about summary refs log tree commit diff stats
path: root/system/secrets (unfollow)
Commit message (Collapse)Author
2025-04-23modules/taskchampion: Make its data directory owned by taskchampion userBenedikt Peetz
2025-04-23zones/vhack.eu: Actually set the `sharkey.vhack.eu` subdomainBenedikt Peetz
2025-04-23modules/stalwart-mail: Add recommended proxy settings for stalwarts-proxyBenedikt Peetz
This includes setting things, like setting the `X-Forwarded-For` header.
2025-04-23modules/constants: Also add a user to each group, so that duplicated gids ↵Benedikt Peetz
are avoided
2025-04-23tests/email-http: Use the factored out DNS serverBenedikt Peetz
2025-04-23hosts/server2: Use the internal stalwart directoryBenedikt Peetz
2025-04-23tests/email-http: Test the http self-service availabilityBenedikt Peetz
2025-04-23modules/stalwart-mail: Don't restart the systemd serviceBenedikt Peetz
Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service.
2025-04-23modules/stalwart-mail: Enable the http self-service interfaceBenedikt Peetz
2025-04-23modules/nginx: Set the "acme" group as group of the "acme" userBenedikt Peetz
For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group.
2025-04-23modules/stalwart-mail: Allow both nginx and stalwart-mail access to the certBenedikt Peetz
This is needed for the http challenge (and for the potential to use nginx as a proxy in the future.)
2025-04-23modules/stalwart-mail: Explicitly list out valid password hashesBenedikt Peetz
If a password hash does not match stalwart's know ones, it will just treat it as plaintext. This is obviously very bad, and should be avoided.
2025-04-23modules/stalwart-mail: Make `cfg.principals` nullableBenedikt Peetz
This makes it possible to use the internal storage
2025-04-23modules/stalwart-mail: Use correct group name for `redis-stalwart-mail`Benedikt Peetz
2025-04-23pkgs/stalwart-mail-free: Update package hash, as it changedBenedikt Peetz
This has to do with the underlying stalwart-mail update.
2025-04-22hosts/server2: Setup sharkeyBenedikt Peetz
Server2 is currently not so much under load, as such it seems better to split the load. # server2 ## Virtual Hosts etebase.vhack.eu: dav.vhack.eu gallery.s-schoeffel.de git.foss-syndicate.org invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li issues.foss-syndicate.org libreddit.vhack.eu nextcloud.vhack.eu # <-- This redlib.vhack.eu sharkey.vhack.eu # <-- And this are the “only” really heavy services here. source.foss-syndicate.org source.vhack.eu ## Open ports TCP 22: ssh TCP 25: mail-smtp TCP 53: dns TCP 80: http TCP 443: https TCP 465: mail-smtp-tls TCP 993: mail-imap-tls TCP 995: mail-pop3-tls TCP 10222: taskchampion-sync UDP 53: dns # server3 ## Virtual Hosts b-peetz.de mail.vhack.eu mastodon.vhack.eu matrix.vhack.eu miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu openpgpkey.b-peetz.de openpgpkey.s-schoeffel.de openpgpkey.sils.li openpgpkey.vhack.eu peertube.vhack.eu trinitrix.vhack