| Commit message (Collapse) | Author | ||
|---|---|---|---|
| 2025-04-12 | modules/stalwart-mail: Make `cfg.principals` nullable | Benedikt Peetz | |
| This makes it possible to use the internal storage | |||
| 2025-04-12 | modules/stalwart-mail: Use correct group name for `redis-stalwart-mail` | Benedikt Peetz | |
| 2025-04-11 | modules/system-info: Register taskchampion port | Benedikt Peetz | |
| 2025-04-11 | modules/taskchampion-sync: Persist data directory | Benedikt Peetz | |
| 2025-04-11 | modules/taskchampion-sync: Add {u,g}ids to {group,user} | Benedikt Peetz | |
| 2025-04-11 | {modules,test}/taskchampion-sync: Init | Benedikt Peetz | |
| 2025-04-07 | nextcloud: init on server2 | Silas Schöffel | |
| 2025-03-30 | {hosts/server2,modules/mail}: Re-active the old mail server | Benedikt Peetz | |
| Running two mail-servers on one system is a total /mess/. Both try to bind to the same ports, the old stack consists of **5** different systemd services whilst stalwart-mail's systemd service simply refuses to stop, etc. I'm confident that it can work, but it would probably be best to deploy the new mail-server on server3. | |||
| 2025-03-30 | modules/mail: Avoid changing the `virtualMail` user uid | Benedikt Peetz | |
| We would need to set the `vmailUID` option to this value and even then some parts of SNM would still hardcode the default of 5000. Considering that we are in the process of phasing out SNM, this does not seem to be a worthwhile endeavour. | |||
| 2025-03-30 | modules/mail: Actually set the uid/gid of the virtualMail user | Benedikt Peetz | |
| 2025-03-29 | modules/stalwart-mail: Assign uids and gids to the stalwart users | Benedikt Peetz | |
| 2025-03-29 | modules/constants: Enforce the 0 to 400 limit | Benedikt Peetz | |
| 2025-03-29 | modules/constants: Correctly assign each uid so that none is greater 400 | Benedikt Peetz | |
| The uid ranges from 400 upwards are reserved for things that allocate them dynamic during runtime (like systemd). Our users would than get clobbered, thus we avoid that range. BREAKING CHANGE: Well, we'll need to change all uid of the files owned by the respective users. | |||
| 2025-03-29 | modules/constants: Dry gid definitions by inheriting the uids | Benedikt Peetz | |
| 2025-03-29 | hosts/server2: Setup stalwalt-mail on mail.vhack.eu for soispha@vhack.eu | Benedikt Peetz | |
| We need to actually test stalwart out in the real world, because the test can never actually capture all the weird things people do with their mail setup. Refs: #6ea08aa | |||
| 2025-03-10 | modules/system-info: Include port 53 (dns) in port -> name mappings | Benedikt Peetz | |
| 2025-03-09 | {modules/system-info,scripts/system_info}: Init | Benedikt Peetz | |
| This collects relevant information for each host in an informative markdown file. An example (generated via `./scripts/system_info.sh`): # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu redlib.vhack.eu source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls # server3 ## Virtual Hosts b-peetz.de mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack.eu vhack.eu ## Open ports TCP 22: ssh TCP 80: http TCP 443: https TCP 64738: ??? UDP 64738: ??? | |||
| 2025-03-09 | {modules,tests}/back: Update to deal with newest back | Benedikt Peetz | |
| 2025-03-09 | modules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` option | Benedikt Peetz | |
| 2025-03-09 | modules/stalwart-mail-free: Remove all `security` dependent checks if it's null | Benedikt Peetz | |
| 2025-03-09 | modules/stalwart-mail: Capitalize default mailboxes | Benedikt Peetz | |
| This seems to be somewhat of a standart. | |||
| 2025-03-09 | modules/stalwart-mail: Also listen on :25 without SSL but with STARTTLS | Benedikt Peetz | |
| This is important, so that other MTA can send us mail. | |||
| 2025-03-09 | modules/stalwart-mail: Set a default value for `principals` | Benedikt Peetz | |
| 2025-03-09 | modules/stalwart-mail: Include full systemd service and set correct dependencies | Benedikt Peetz | |
| This also starts `nginx` so that we can complete http-01 acme challenges. | |||
| 2025-03-09 | modules/stalwart-mail: Select DKIM keys per-domain | Benedikt Peetz | |
| 2025-03-09 | modules/stalwart-mail: Avoid hardcoding `vhack.eu` email address | Benedikt Peetz | |
| 2025-03-09 | modules/dns: Add service dependencies | Benedikt Peetz | |
| 2025-03-09 | modules/dns: Set a reasonable verbosity level | Benedikt Peetz | |
| The default is way too quiet. | |||
| 2025-03-09 | modules/dns: Provide the option to open the required firewall ports | Benedikt Peetz | |
| 2025-03-09 | modules/dns: Remove `lib.debug` calls | Benedikt Peetz | |
| 2025-03-09 | modules/dns/dns/types/records/PTR.nix: Special case for reverse IP lookups | Benedikt Peetz | |
| This makes implementing a DNS server in tests easier. | |||
| 2025-03-09 | modules/dns/dns/types/records/MTA-STS.nix: Init | Benedikt Peetz | |
| 2025-03-09 | modules/dns/dns/types/records/DMARC.nix: Reference the correct RFC | Benedikt Peetz | |
| RFC 7208 is titled “Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1”, whilst RFC 7489 is titled “Domain-based Message Authentication, Reporting, and Conformance (DMARC)” | |||
| 2025-03-09 | modules/stalwart-mail: Move the package to the `pkgs` subtree | Benedikt Peetz | |
| 2025-03-09 | {modules,tests}/dns: Init | Benedikt Peetz | |
| Most of the dns module was taken from: <https://github.com/nix-community/dns.nix> | |||
| 2025-03-09 | module/stalwart-mail: Init initial version | Benedikt Peetz | |
| 2025-02-09 | modules/redlib: Use `nginx`'s module redirect mechanism | Benedikt Peetz | |
| 2025-02-09 | modules/nginx: Keep the `$request_uri` when redirecting | Benedikt Peetz | |
| 2025-02-07 | modules/nix-sync: Correctly merge `extraSettings` and the needed vhost config | Benedikt Peetz | |
| 2025-02-04 | modules/nix-sync: Actually enable | Benedikt Peetz | |
| This includes the obvious changes, ensuring that it follows our current best-practices. | |||
| 2025-01-25 | feat(matrix): make secrets configurable | Silas Schöffel | |
| 2025-01-25 | feat(mastodon): make secrets configurable | Silas Schöffel | |
| 2025-01-25 | feat(miniflux): make secrets configurable | Silas Schöffel | |
| 2025-01-25 | feat(peertube): make secrets configurable | Silas Schöffel | |
| 2025-01-25 | feat(etesync): migrate to server2 | Silas Schöffel | |
| 2025-01-25 | fix(modules/etebase): migrate to new vhack.persist option | Silas Schöffel | |
| 2025-01-25 | fix(module/peertube): update emailhost | Silas Schöffel | |
| 2025-01-25 | fix(modules/mastodon): update emailhost | Silas Schöffel | |
| 2025-01-25 | feat(modules/mail): init on server2 | Silas Schöffel | |
| 2025-01-21 | feat(modules/backup): init | Silas Schöffel | |
 |
index : nixos-server | |
| nixos-config for vhack.eu servers https://vhack.eu | vhack.eu |
| aboutsummaryrefslogtreecommitdiffstats |