peter
/
haccfiles
forked from hacc/haccfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
361 Commits
40 Branches
0 Tags
20 MiB
Commit Graph

361 Commits (fix-mail)

Author SHA1 Message Date
schweby ce5bb46fa8
mail: force explicit TLS on SMTP too 
also switch away from legacy ports
 2022-07-10 15:24:53 +02:00
schweby 8021685ec8
update mail config 2022-07-09 20:56:46 +02:00
stuebinm 8f413da05a services/nextcloud: remove mail & redis 
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
 2022-07-09 20:27:46 +02:00
stuebinm e9d2630ea9 fix auamost path 2022-07-09 19:11:30 +02:00
stuebinm 445a974f97 magic mattermost group sync 2022-07-09 11:00:57 +02:00
stuebinm 4eecd1bad4 update nextcloud to 24 
(apparently we forget to commit this??)
 2022-07-09 10:56:58 +02:00
schweby 430efbc0a5
update sources 2022-06-09 14:56:38 +02:00
schweby 3dc6b5e3e9
common/users: update schwebys ssh key 2022-05-22 15:08:42 +02:00
hexchen 507a144165 Add uffd application icons 2022-05-02 16:28:37 +00:00
hexchen 7015386cd6 Fix uffd brand icon 2022-05-02 15:53:27 +00:00
schweby 440076bae9
services/nextcloud: make login work reliably 2022-04-30 23:35:19 +02:00
hexchen 27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
stuebinm 287cb84d82
services/mattermost: bump to 6.6.0 2022-04-16 20:31:58 +02:00
schweby 3ee3c37ccb
sources: updates 
CVE-2022-1162
 2022-04-06 09:05:25 +02:00
stuebinm 39bec9fbd0
services/mattermost: bump to 6.5.0 2022-03-18 19:28:43 +01:00
stuebinm 5c85431847
mattermost: bump to 6.4.2 (security update) 2022-03-11 14:01:53 +01:00
schweby 2cf0119ec1
sources: updates 
update kernel to proteced against CVE-2022-0847
 2022-03-07 20:44:33 +01:00
schweby a92ae39d65
gitlab-ci.yml: disable nixda build 
It's known broken. No need to waste time and resources.
Reenable when fixed.
 2022-02-27 12:22:30 +01:00
schweby f1c3a2d082
sources: updates 2022-02-27 12:19:36 +01:00
schweby 93c13debe6
services/mattermost: bump to 6.4.1 2022-02-27 11:57:52 +01:00
stuebinm 3e95d6c222
bump nix/sources.json 2022-02-17 19:49:53 +01:00
stuebinm ca19774c9e
services/mattermost: bump to 6.4.0 2022-02-17 19:49:38 +01:00
stuebinm 032c49c375
comment out services/workadventure 
(we're not using it and it's eating build times, so I've disabled it for
now)
 2022-02-17 19:48:45 +01:00
stuebinm 4b71a216ba
services/mattermost: bump to 6.1.3 
(another security update)
 2022-02-05 01:08:46 +01:00
schweby 17d695c00b
common: add niv 2022-02-04 08:51:39 +01:00
schweby 7815e32f9f
services/mail: reduce logspam 
reduce logspam by out mail services by seeting them to logleven 5
(notice) and 3 (error)
 2022-02-01 17:07:52 +01:00
stuebinm 99811b6711 bump update nixos-mailserver to 21.11 2022-02-01 14:44:47 +01:00
stuebinm 1aebabe8a0 parsons/restics: s3CredentialsFile is deprecated 
This is untested, but the documentation on the s3CredentialsFile option
seems to suggest this should be correct.
 2022-02-01 14:03:40 +01:00
stuebinm 10942ca464 bump home manager to 21.11 2022-02-01 14:00:35 +01:00
schweby 2d429492fe
services/mail: stop postfix from dying by rspamd 2022-01-31 21:43:25 +01:00
schweby 4bf804c025
services/syncthing: add Vorstands share 
currently the receiveencrypted type is not supported by the nixos module
so we have to set it via the webinterface
 2022-01-27 22:53:17 +01:00
schweby 8716f2b308
services/syncthing: update config format 2022-01-27 22:52:49 +01:00
hexchen 6de0b91beb fixer tous les things 2022-01-27 20:20:25 +00:00
stuebinm 9937d5ff94
fixing pad.hacc.space (hopefully) 
(I haven't tested this, since I don't want to try the upgrade-adventure
a second time today, but I think this should fix it)
 2022-01-27 20:38:06 +01:00
stuebinm 4ff0bdf3ec
whoops, apparently some rebase went wrong 
(fixing it back into a buildable state)
 2022-01-27 20:38:04 +01:00
stuebinm 676ba4fc31
services/hedgedocs: use socket auth for postgres 2022-01-27 20:37:42 +01:00
schweby 569c5652f2
sources: update 2022-01-27 20:37:40 +01:00
schweby 238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
stuebinm c2c0bd366a
bump nixpkgs to 21.11 
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
 2022-01-27 20:36:17 +01:00
stuebinm 68afbe01b3 services/mattermost: bump to 6.1.2 (security update) 
cf. https://mattermost.com/blog/mattermost-security-updates-6-3-1-6-2-2-6-1-2-5-37-7-released/

this supposedly fixes a "medium-level security vulnerability", but
they're not telling us what it is (for now …) :rolls_eyes:

anyways, seems to run fine on parsons.
 2022-01-25 02:08:40 +01:00
schweby fa347008fa
common/default.nix: add vgrep 2022-01-19 22:11:10 +01:00
schweby c21b1b8ddf
services/syncthing: cleanup clients 
remove no longer needed clients due to "new" password sharing
 2022-01-19 21:35:03 +01:00
schweby 02a64a6f31
services/hedgedoc: lower loglevel to warn 2022-01-19 21:22:32 +01:00
stuebinm b9aa3050d7 fix mumble website 
This does two things:
 - add a group "mumblecert" which is allowed to read the mumble.hacc.space
   cert, and add both nginx and murmur's users to it
 - remove the website's derivation from services/murmur.nix and instead
   add it to the websites/ dir and handle it the same as all our other sites
 2022-01-18 09:08:27 +01:00
schweby 6f0d8a6af9
hotfix: disable mumble website 
disable the mumble website because of cert permission issues causes by ad9c1f4481
nginx doesn't start because it can read the cert of the website
 2022-01-17 22:37:43 +01:00
stuebinm ad9c1f4481
security/acme: mumble cert readable by murmur group 
the postRun thing doesn't seem to work at all anymore?
 2022-01-12 23:51:31 +01:00
stuebinm f800057478
services/hedgedocs: remove unused module imports 2022-01-12 19:31:31 +01:00
stuebinm ae67b38304 add the rest of our stativ web pages 
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
 2022-01-10 23:45:21 +01:00
stuebinm eb07f34672 modules/website.nix init 
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).

Thus we could avoid the dependency on gitlab pages.
 2022-01-10 22:57:09 +01:00
stuebinm c08ca5f85f
update readme 
its incompleteness annoys me
 2022-01-07 18:16:31 +01:00