Rouven Seifert
d482e15bcb
forgot about tomate
2024-03-28 21:01:32 +01:00
Rouven Seifert
4334b5ef50
treewide: minor cleanups
2024-03-28 20:55:47 +01:00
Rouven Seifert
f2af8d0a75
quitte: move back to bare-metal
...
Das Proxmox ist tot. Lang lebe NixOS!
2024-03-28 18:06:41 +01:00
tenksom
e18a99c452
fixing user groups for websides
...
Co-authored-by: fugi <me@fugi.dev>
Co-authored-by: tenksom <joachim@stramke.com>
2024-03-28 16:01:12 +01:00
Rouven Seifert
4f1f88a779
nginx: streamline all forceSSL
and enableACME
directives in one file
2024-03-25 19:34:47 +01:00
Rouven Seifert
ddd2514cdb
activation script: fix kernel warning
2024-03-19 11:30:00 +01:00
Jonas Gaffke
ba2f0fb86b
grav: try dex login
2024-03-17 15:48:54 +01:00
tenksom
30b4bf9540
fixing wrong timezone on ftp
2024-03-16 22:41:36 +01:00
Rouven Seifert
1e689b6c40
Merge pull request #86 from fsr/log-retention
...
core: configure log retention
2024-03-15 11:33:15 +01:00
Rouven Seifert
d3da0eab79
rspamd: fix dmarc domain
2024-03-15 00:10:19 +01:00
Rouven Seifert
66a554a13b
core: configure log retention
2024-03-14 23:59:42 +01:00
Rouven Seifert
7023c328d9
mail: move mailman options to mailman.nix
2024-03-14 00:09:06 +01:00
Rouven Seifert
39320d987c
matrix: move into folder
2024-03-12 12:34:20 +01:00
Rouven Seifert
fea01b0b2e
courses: move into folder
2024-03-12 12:11:44 +01:00
Rouven Seifert
527651706e
options: move to tree root
2024-03-12 12:06:21 +01:00
Rouven Seifert
01bcc9ecad
refactor: streamline core modules into dedicated folder
2024-03-12 12:03:29 +01:00
Rouven Seifert
b429e6468f
refactor: streamline all websites into one folder
2024-03-12 11:49:01 +01:00
Rouven Seifert
71fdea75be
refactor: split mail into modules
2024-03-12 11:41:04 +01:00
Rouven Seifert
736c84cce9
treewide: ran deadnix
2024-03-11 22:49:12 +01:00
Rouven Seifert
05a5e085d8
ftp: fix content type for komplefprüfungen
2024-03-11 12:04:31 +01:00
Rouven Seifert
d1fca836b9
mail: match smtp banner to rDNS
2024-03-08 14:41:03 +01:00
Rouven Seifert
8fe2173040
rspamd: fix rspamd signing for mailman
...
Mails to the big mailing lists currently fail dkim checking since we add
a footer and rewrite the subject. To not trigger DMARC fails, we sign all
outgoing mails from local networks with our domain.
2024-03-07 14:56:21 +01:00
Rouven Seifert
b9559cf5ce
pad: wiki: add robots.txt
2024-03-06 20:59:11 +01:00
Rouven Seifert
c04e11a958
mailman: add robots.txt
2024-03-06 20:49:02 +01:00
Lyn Fugmann
71cb425527
Merge remote-tracking branch 'origin/portunus2'
2024-03-06 12:44:18 +01:00
Rouven Seifert
08e43cf903
Merge pull request #82 from fsr/opendkim
...
