]> Git — Sourcephile - sourcephile-nix.git/log
sourcephile-nix.git
4 years agoapparmor: fix/rewrite security.apparmor
Julien Moutinho [Thu, 16 Jul 2020 04:24:09 +0000 (06:24 +0200)]
apparmor: fix/rewrite security.apparmor

4 years agonix: typo in comment
Julien Moutinho [Wed, 15 Jul 2020 21:07:51 +0000 (23:07 +0200)]
nix: typo in comment

4 years agopass: use builtins.dirOf
Julien Moutinho [Wed, 15 Jul 2020 12:35:38 +0000 (14:35 +0200)]
pass: use builtins.dirOf

4 years agonftables: open firewall from mermet to losurdo
Julien Moutinho [Wed, 15 Jul 2020 00:41:40 +0000 (02:41 +0200)]
nftables: open firewall from mermet to losurdo

4 years agonginx: fix auth_basic
Julien Moutinho [Wed, 15 Jul 2020 00:40:41 +0000 (02:40 +0200)]
nginx: fix auth_basic

4 years agotransmission: set more higher limits
Julien Moutinho [Wed, 15 Jul 2020 00:40:23 +0000 (02:40 +0200)]
transmission: set more higher limits

4 years agotransmission: more config
Julien Moutinho [Wed, 15 Jul 2020 00:13:48 +0000 (02:13 +0200)]
transmission: more config

4 years agosystemd: fix reload of services
Julien Moutinho [Wed, 15 Jul 2020 00:12:58 +0000 (02:12 +0200)]
systemd: fix reload of services

4 years agotransmission: fix and improve the hardening
Julien Moutinho [Wed, 15 Jul 2020 00:11:16 +0000 (02:11 +0200)]
transmission: fix and improve the hardening

4 years agotransmission: fix umask
Julien Moutinho [Fri, 10 Jul 2020 07:26:44 +0000 (09:26 +0200)]
transmission: fix umask

4 years agonginx: install on losurdo
Julien Moutinho [Fri, 10 Jul 2020 01:21:48 +0000 (03:21 +0200)]
nginx: install on losurdo

4 years agosanoid: add missing cleanup of remote backups
Julien Moutinho [Thu, 9 Jul 2020 22:31:11 +0000 (00:31 +0200)]
sanoid: add missing cleanup of remote backups

4 years agosanoid: cleanup
Julien Moutinho [Thu, 9 Jul 2020 02:34:44 +0000 (04:34 +0200)]
sanoid: cleanup

4 years agopostgresql: add openconcerto database labascule
Julien Moutinho [Wed, 8 Jul 2020 23:59:09 +0000 (01:59 +0200)]
postgresql: add openconcerto database labascule

4 years agoinitrd: fix SSH host key location
Julien Moutinho [Wed, 8 Jul 2020 17:23:36 +0000 (19:23 +0200)]
initrd: fix SSH host key location

4 years agofail2ban: update whitelist
Julien Moutinho [Tue, 7 Jul 2020 15:03:21 +0000 (17:03 +0200)]
fail2ban: update whitelist

4 years agokernel: set only vm.swappiness=10
Julien Moutinho [Tue, 7 Jul 2020 15:02:53 +0000 (17:02 +0200)]
kernel: set only vm.swappiness=10

4 years agonix: upgrade to latests nixos-unstable-small, fix boot.initrd.network.ssh.hostKeys
Julien Moutinho [Tue, 7 Jul 2020 13:25:24 +0000 (15:25 +0200)]
nix: upgrade to latests nixos-unstable-small, fix boot.initrd.network.ssh.hostKeys

4 years agopostgresql: allow pg_dump and tune for ZFS
Julien Moutinho [Tue, 7 Jul 2020 01:50:09 +0000 (03:50 +0200)]
postgresql: allow pg_dump and tune for ZFS

4 years agotransmission: improve the service
Julien Moutinho [Wed, 1 Jul 2020 13:40:58 +0000 (15:40 +0200)]
transmission: improve the service

