tl;dr: mail config works, but on trying to send mail synapse gets rejected by
postfix for using a too-old version of tls, as apparently tls in twisted (the
python library used for mail in synapse) is just hardcoded to v1, which our
postfix rejects.
```
postfix/smtpd[9737]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1685:
synapse[9211]: synapse.handlers.identity: [POST-41] Error sending threepid validation email to stuebinm@hacc.space
Traceback (most recent call last):
File "/nix/store/55mh6w2ark2blrbkyq0d1jjg9alb1dw5-matrix-synapse-1.29.0/lib/python3.8/site-packages/synapse/handlers/identity.py", line 382, in send_threepid_validation
await send_email_func(email_address, token, client_secret, session_id)
File "/nix/store/55mh6w2ark2blrbkyq0d1jjg9alb1dw5-matrix-synapse-1.29.0/lib/python3.8/site-packages/synapse/push/mailer.py", line 207, in send_add_threepid_mail
await self.send_email(
File "/nix/store/55mh6w2ark2blrbkyq0d1jjg9alb1dw5-matrix-synapse-1.29.0/lib/python3.8/site-packages/synapse/push/mailer.py", line 349, in send_email
await make_deferred_yieldable(
twisted.mail._except.SMTPConnectError: Unable to connect to server.
```
This is a known issue [1], which should be fixed in the current version of twisted,
which will be in the next version of synapse.
[1] https://github.com/matrix-org/synapse/issues/6211
* make hainich.hacc.space the default virtualHost for nginx
if no host is running on that subdomain, this will be shown
* disable SSL, so no pesky SSL error for empty subdomains anymore
* remove lots of unneeded brackes and semicolons
Since the delivery of mumble.hacc.space/murmur.hacc.space via gitlab pages
broke (for whatever reason), I've packaged the site into an ad-hoc nix
derivation, which is now delivered locally by nginx instead. This has a
couple benefits (mainly that we no longer depend on gitlab pages), but
also the downside that we can't just update the site via gitlab's CI/CD
pipelines anymore.
lots of fancy new stuff, but most importantly: we no longer import all
of my user config, just the very base.
none of that fancy stuff is active right now, this should mostly be a
no-op unless we do the same restructure that i have just done in my
nixfiles here as well.
this removes the old (unused) config for an angel system used during the
fridays for future camp 2020. Since it was configured "by hand" and not
in a declarative manner, and since there is now an actual module
`services.engelsystem` that we already use for the divoc it seems unlikely
that we will ever need the old config again.
From Nix's point of view, this commit is equivalent to doing nothing.
Seems to work fine, except for the domain — the engelsystem tries
to load its ressources from the IP of the container instead of its
url set in the config.
This is a partial revert, reintroducing hexchen to the project.
As it turns out, I am still quite invested in the project and require
frequent access to the nix-based infrastructure.
