Commit message (Collapse) | Author | ||
---|---|---|---|
2025-06-07 | pkgs/stalwart-mail-patched/update.sh: Avoid building the output | Benedikt Peetz | |
We already have the nixos tests, that will fail, if this does not build. | |||
2025-06-07 | pkgs/stalwart-mail-patched: Actually apply overrides | Benedikt Peetz | |
The previous code silently dropped the overrides. | |||
2025-06-07 | tests/email-dns: Reject mail, that fails DKIM | Benedikt Peetz | |
This test should be very strict. | |||
2025-06-07 | tests/common/acme/default.nix: Inline the `acmeScripts` | Benedikt Peetz | |
There is just one script, and having it at an accessible entry point is not useful, as the script itself needs to be wrapped. | |||
2025-06-07 | pkgs/stalwart-mail-patched/spamfilter: Provide infrastructure to update it | Benedikt Peetz | |
Otherwise, this package will never be updated. | |||
2025-06-07 | pkgs/stalwart-mail-patched: Use different native-ca-roots patch | Benedikt Peetz | |
My patch was no longer working, as it was written against an older version of stalwart. This patch is now sourced directly from a GitHub pr, that was closed at the 21st of may. Upstream says, that they will support that in a future version, but I am honestly just waiting for the rug pull at this point. They are no longer accepting PRs, focusing more and more on new features, whilst the actual software is still very difficult to debug. But, with all this said, their current source code is available under the AGPL, so even if they rug pull (which might be difficult, due to fact, that their CLA is from the FSFE), a base for forking still persists. | |||
2025-06-07 | tests/taskchampion-sync: Use correct test function name | Benedikt Peetz | |
`wait_until_succeed` is not defined, but `wait_until_succeeds` is. | |||
2025-06-07 | tests/{atuin-sync,email-{dns,http},sharkey,taskchampion-sync}: Share acme setup | Benedikt Peetz | |
In the wake of `network-online.target`'s removal from `multi-user.target`, I noticed, that this acme ca setup code is effectively duplicated. This commit now deduplicates it. | |||
2025-06-07 | pkgs/sharkey: Remove nixpkgs unstable wrapper | Benedikt Peetz | |
25.05 has hit. | |||
2025-06-07 | hosts/server2: Enable new `git-back` service | Benedikt Peetz | |
2025-06-07 | flake.nix: Use nixos 25.05 branch of simply mail server instead of master | Benedikt Peetz | |
2025-06-07 | modules/redlib: Remove old `libreddit` alias | Benedikt Peetz | |
2025-06-07 | flake: Update to nixpkgs 25.05 | Benedikt Peetz | |
2025-06-07 | modules/git-back: Init with the out-of-tree back | Benedikt Peetz | |
2025-06-06 | pkgs/back: Remove | Benedikt Peetz | |
Back has been moved out-of-tree. | |||
2025-06-06 | flake.nix: Use the packaged version of `ragenix` | Benedikt Peetz | |
2025-06-06 | hosts/default.nix: Remove now unneeded `finalizeFunction` | Benedikt Peetz | |
2025-06-06 | tests/README.md: Format | Benedikt Peetz | |
2025-06-06 | pkgs/stalwart-mail: Update to nixos 25.05 | Benedikt Peetz | |
Now the stalwart-mail package is by default free. As such, we could drop the respective patches. | |||
2025-05-05 | hosts/server2: Enable atuin-sync | Benedikt Peetz | |
2025-05-05 | modules/atuin-sync: Init | Benedikt Peetz | |
2025-05-04 | modules/matrix: Provide postgresql with a correct sql statement | Benedikt Peetz | |
2025-05-04 | modules/nextcloud: add calendar, contacts, tasks apps | Silas Schöffel | |
2025-04-28 | pkgs/taskchampion-sync: Put the sync server behind a ngnix proxy | Benedikt Peetz | |
I realized, that the new taskchampion-sync-server uses a http api (instead of the custom protocol of taskserver). As such, we obviously want to put it behind a ngnix reverse proxy. | |||
2025-04-28 | pkgs/sharkey: 2025.2.2 -> 2025.2.3 | Benedikt Peetz | |
There is no change log, as this is a security update. | |||
2025-04-25 | modules/sharkey: Add required `@chown` syscall group to allow list | Benedikt Peetz | |
The `~@priviledged` needed to go, as `@chown` is part of this group. | |||
2025-04-25 | tests/sharkey-image: Rename to `sharkey-cpu` | Benedikt Peetz | |
Image upload still fails, even with this test passing. | |||
2025-04-24 | modules/sharkey: Ensure, that it can access the host's CPUs | Benedikt Peetz | |
This is, for some reason, needed for image uploads to sharkey. | |||
2025-04-24 | modules/system-info: Provide a nice warning message, if a port is not yet ↵ | Benedikt Peetz | |
registered | |||
2025-04-24 | modules/matrix: Use the typed NixOS for user and db creation | Benedikt Peetz | |
Note, that I have no way to test if this is actually going to work (no tests for matrix). But, I assume that it is not going to pose problems, as we are not migrating the db and these options won't remove state. | |||
2025-04-24 | modules/matrix: Group `vhack` attr keys together | Benedikt Peetz | |
2025-04-24 | modules/mastodon: Group `vhack` keys together | Benedikt Peetz | |
2025-04-24 | flake.nix: Remove gnutls | Benedikt Peetz | |
We are not generating taskserver certificates anymore. | |||
2025-04-23 | modules/taskchampion: Make its data directory owned by taskchampion user | Benedikt Peetz | |
2025-04-23 | zones/vhack.eu: Actually set the `sharkey.vhack.eu` subdomain | Benedikt Peetz | |
2025-04-23 | modules/stalwart-mail: Add recommended proxy settings for stalwarts-proxy | Benedikt Peetz | |
This includes setting things, like setting the `X-Forwarded-For` header. | |||
2025-04-23 | modules/constants: Also add a user to each group, so that duplicated gids ↵ | Benedikt Peetz | |
are avoided | |||
2025-04-23 | tests/email-http: Use the factored out DNS server | Benedikt Peetz | |
2025-04-23 | hosts/server2: Use the internal stalwart directory | Benedikt Peetz | |
2025-04-23 | tests/email-http: Test the http self-service availability | Benedikt Peetz | |
2025-04-23 | modules/stalwart-mail: Don't restart the systemd service | Benedikt Peetz | |
Restarting might be useful, if stalwart is actually _running_ in prod, but currently the constant restart makes it very difficult to debug (or even stop) the service. | |||
2025-04-23 | modules/stalwart-mail: Enable the http self-service interface | Benedikt Peetz | |
2025-04-23 | modules/nginx: Set the "acme" group as group of the "acme" user | Benedikt Peetz | |
For some reason, this is not done already. Setting this prevents an assertion being thrown, that the "acme" user does not have a group. | |||
2025-04-23 | modules/stalwart-mail: Allow both nginx and stalwart-mail access to the cert | Benedikt Peetz | |
This is needed for the http chall |