4 years agonix: add julm to some meta.maintainers
Julien Moutinho [Mon, 29 Jun 2020 02:06:50 +0000 (04:06 +0200)]
nix: add julm to some meta.maintainers

4 years agotransmission: improve the service module
Julien Moutinho [Mon, 29 Jun 2020 01:56:48 +0000 (03:56 +0200)]
transmission: improve the service module

4 years agonix: update to latest nixos-unstable-small
Julien Moutinho [Fri, 26 Jun 2020 18:22:52 +0000 (20:22 +0200)]
nix: update to latest nixos-unstable-small

4 years agodovecot: silence error revealed by scudo, by disabling scudo
Julien Moutinho [Thu, 25 Jun 2020 17:07:22 +0000 (19:07 +0200)]
dovecot: silence error revealed by scudo, by disabling scudo

4 years agofail2ban: reduce findtime to reduce RAM footprint and startup time
Julien Moutinho [Wed, 24 Jun 2020 23:16:36 +0000 (01:16 +0200)]
fail2ban: reduce findtime to reduce RAM footprint and startup time

4 years agofail2ban: enable on mermet too
Julien Moutinho [Wed, 24 Jun 2020 22:46:50 +0000 (00:46 +0200)]
fail2ban: enable on mermet too

4 years agonix: use the hardened profile on mermet too
Julien Moutinho [Wed, 24 Jun 2020 22:36:12 +0000 (00:36 +0200)]
nix: use the hardened profile on mermet too

4 years agonftables: replace shorewall on mermet too
Julien Moutinho [Wed, 24 Jun 2020 22:18:43 +0000 (00:18 +0200)]
nftables: replace shorewall on mermet too

4 years agorspamd: use --no-block to avoid deadlocking services
Julien Moutinho [Wed, 24 Jun 2020 20:45:26 +0000 (22:45 +0200)]
rspamd: use --no-block to avoid deadlocking services

4 years agonix: deploy security.pass to mermet too
Julien Moutinho [Wed, 24 Jun 2020 18:50:04 +0000 (20:50 +0200)]
nix: deploy security.pass to mermet too

4 years agonix: security.pass re-add convenient postStart
Julien Moutinho [Wed, 24 Jun 2020 16:52:55 +0000 (18:52 +0200)]
nix: security.pass re-add convenient postStart

4 years agognupg: create remaining servers' key
Julien Moutinho [Wed, 24 Jun 2020 16:09:51 +0000 (18:09 +0200)]
gnupg: create remaining servers' key

4 years agonix: rename install to install.ssh-nixos
Julien Moutinho [Wed, 24 Jun 2020 15:52:30 +0000 (17:52 +0200)]
nix: rename install to install.ssh-nixos

4 years agonix: fix install and security.pass
Julien Moutinho [Wed, 24 Jun 2020 15:08:06 +0000 (17:08 +0200)]
nix: fix install and security.pass

4 years agonix: fix security.pass services
Julien Moutinho [Wed, 24 Jun 2020 01:36:55 +0000 (03:36 +0200)]
nix: fix security.pass services

4 years agonix: add module security.pass
Julien Moutinho [Tue, 23 Jun 2020 17:16:49 +0000 (19:16 +0200)]
nix: add module security.pass

4 years agopostgresql: log connections
Julien Moutinho [Sat, 20 Jun 2020 17:12:04 +0000 (19:12 +0200)]
postgresql: log connections

4 years agopostgresql: fix pg_adduser
Julien Moutinho [Sat, 20 Jun 2020 16:20:28 +0000 (18:20 +0200)]
postgresql: fix pg_adduser

4 years agopostgresql: add openconcerto databases lbec and lbm
Julien Moutinho [Sat, 20 Jun 2020 16:08:12 +0000 (18:08 +0200)]
postgresql: add openconcerto databases lbec and lbm

4 years agonix: revamp nixos/{base => profiles}/
Julien Moutinho [Sat, 20 Jun 2020 09:19:06 +0000 (11:19 +0200)]
nix: revamp nixos/{base => profiles}/

