about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* {modules/system-info,scripts/system_info}: Init HEAD mainBenedikt Peetz3 days
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This collects relevant information for each host in an informative markdown file. An example (generated via `./scripts/system_info.sh`): # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu redlib.vhack.eu source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls # server3 ## Virtual Hosts b-peetz.de mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 80: http TCP 443: https TCP 64738: ??? UDP 64738: ???
* hosts/server2: Use new back configBenedikt Peetz3 days
|
* pkgs/back/package.nix: Include the html templates in the build sourceBenedikt Peetz3 days
|
* pkgs/back/config: Also try to open a repo if a directory with `.git` existsBenedikt Peetz3 days
|
* pkgs/back: Do not store repositories in configBenedikt Peetz3 days
| | | | | Otherwise, back will need to be restarted every time a new repository is added or removed.
* {modules,tests}/back: Update to deal with newest backBenedikt Peetz3 days
|
* pkgs/back/assets/style.css: Format with prettierBenedikt Peetz3 days
|
* pkgs/back/README.md: Update to reflect current statusBenedikt Peetz3 days
|
* pkgs/back: Support listing all repos via the `/` pathBenedikt Peetz3 days
| | | | | | | | | | This change required porting all webhandling from rocket to hyper, because we needed fine grained control over the path the user requested. This should also improve the memory and resources footprint because hyper is more lower level. I also changed all of the templates from `format!()` calls to a real templating language because I needed to touch most code paths anyway.
* scripts/get_dns.sh: InitBenedikt Peetz3 days
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This script is useful, when migrating from a hosted DNS server to our own. An example output looks like this (for `get_dns.sh b-peetz.de`): ``` (A) 92.60.38.179 [b-peetz.de] (AAAA) 2a03:4000:33:25b::4f4e [b-peetz.de] (CAA) 0 issue "letsencrypt.org" [b-peetz.de] (CNAME) <Not set> [b-peetz.de] (DNAME) <Not set> [b-peetz.de] (MX) 10 mail.foss-syndicate.org. [b-peetz.de] (NS) second-dns.netcup.net. [b-peetz.de] (NS) third-dns.netcup.net. [b-peetz.de] (NS) root-dns.netcup.net. [b-peetz.de] (SOA) root-dns.netcup.net. dnsadmin.netcup.net. 2025012510 28800 7200 1209600 86400 [b-peetz.de] (SRV) <Not set> [b-peetz.de] (TXT) "v=spf1 +mx -all" [b-peetz.de] (PTR) <Not set> [b-peetz.de] (DNSKEY) <Not set> [b-peetz.de] (DS) <Not set> [b-peetz.de] (SSHFP) <Not set> [b-peetz.de] (TLSA) <Not set> [b-peetz.de] (OPENPGPKEY) <Not set> [b-peetz.de] (SVCB) <Not set> [b-peetz.de] (HTTPS) <Not set> [b-peetz.de] (TXT) "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ0lbL3BHTuWmiRj/8ZqbEsKK/yBrhXeKDmu8Oj1IGGbQCiqxGkkrdUMzRrZD+6hH0OWjppqc4Sw/oC8ilgSzSntYzkygGjM/7uBLhWVgLjcO7ovsoF7GIldhXcQSD/3hbI0QOoMV2/w7dEZmbYsulw6b2m8FbSAHPn+RvGmwjzQIDAQAB" [mail._domainkey.b-peetz.de] (TXT) "v=DMARC1; p=reject" [_dmarc.b-peetz.de] ```
* modules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` optionBenedikt Peetz3 days
|
* tests/email-dns: InitBenedikt Peetz3 days
| | | | | | | This test is somewhat involved, but tries to exercise our full mail handling capabilities. It effectively only tests that alice can send a message to bob, but it checks nearly all security mechanisms (DNSSEC is currently still missing).
* pkgs/fetchmail-common-name: Patch fetchmail to accept certificates without ↵Benedikt Peetz3 days
| | | | | | common name Pebble gives you SAN only certificates.
* test/email-ip: Rename from the general `email` testBenedikt Peetz3 days
|
* modules/stalwart-mail-free: Remove all `security` dependent checks if it's nullBenedikt Peetz3 days
|
* pkgs/stalwart-mail-free: Avoid running `stalwart-mail`'s testsBenedikt Peetz3 days
|
* pkgs/stalwart-mail-free: Update `cargoHash`Benedikt Peetz3 days
|
* modules/stalwart-mail: Capitalize default mailboxesBenedikt Peetz3 days
| | | | This seems to be somewhat of a standart.
