| Commit message (Collapse) | Author | ||
|---|---|---|---|
| 2023-06-06 | Fix(system/services/keycloak): Change value of 'passwordFile' to path | sils | |
| 2023-06-06 | Feat(system/services): Enable keycloak | sils | |
| 2023-06-06 | Feat(system/services/keycloak): Add keycloak | sils | |
| 2023-06-06 | Feat(system/file_system_layout): Add bindmount for postgresql | sils | |
| 2023-06-06 | Fix(system/services/opensshd): Rename passwordAuthentication to | sils | |
| settings.PassowrdAuthentication | |||
| 2023-06-06 | Fix(system/mail): give certificateScheme string as value | sils | |
| 2023-06-06 | Fix(system/packages): Explicitly enable zsh to make Nix Vars available | sils | |
| 2023-06-06 | Revert: Remove Conduit | sils | |
| It didn't deploy either and we'd probably use synapse anyway This reverts commit fbba7df4b7c9de5b1926612647e1d9d06b7d22cf. | |||
| 2023-05-20 | Feat(system/matrix/conduit): Add matrix-conduit | Soispha | |
| 2023-05-20 | Style(system): Format | Soispha | |
| 2023-05-20 | Refactor(system/mail): Hide user emails | Soispha | |
| 2023-04-21 | Fix(system/services/nginx): Correct path to index.html | sils | |
| 2023-04-19 | Feat(system/services/nginx): Change to declarative websites | Soispha | |
| 2023-04-07 | Fix(system/mail): Allow opening ports in the firewall | ene | |
| As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested. | |||
| 2023-03-25 | Fix(system/services/rust-motd): Quote ssl-cert names | ene | |
| 2023-03-25 | Feat(system/services/rust-motd): Info about filesystems | ene | |
| 2023-03-25 | Feat(system/services/rust-motd): Show status of ssl-certs | ene | |
| 2023-03-25 | Fix(system/services/rust-motd): Add fail2ban binary | ene | |
| 2023-03-25 | Feat(system/services/fail2ban): Add dovecot jail | ene | |
| This should reduce the log spam even further. | |||
| 2023-03-25 | Fix(system/services/fail2ban): Make db persistent | ene | |
| 2023-03-25 | Feat(system/services/fail2ban): Add fail2ban | ene | |
| This should clear the logs somewhat. | |||
| 2023-03-20 | Fix(acme): Store certs permanently. | sils | |
| Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting. | |||
| 2023-03-20 | Revert "Fix(system/mail): Change placeholder" | sils | |
| This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now. | |||
| 2023-03-20 | Fix(system/mail): Change placeholder | ene | |
| The old one, could have exposed a weak hash. | |||
| 2023-03-19 | Refactor(system/hardware): Move hardware to host | ene | |
| The hardware settings are (somewhat) host specific, and putting them in `system` just builds the wrong expectations. | |||
| 2023-03-19 | Fix(system/hardware): Use actually needed modules and UUID | ene | |
| The old values did work, but these should just make things a bit clearer. | |||
| 2023-03-19 | Fix(system/services/minecraft): Remove to make compile | ene | |
| 2023-03-19 | Fix(system/mail): Only accept connections on safe ports | ene | |
| It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same. | |||
| 2023-03-18 | Feat(system/mail): Add other users, so the admin thing works | ene | |
| 2023-03-18 | Style(system/mail): Reorder options | ene | |
| I just think this is easier to read. | |||
| 2023-03-18 | Feat(system/mail): Use '/' to separate mailboxes | ene | |
| This is something that just makes the file system easier to traverse, but isn't really necessary. | |||
| 2023-03-18 | Fix(system/mail): Declare the password directly | ene | |
| As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash. | |||
| 2023-03-18 | Fix(system/users): Remove unneeded root ssh login keys | ene | |
| All users are in the wheel group, thus direct login as root is no longer needed. | |||
| 2023-03-18 | Fix(system/mail): Make extraVirtualAliases fairer | ene | |
| 2023-03-18 | Fix(system/mail): Disable protocols with STARTTLS | ene | |
| This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback. | |||
| 2023-03-18 | Refactor: Use better file layout | ene | |
| 2023-02-05 | Feat: Use default.nix | ene | |
| 2023-02-05 | Fix: correct host name and convenience changes | ene | |
| We used the domain name instead of the host name, which obviously doesn't work for multiple host. In addition to that I changed some directory to make importing easier and enabled the "nix-command" and "flakes" experimental options, to make the `nix flake check` command usable. Refs: #15 | |||
| 2023-02-04 | Flake: Changed the configuration to a flake | ene | |
| Nix flakes make a lot of things very easy. | |||
 |
index : nixos-server | |
| nixos-config for vhack.eu servers https://vhack.eu | vhack.eu |
| aboutsummaryrefslogtreecommitdiffstats |