4 years agofail2ban: increase findtime to 15d
Julien Moutinho [Fri, 19 Jun 2020 17:45:33 +0000 (19:45 +0200)]
fail2ban: increase findtime to 15d

4 years agoshorewall: remove configs on losurdo
Julien Moutinho [Fri, 19 Jun 2020 16:59:57 +0000 (18:59 +0200)]
shorewall: remove configs on losurdo

4 years agofail2ban: enable sshd and postgresql on losurdo
Julien Moutinho [Fri, 19 Jun 2020 16:56:42 +0000 (18:56 +0200)]
fail2ban: enable sshd and postgresql on losurdo

4 years agonftables: only use unbound for DNS resolving
Julien Moutinho [Thu, 18 Jun 2020 03:28:22 +0000 (05:28 +0200)]
nftables: only use unbound for DNS resolving

4 years agonftables: replace shorewall on losurdo
Julien Moutinho [Thu, 18 Jun 2020 02:46:50 +0000 (04:46 +0200)]
nftables: replace shorewall on losurdo

4 years agolosurdo: enable hardened profile
Julien Moutinho [Wed, 17 Jun 2020 13:40:35 +0000 (15:40 +0200)]
losurdo: enable hardened profile

4 years agossh: add mermet to losurdo
Julien Moutinho [Wed, 17 Jun 2020 13:39:29 +0000 (15:39 +0200)]
ssh: add mermet to losurdo

4 years agopublic-inbox: fix nntpd restart
Julien Moutinho [Wed, 17 Jun 2020 13:35:54 +0000 (15:35 +0200)]
public-inbox: fix nntpd restart

4 years agoacme: fix propagation timeout
Julien Moutinho [Sun, 14 Jun 2020 17:23:54 +0000 (19:23 +0200)]
acme: fix propagation timeout

4 years agonetworking: fix hostname --fqdn
Julien Moutinho [Sun, 14 Jun 2020 17:21:14 +0000 (19:21 +0200)]
networking: fix hostname --fqdn

4 years agopostgresql: lower the allowed connection rate
Julien Moutinho [Sun, 14 Jun 2020 16:48:28 +0000 (18:48 +0200)]
postgresql: lower the allowed connection rate

4 years agopostgresql: install for openconcerto1 database
Julien Moutinho [Fri, 12 Jun 2020 21:41:01 +0000 (23:41 +0200)]
postgresql: install for openconcerto1 database

4 years agopolish code
Julien Moutinho [Fri, 12 Jun 2020 15:16:41 +0000 (17:16 +0200)]
polish code

4 years agoacme: setup on losurdo too
Julien Moutinho [Fri, 12 Jun 2020 00:35:07 +0000 (02:35 +0200)]
acme: setup on losurdo too

4 years agopublic-inbox: fix reloading on X.509 renewal
Julien Moutinho [Thu, 11 Jun 2020 15:31:16 +0000 (17:31 +0200)]
public-inbox: fix reloading on X.509 renewal

4 years agopublic-inbox: add coderepos
Julien Moutinho [Wed, 10 Jun 2020 11:59:28 +0000 (13:59 +0200)]
public-inbox: add coderepos

4 years agosanoid: backup public-inbox
Julien Moutinho [Sat, 6 Jun 2020 13:50:01 +0000 (15:50 +0200)]
sanoid: backup public-inbox

4 years agozramSwap: enable on mermet too
Julien Moutinho [Sat, 6 Jun 2020 12:49:42 +0000 (14:49 +0200)]
zramSwap: enable on mermet too

4 years agozramSwap: enable on losurdo
Julien Moutinho [Sat, 6 Jun 2020 10:34:28 +0000 (12:34 +0200)]
zramSwap: enable on losurdo

4 years agostig: update to 0.11.0a
Julien Moutinho [Sat, 6 Jun 2020 10:34:07 +0000 (12:34 +0200)]
stig: update to 0.11.0a