* modules/stalwart-mail: Also listen on :25 without SSL but with STARTTLSBenedikt Peetz3 days
| | | | This is important, so that other MTA can send us mail.
* modules/stalwart-mail: Set a default value for `principals`Benedikt Peetz3 days
|
* modules/stalwart-mail: Include full systemd service and set correct dependenciesBenedikt Peetz3 days
| | | | | This also starts `nginx` so that we can complete http-01 acme challenges.
* modules/stalwart-mail: Select DKIM keys per-domainBenedikt Peetz3 days
|
* modules/stalwart-mail: Avoid hardcoding `vhack.eu` email addressBenedikt Peetz3 days
|
* modules/dns: Add service dependenciesBenedikt Peetz3 days
|
* modules/dns: Set a reasonable verbosity levelBenedikt Peetz3 days
| | | | The default is way too quiet.
* modules/dns: Provide the option to open the required firewall portsBenedikt Peetz3 days
|
* modules/dns: Remove `lib.debug` callsBenedikt Peetz3 days
|
* modules/dns/dns/types/records/PTR.nix: Special case for reverse IP lookupsBenedikt Peetz3 days
| | | | This makes implementing a DNS server in tests easier.
* pkgs/stalwart-mail-free: Also patch to use the platform CA storeBenedikt Peetz3 days
| | | | | | | | This is needed for the test. The general changes are caused by the requirement to update the `chargoHash`, which currently only works with this counter intuitive attribute overriding.
* modules/dns/dns/types/records/MTA-STS.nix: InitBenedikt Peetz3 days
|
* modules/dns/dns/types/records/DMARC.nix: Reference the correct RFCBenedikt Peetz3 days
| | | | | RFC 7208 is titled “Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1”, whilst RFC 7489 is titled “Domain-based Message Authentication, Reporting, and Conformance (DMARC)”
* .envrc: Add ./scripts to PATHBenedikt Peetz3 days
|
* scripts/testInteractive: Actually build the *interactive* test driverBenedikt Peetz3 days
| | | | Otherwise, the experience is simply worse.
* modules/stalwart-mail: Move the package to the `pkgs` subtreeBenedikt Peetz3 days
|
* {modules,tests}/dns: InitBenedikt Peetz3 days
| | | | Most of the dns module was taken from: <https://github.com/nix-community/dns.nix>
* tests/email: Test the mvpBenedikt Peetz3 days
|
* module/stalwart-mail: Init initial versionBenedikt Peetz3 days
|
* scripts/test_build.sh: InitBenedikt Peetz3 days
|
* scripts/test_interactive.sh: Actually fail when `nix build` failsBenedikt Peetz3 days
|
* pkgs/back/update.sh: Don't worry about incompatible semver changesBenedikt Peetz5 days
| | | | | `back` is usually not big enough to be affected by semver incompatible changes. (And if it's affected, fixing it is usually really simple.)
* pkgs/back/.envrc: Stop fetching when loading the shellBenedikt Peetz5 days
|
* treewide: UpdateBenedikt Peetz5 days
|
* fix(hosts/server2/redirects): Also recognize the old source.vhack.eu redirectBenedikt Peetz2025-02-09
|
* modules/redlib: Use `nginx`'s module redirect mechanismBenedikt Peetz2025-02-09
|
* modules/nginx: Keep the `$request_uri` when redirectingBenedikt Peetz2025-02-09
|
* README.md: Fix typosBenedikt Peetz2025-02-09
|
* modules/nix-sync: Correctly merge `extraSettings` and the needed vhost configBenedikt Peetz2025-02-07
|
* hosts/server3/websites: Host nix-sync on server3Benedikt Peetz2025-02-07
|
* hosts/server2/websites: Correct extraSettings for wkdBenedikt Peetz2025-02-04
| | | | | The `/.well-known/openpgpkey/hu/` path does not exist. Thus remove the erroneous `hu/` at the end.
* hosts/server2/websites: Use the new repository urlsBenedikt Peetz2025-02-04
| | | | | | This changes: https://codeberg.org/bpeetz/b-peetz.de.git -> https://git.foss-syndicate.org/bpeetz/b-peetz.de.git https://codeberg.org/vhack.eu/gpg_wkd.git -> https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-12 23:34:44 +0000