about summary refs log tree commit diff stats
path: root/modules/by-name (unfollow)
Commit message (Collapse)Author
11 daystests/email-http: Test the http self-service availabilityBenedikt Peetz
11 daystests/email-dns: Factor out all of the secrets/acme stuff into a common dirBenedikt Peetz
This makes it easier to re-use this test data for various tests.
11 daysmodules/stalwart-mail: Don't restart the systemd serviceBenedikt Peetz
Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service.
11 daysmodules/stalwart-mail: Enable the http self-service interfaceBenedikt Peetz
11 daysmodules/nginx: Set the "acme" group as group of the "acme" userBenedikt Peetz
For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group.
11 daysmodules/stalwart-mail: Allow both nginx and stalwart-mail access to the certBenedikt Peetz
This is needed for the http challenge (and for the potential to use nginx as a proxy in the future.)
11 daysmodules/stalwart-mail: Explicitly list out valid password hashesBenedikt Peetz
If a password hash does not match stalwart's know ones, it will just treat it as plaintext. This is obviously very bad, and should be avoided.
11 daysmodules/stalwart-mail: Make `cfg.principals` nullableBenedikt Peetz
This makes it possible to use the internal storage
11 daysmodules/stalwart-mail: Use correct group name for `redis-stalwart-mail`Benedikt Peetz
12 dayszones/vhack.eu: Add a taskchampion subdomainBenedikt Peetz
12 daysmodules/system-info: Register taskchampion portBenedikt Peetz
12 daysmodules/taskchampion-sync: Persist data directoryBenedikt Peetz
12 dayshosts/server2: Enable taskwarrior-syncBenedikt Peetz
12 daysmodules/taskchampion-sync: Add {u,g}ids to {group,user}Benedikt Peetz
12 days{modules,test}/taskchampion-sync: InitBenedikt Peetz
2025-04-07zones/vhack.eu: add nextcloud subdomainSilas Schöffel
2025-04-07nextcloud: init on server2Silas Schöffel
2025-04-01hosts/server2: FormatBenedikt Peetz
2025-04-01tests/email-dns/secrets/dkim/gen_key.sh: Add shellcheck shellBenedikt Peetz
2025-04-01{hosts/server3,zones/vhack.eu}: Activate stalwart-mail on server3 for soisphaBenedikt Peetz
2025-04-01zones/vhack.eu: Correct specify the SRV targets as fully-qualifiedBenedikt Peetz
2025-04-01zones/vhack.eu: Set the SOA name server entry to a real domainBenedikt Peetz
2025-04-01zones/vhack.eu: Make it obvious, that the serial number must be changedBenedikt Peetz
The comment alone would probably suffice, but having a convenient function that makes it obvious *what* part of the serial number you are actually supposed to change seems quite useful, when trying to reduce the possibilities of forgetting it.
2025-04-01tests/dns: Avoid tracing the name-server interfacesBenedikt Peetz
2025-03-30zones/vhack.eu: Also revert the mail server changesBenedikt Peetz
2025-03-30{hosts/server2,modules/mail}: Re-active the old mail serverBenedikt Peetz
Running two mail-servers on one system is a total /mess/. Both try to bind to the same ports, the old stack consists of **5** different systemd services whilst stalwart-mail's systemd service simply refuses to stop, etc. I'm confident that it can work, but it would probably be best to deploy the new mail-server on server3.
2025-03-30modules/mail: Avoid changing the `virtualMail` user uidBenedikt Peetz
We would need to set the `vmailUID` option to this value and even then some parts of SNM would still hardcode the default of 5000. Considering that we are in the process of phasing out SNM, this does not seem to be a worthwhile endeavour.
2025-03-30modules/mail: Actually set the uid/gid of the virtualMail userBenedikt Peetz
2025-03-30zones/vhack.eu: Use correct `eu` tld instead of `org`Benedikt Peetz
2025-03-29modules/stalwart-mail: Assign uids and gids to the stalwart usersBenedikt Peetz
2025-03-29modules/constants: Enforce the 0 to 400 limitBenedikt Peetz
2025-03-29modules/constants: Correctly assign each uid so that none is greater 400Benedikt Peetz
The uid ranges from 400 upwards are reserved for things that allocate them dynamic during runtime (like systemd). Our users would than get clobbered, thus we avoid that range. BREAKING CHANGE: Well, we'll need to change all uid of the files owned by the respective users.
2025-03-29modules/constants: Dry gid definitions by inheriting the uidsBenedikt Peetz
2025-03-29hosts/server2: Use the correct path to the DKIM keysBenedikt Peetz
2025-03-29hosts/server2: Setup stalwalt-mail on mail.vhack.eu for soispha@vhack.euBenedikt Peetz
We need to actually test stalwart out in the real world, because the test can never actually capture all the weird things people do with their mail setup. Refs: #6ea08aa
2025-03-27tests/email-dns/secrets: Re-key secrets, so that soispha and sils can read themBenedikt Peetz
Doing a full `ragenix --rekey --idenitity <soispha.age.key>` run will fail, if there are secrets that she cannot decrypt. Thus encrypt the test secrets with all keys.
2025-03-27flake.lock: UpdateBenedikt Peetz
2025-03-21zones/vhack.eu: Fix cyclic CNAME entry for `source.vhack.eu`Benedikt Peetz
2025-03-21zones/vhack.eu: Add the `source.vhack.eu` dns entry for the redirectBenedikt Peetz
2025-03-21zones/vhack.eu: Update to actually be a drop-in replacement for netcup's serversBenedikt Peetz
Currently, our NS record was missing, and we had an MX record that pointed to `mail.foss-syndicate.org.vhack.eu`.
2025-03-11zones: Provide a single entry point for all zonesBenedikt Peetz
2025-03-10zones/vhack.eu: Set correct CNAME recordsBenedikt Peetz
2025-03-10modules/system-info: Include port 53 (dns) in port -> name mappingsBenedikt Peetz
2025-03-10{hosts,zones}: Init dns zone for vhack.euBenedikt Peetz
2025-03-09{modules/system-info,scripts/system_info}: InitBenedikt Peetz
This collects relevant information for each host in an informative markdown file. An example (generated via `./scripts/system_info.sh`): # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu redlib.vhack.eu source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls # server3 ## Virtual Hosts b-peetz.de mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 80: http TCP 443: https TCP 64738: ??? UDP 64738: ???
2025-03-09hosts/server2: Use new back configBenedikt Peetz
2025-03-09pkgs/back/package.nix: Include the html templates in the build sourceBenedikt Peetz
2025-03-09pkgs/back/config: Also try to open a repo if a directory with `.git` existsBenedikt Peetz
2025-03-09pkgs/back: Do not store repositories in configBenedikt Peetz
Otherwise, back will need to be restarted every time a new repository is added or removed.
2025-03-09{modules,tests}/back: Update to deal with newest backBenedikt Peetz
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-23 12:49:04 +0000