nixos-server - nixos-config for vhack.eu servers https://vhack.eu

	Commit message (Collapse)	Author
2023-04-07	Fix(system/mail): Allow opening ports in the firewall	ene
	As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
2023-03-25	Fix(system/services/rust-motd): Quote ssl-cert names	ene

2023-03-25	Feat(system/services/rust-motd): Info about filesystems	ene

2023-03-25	Feat(system/services/rust-motd): Show status of ssl-certs	ene

2023-03-25	Fix(system/services/rust-motd): Add fail2ban binary	ene

2023-03-25	Feat(system/services/fail2ban): Add dovecot jail	ene
	This should reduce the log spam even further.
2023-03-25	Fix(system/services/fail2ban): Make db persistent	ene

2023-03-25	Feat(system/services/fail2ban): Add fail2ban	ene
	This should clear the logs somewhat.
2023-03-20	Fix(acme): Store certs permanently.	sils
	Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
2023-03-20	Revert "Fix(system/mail): Change placeholder"	sils
	This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
2023-03-20	Fix(system/mail): Change placeholder	ene
	The old one, could have exposed a weak hash.
2023-03-19	Refactor(system/hardware): Move hardware to host	ene
	The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations.
2023-03-19	Fix(system/hardware): Use actually needed modules and UUID	ene
	The old values did work, but these should just make things a bit clearer.
2023-03-19	Fix(system/services/minecraft): Remove to make compile	ene

2023-03-19	Fix(system/mail): Only accept connections on safe ports	ene
	It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
2023-03-18	Feat(system/mail): Add other users, so the admin thing works	ene

2023-03-18	Style(system/mail): Reorder options	ene
	I just think this is easier to read.
2023-03-18	Feat(system/mail): Use '/' to separate mailboxes	ene
	This is something that just makes the file system easier to traverse, but isn't really necessary.
2023-03-18	Fix(system/mail): Declare the password directly	ene
	As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
2023-03-18	Fix(system/users): Remove unneeded root ssh login keys	ene
	All users are in the wheel group, thus direct login as root is no longer needed.
2023-03-18	Fix(system/mail): Make extraVirtualAliases fairer	ene

2023-03-18	Fix(system/mail): Disable protocols with STARTTLS	ene
	This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
2023-03-18	Refactor: Use better file layout	ene

2023-02-05	Feat: Use default.nix	ene

2023-02-05	Fix: correct host name and convenience changes	ene
	We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15
2023-02-04	Flake: Changed the configuration to a flake	ene
	Nix flakes make a lot of things very easy.