemd services whilst stalwart-mail's systemd service simply refuses to stop, etc. I'm confident that it can work, but it would probably be best to deploy the new mail-server on server3.
* modules/mail: Avoid changing the `virtualMail` user uidBenedikt Peetz2025-03-30
| | | | | | | | We would need to set the `vmailUID` option to this value and even then some parts of SNM would still hardcode the default of 5000. Considering that we are in the process of phasing out SNM, this does not seem to be a worthwhile endeavour.
* modules/mail: Actually set the uid/gid of the virtualMail userBenedikt Peetz2025-03-30
|
* zones/vhack.eu: Use correct `eu` tld instead of `org`Benedikt Peetz2025-03-30
|
* modules/stalwart-mail: Assign uids and gids to the stalwart usersBenedikt Peetz2025-03-29
|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-14 08:26:05 +0000