4 years agopublic-inbox: hide test@sourcephile.fr
Julien Moutinho [Wed, 3 Jun 2020 12:01:12 +0000 (14:01 +0200)]
public-inbox: hide test@sourcephile.fr

4 years agopublic-inbox: rename inboxes
Julien Moutinho [Tue, 2 Jun 2020 23:58:35 +0000 (01:58 +0200)]
public-inbox: rename inboxes

4 years agopublic-inbox: move to mails.sourcephile.fr
Julien Moutinho [Tue, 2 Jun 2020 22:11:33 +0000 (00:11 +0200)]
public-inbox: move to mails.sourcephile.fr

4 years agopublic-inbox: fix CSS and environment
Julien Moutinho [Tue, 2 Jun 2020 21:23:44 +0000 (23:23 +0200)]
public-inbox: fix CSS and environment

4 years agogitolite: update
Julien Moutinho [Mon, 1 Jun 2020 02:56:18 +0000 (04:56 +0200)]
gitolite: update

4 years agonginx: sourcephile.fr: www: add location
Julien Moutinho [Mon, 1 Jun 2020 02:56:08 +0000 (04:56 +0200)]
nginx: sourcephile.fr: www: add location

4 years agopublic-inbox: allow (X)HTML mails
Julien Moutinho [Mon, 1 Jun 2020 02:54:53 +0000 (04:54 +0200)]
public-inbox: allow (X)HTML mails

4 years agopublic-inbox: remove linky inbox and add more generic inboxes
Julien Moutinho [Sun, 31 May 2020 01:44:52 +0000 (03:44 +0200)]
public-inbox: remove linky inbox and add more generic inboxes

4 years agopublic-inbox: add linky@public-inbox.sourcephile.fr
Julien Moutinho [Sat, 30 May 2020 20:33:16 +0000 (22:33 +0200)]
public-inbox: add linky@public-inbox.sourcephile.fr

4 years agonix: revamp directories to put nixpkgs-overlays in the store
Julien Moutinho [Sat, 30 May 2020 20:11:23 +0000 (22:11 +0200)]
nix: revamp directories to put nixpkgs-overlays in the store

4 years agopublic-inbox: NNTP, et version 1.5.0
Julien Moutinho [Thu, 28 May 2020 14:50:32 +0000 (16:50 +0200)]
public-inbox: NNTP, et version 1.5.0

4 years agopublic-inbox: test sur mermet
Julien Moutinho [Wed, 27 May 2020 01:07:46 +0000 (03:07 +0200)]
public-inbox: test sur mermet

4 years agonix: enable nix run servers.$server.install
Julien Moutinho [Fri, 22 May 2020 18:19:26 +0000 (20:19 +0200)]
nix: enable nix run servers.$server.install

4 years agopublic-inbox: fetch the PR to be tested someday
Julien Moutinho [Fri, 22 May 2020 15:29:25 +0000 (17:29 +0200)]
public-inbox: fetch the PR to be tested someday

4 years agonix: polish install code
Julien Moutinho [Fri, 22 May 2020 15:27:27 +0000 (17:27 +0200)]
nix: polish install code

4 years agosyncoid: fix root access and keep bookmarks to avoid destroying the dataset when...
Julien Moutinho [Mon, 18 May 2020 06:32:25 +0000 (08:32 +0200)]
syncoid: fix root access and keep bookmarks to avoid destroying the dataset when there is no common snapshot

4 years agonix: rewrite deploy.sh into an install nix attribute
Julien Moutinho [Mon, 18 May 2020 03:14:32 +0000 (05:14 +0200)]
nix: rewrite deploy.sh into an install nix attribute

4 years agogitolite: update
Julien Moutinho [Mon, 18 May 2020 01:40:19 +0000 (03:40 +0200)]
gitolite: update

4 years agonginx: fix error_log off no longer working and remove boring indent
Julien Moutinho [Mon, 18 May 2020 01:26:04 +0000 (03:26 +0200)]
nginx: fix error_log off no longer working and remove boring indent

