about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* zones/vhack.eu: Fix cyclic CNAME entry for `source.vhack.eu` HEAD mainBenedikt Peetz2 days
|
* zones/vhack.eu: Add the `source.vhack.eu` dns entry for the redirectBenedikt Peetz2 days
|
* zones/vhack.eu: Update to actually be a drop-in replacement for netcup's serversBenedikt Peetz2 days
| | | | | Currently, our NS record was missing, and we had an MX record that pointed to `mail.foss-syndicate.org.vhack.eu`.
* zones: Provide a single entry point for all zonesBenedikt Peetz12 days
|
* zones/vhack.eu: Set correct CNAME recordsBenedikt Peetz13 days
|
* modules/system-info: Include port 53 (dns) in port -> name mappingsBenedikt Peetz13 days
|
* {hosts,zones}: Init dns zone for vhack.euBenedikt Peetz13 days
|
* {modules/system-info,scripts/system_info}: InitBenedikt Peetz2025-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This collects relevant information for each host in an informative markdown file. An example (generated via `./scripts/system_info.sh`): # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu redlib.vhack.eu source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls # server3 ## Virtual Hosts b-peetz.de mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 80: http TCP 443: https TCP 64738: ??? UDP 64738: ???
* hosts/server2: Use new back configBenedikt Peetz2025-03-09
|
* pkgs/back/package.nix: Include the html templates in the build sourceBenedikt Peetz2025-03-09
|
* pkgs/back/config: Also try to open a repo if a directory with `.git` existsBenedikt Peetz2025-03-09
|
* pkgs/back: Do not store repositories in configBenedikt Peetz2025-03-09
| | | | | Otherwise, back will need to be restarted every time a new repository is added or removed.
* {modules,tests}/back: Update to deal with newest backBenedikt Peetz2025-03-09
|
* pkgs/back/assets/style.css: Format with prettierBenedikt Peetz2025-03-09
|
* pkgs/back/README.md: Update to reflect current statusBenedikt Peetz2025-03-09
|
* pkgs/back: Support listing all repos via the `/` pathBenedikt Peetz2025-03-09
| | | | | | | | | | This change required porting all webhandling from rocket to hyper, because we needed fine grained control over the path the user requested. This should also improve the memory and resources footprint because hyper is more lower level. I also changed all of the templates from `format!()` calls to a real templating language because I needed to touch most code paths anyway.
* scripts/get_dns.sh: InitBenedikt Peetz2025-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This script is useful, when migrating from a hosted DNS server to our own. An example output looks like this (for `get_dns.sh b-peetz.de`): ``` (A) 92.60.38.179 [b-peetz.de] (AAAA) 2a03:4000:33:25b::4f4e [b-peetz.de] (CAA) 0 issue "letsencrypt.org" [b-peetz.de] (CNAME) <Not set> [b-peetz.de] (DNAME) <Not set> [b-peetz.de] (MX) 10 mail.foss-syndicate.org. [b-peetz.de] (NS) second-dns.netcup.net. [b-peetz.de] (NS) third-dns.netcup.net. [b-peetz.de] (NS) root-dns.netcup.net. [b-peetz.de] (SOA) root-dns.netcup.net. dnsadmin.netcup.net. 2025012510 28800 7200 1209600 86400 [b-peetz.de] (SRV) <Not set> [b-peetz.de] (TXT) "v=spf1 +mx -all" [b-peetz.de] (PTR) <Not set> [b-peetz.de] (DNSKEY) <Not set> [b-peetz.de] (DS) <Not set> [b-peetz.de] (SSHFP) <Not set> [b-peetz.de] (TLSA) <Not set> [b-peetz.de] (OPENPGPKEY) <Not set> [b-peetz.de] (SVCB) <Not set> [b-peetz.de] (HTTPS) <Not set> [b-peetz.de] (TXT) "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ0lbL3BHTuWmiRj/8ZqbEsKK/yBrhXeKDmu8Oj1IGGbQCiqxGkkrdUMzRrZD+6hH0OWjppqc4Sw/oC8ilgSzSntYzkygGjM/7uBLhWVgLjcO7ovsoF7GIldhXcQSD/3hbI0QOoMV2/w7dEZmbYsulw6b2m8FbSAHPn+RvGmwjzQIDAQAB" [mail._domainkey.b-peetz.de] (TXT) "v=DMARC1; p=reject" [_dmarc.b-peetz.de] ```
* modules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` optionBenedikt Peetz2025-03-09
|
* tests/email-dns: InitBenedikt Peetz2025-03-09
| | | | | | | This test is somewhat involved, but tries to exercise our full mail handling capabilities. It effectively only tests that alice can send a message to bob, but it checks nearly all security mechanisms (DNSSEC is currently still missing).
* pkgs/fetchmail-common-name: Patch fetchmail to accept certificates without ↵Benedikt Peetz2025-03-09
| | | | | | common name Pebble gives you SAN only certificates.
* test/email-ip: Rename from the general `email` testBenedikt Peetz2025-03-09
|
* modules/stalwart-mail-free: Remove all `security` dependent checks if it's nullBenedikt Peetz2025-03-09
|
* pkgs/stalwart-mail-free: Avoid running `stalwart-mail`'s testsBenedikt Peetz2025-03-09
|
* pkgs/stalwart-mail-free: Update `cargoHash`Benedikt Peetz2025-03-09
|
* modules/stalwart-mail: Capitalize default mailboxesBenedikt Peetz2025-03-09
| | | | This seems to be somewhat of a standart.
* modules/stalwart-mail: Also listen on :25 without SSL but with STARTTLSBenedikt Peetz2025-03-09
| | | | This is important, so that other MTA can send us mail.
* modules/stalwart-mail: Set a default value for `principals`Benedikt Peetz2025-03-09
|
* modules/stalwart-mail: Include full systemd service and set correct dependenciesBenedikt Peetz2025-03-09
| | | | | This also starts `nginx` so that we can complete http-01 acme challenges.
* modules/stalwart-mail: Select DKIM keys per-domainBenedikt Peetz2025-03-09
|
* modules/stalwart-mail: Avoid hardcoding `vhack.eu` email addressBenedikt Peetz2025-03-09
|
* modules/dns: Add service dependenciesBenedikt Peetz2025-03-09
|
* modules/dns: Set a reasonable verbosity levelBenedikt Peetz2025-03-09
| | | | The default is way too quiet.
* modules/dns: Provide the option to open the required firewall portsBenedikt Peetz2025-03-09
|
* modules/dns: Remove `lib.debug` callsBenedikt Peetz2025-03-09
|
* modules/dns/dns/types/records/PTR.nix: Special case for reverse IP lookupsBenedikt Peetz2025-03-09
| | | | This makes implementing a DNS server in tests easier.
* pkgs/stalwart-mail-free: Also patch to use the platform CA storeBenedikt Peetz2025-03-09
| | | | | | | | This is needed for the test. The general changes are caused by the requirement to update the `chargoHash`, which currently only works with this counter intuitive attribute overriding.
* modules/dns/dns/types/records/MTA-STS.nix: InitBenedikt Peetz2025-03-09
|
* modules/dns/dns/types/records/DMARC.nix: Reference the correct RFCBenedikt Peetz2025-03-09
| | | | | RFC 7208 is titled “Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1”, whilst RFC 7489 is titled “Domain-based Message Authentication, Reporting, and Conformance (DMARC)”
* .envrc: Add ./scripts to PATHBenedikt Peetz2025-03-09
|
* scripts/testInteractive: Actually build the *interactive* test driverBenedikt Peetz2025-03-09
| | | | Otherwise, the experience is simply worse.
* modules/stalwart-mail: Move the package to the `pkgs` subtreeBenedikt Peetz2025-03-09
|
* {modules,tests}/dns: InitBenedikt Peetz2025-03-09
| | | | Most of the dns module was taken from: <https://github.com/nix-community/dns.nix>
* tests/email: Test the mvpBenedikt Peetz2025-03-09
|
* module/stalwart-mail: Init initial versionBenedikt Peetz2025-03-09
|
* scripts/test_build.sh: InitBenedikt Peetz2025-03-09
|
* scripts/test_interactive.sh: Actually fail when `nix build` failsBenedikt Peetz2025-03-09
|
* pkgs/back/update.sh: Don't worry about incompatible semver changesBenedikt Peetz2025-03-07
| | | | | `back` is usually not big enough to be affected by semver incompatible changes. (And if it's affected, fixing it is usually really simple.)
* pkgs/back/.envrc: Stop fetching when loading the shellBenedikt Peetz2025-03-07
|
* treewide: UpdateBenedikt Peetz2025-03-07
|
* fix(hosts/server2/redirects): Also recognize the old source.vhack.eu redirectBenedikt Peetz2025-02-09
|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-23 20:25:43 +0000