4 years agonix: polish deployment scripts
Julien Moutinho [Mon, 18 May 2020 01:24:28 +0000 (03:24 +0200)]
nix: polish deployment scripts

4 years agonix: replace nixops by shell scripts
Julien Moutinho [Mon, 18 May 2020 00:01:15 +0000 (02:01 +0200)]
nix: replace nixops by shell scripts

4 years agonix: deploy without nixops
Julien Moutinho [Sun, 17 May 2020 22:20:30 +0000 (00:20 +0200)]
nix: deploy without nixops

4 years agonix: comment .envrc
Julien Moutinho [Sun, 17 May 2020 22:19:49 +0000 (00:19 +0200)]
nix: comment .envrc

4 years agonix: remove boring indent
Julien Moutinho [Sun, 17 May 2020 02:32:39 +0000 (04:32 +0200)]
nix: remove boring indent

4 years agonginx: factorize domain
Julien Moutinho [Sun, 17 May 2020 02:28:46 +0000 (04:28 +0200)]
nginx: factorize domain

4 years agonix: remove old conf
Julien Moutinho [Sun, 17 May 2020 02:17:47 +0000 (04:17 +0200)]
nix: remove old conf

4 years agonix: split configuration.nix into alternative toplevels
Julien Moutinho [Sun, 17 May 2020 01:59:08 +0000 (03:59 +0200)]
nix: split configuration.nix into alternative toplevels

4 years agoacme: fix reloading of services, using postRun
Julien Moutinho [Sun, 17 May 2020 01:55:02 +0000 (03:55 +0200)]
acme: fix reloading of services, using postRun

4 years agognupg: remove use-tor for now
Julien Moutinho [Fri, 15 May 2020 20:15:25 +0000 (22:15 +0200)]
gnupg: remove use-tor for now

4 years agonix: add tests.nix
Julien Moutinho [Fri, 15 May 2020 01:53:46 +0000 (03:53 +0200)]
nix: add tests.nix

4 years agonix: add default.nix for debugging builds
Julien Moutinho [Thu, 14 May 2020 15:52:57 +0000 (17:52 +0200)]
nix: add default.nix for debugging builds

4 years agonix: remove old comment
Julien Moutinho [Thu, 14 May 2020 12:44:36 +0000 (14:44 +0200)]
nix: remove old comment

4 years agodovecot: fix list.sieve
Julien Moutinho [Thu, 14 May 2020 12:44:13 +0000 (14:44 +0200)]
dovecot: fix list.sieve

4 years agoopenldap: fix julm by using groups.users
Julien Moutinho [Thu, 14 May 2020 12:42:55 +0000 (14:42 +0200)]
openldap: fix julm by using groups.users

4 years agonix: fix nixpkgs-overlays=
Julien Moutinho [Thu, 14 May 2020 12:26:21 +0000 (14:26 +0200)]
nix: fix nixpkgs-overlays=

4 years agodovecot: update fts_xapian
Julien Moutinho [Sat, 9 May 2020 12:27:46 +0000 (14:27 +0200)]
dovecot: update fts_xapian

4 years agonix: add members/*.nix
Julien Moutinho [Thu, 7 May 2020 01:34:24 +0000 (03:34 +0200)]
nix: add members/*.nix

4 years agodovecot: sieve: fix List-Id filter with 3 components
Julien Moutinho [Sun, 3 May 2020 15:23:16 +0000 (17:23 +0200)]
dovecot: sieve: fix List-Id filter with 3 components

4 years agoopenldap: no SHA2 anor PBKDF2 password modules by default
Julien Moutinho [Wed, 29 Apr 2020 12:01:28 +0000 (14:01 +0200)]
openldap: no SHA2 anor PBKDF2 password modules by default

4 years agonix: remove upstreamed PR patches
Julien Moutinho [Tue, 28 Apr 2020 14:34:58 +0000 (16:34 +0200)]
nix: remove upstreamed PR patches