Disable opendkim
2024-03-05 17:25:47 +01:00
Rouven Seifert
1955aa3cb2
rspamd: change dkim selector
2024-03-05 17:11:59 +01:00
Rouven Seifert
c36a242b35
rspamd: remove faulty allow_hdrfrom_mismatch option
2024-03-05 17:05:37 +01:00
Lyn Fugmann
2d7ed61384
use portunus from nixos-unstable
2024-03-05 15:24:28 +01:00
Rouven Seifert
71bc8234a2
opendkim: disable
2024-03-04 22:44:53 +01:00
Rouven Seifert
8e8cc54f75
mail: configure periodically sent dmarc aggregate reports
2024-03-04 22:40:04 +01:00
Rouven Seifert
a1bfa3f7e1
ldap: switch to sssd on quitte
2024-03-04 22:14:24 +01:00
Rouven Seifert
a3e15cc105
rspamd: migrate redis to unix sockets
2024-03-04 19:47:09 +01:00
Rouven Seifert
4e1cf47b7b
mail: test rspamd signing with rspamd
2024-03-04 12:08:50 +01:00
Lyn Fugmann
0cf95c4c34
Add hendrik's pgp and ssh keys
2024-02-29 16:24:21 +01:00
Lyn Fugmann
4f5148fbf4
Show warning when kernel version changes
2024-02-29 12:03:02 +01:00
Lyn Fugmann
7f70ae990c
ftp: custom 403 error page
2024-02-27 14:06:06 +01:00
Rouven Seifert
794b565e07
nix-serve: fix port
2024-02-25 23:16:47 +01:00
Rouven Seifert
a364e28bb8
nix-serve: init at cache.ifsr.de
2024-02-25 23:10:43 +01:00
Rouven Seifert
f9fca746f7
decisions: fix secret
2024-02-22 12:20:21 +01:00
Rouven Seifert
d84ad31126
mail: configure optional archive mailbox
...
This enables the 'Archive' special use for Mailboxes according to
RFC 6154 [0]. Most Mailclients support this out of the box
[0] https://www.rfc-editor.org/rfc/rfc6154.html
2024-02-21 14:02:26 +01:00
Rouven Seifert
22ca2010a0
initrd: fix command to unlock disk
2024-02-19 11:35:22 +01:00
Rouven Seifert
fecff52804
ewsp: fix nginx group
2024-02-18 14:58:29 +01:00
tenksom
a97f94e4b1
fixed nginx group for nightline
2024-02-18 12:54:21 +01:00
Jonas Gaffke
b9a216ad59
decisions: add dex openid connect client
2024-02-05 22:01:11 +01:00
quitte
ef42822101
Merge branch 'main' of github.com:fsr/fruitbasket
2024-02-04 13:08:18 +01:00
quitte
bf6585a833
decisions: fix typs
2024-02-04 13:08:14 +01:00
quitte
594e672df4
decisions: add timer for tex to db
2024-02-04 13:07:41 +01:00
Rouven Seifert
6d6585c78f
formatting
2024-02-03 20:49:47 +01:00
Jonas Gaffke
81a83d7989
strukturbot: move to quitte
2024-02-03 20:48:34 +01:00
Rouven Seifert
826758e138
decisions: init secrets
2024-02-03 20:17:06 +01:00
Jonas Gaffke
cd10890f1b
decisions: init
2024-02-03 20:05:52 +01:00
Rouven Seifert
2e5f4fbe23
nextcloud: deprecate oc.ifsr.de
2024-02-02 21:53:54 +01:00
Rouven Seifert
e198002d60
mysql: enable backups
2024-02-02 21:41:44 +01:00
Rouven Seifert
e70b57490e
formatting
2024-02-02 21:18:42 +01:00
Jonas Gaffke
5b2ca5141c
mysql: bind to localhost
2024-02-02 21:13:44 +01:00
Rouven Seifert
c0c9249e5a
remove old wiki module
2024-02-02 21:09:58 +01:00
Rouven Seifert
e1325a329a
wiki: move to wiki
2024-02-02 21:08:30 +01:00
Jonas Gaffke
454394981e
quitte: add nightline and fsrewsp sites
2024-02-02 20:26:37 +01:00
Rouven Seifert
dbe12fbfeb
ese: move to quitte
2024-02-02 19:54:06 +01:00
Jonas Gaffke
cc09c14143
quitte: add mysql
2024-02-02 17:41:34 +01:00
Rouven Seifert
b8c31b4e4a
initrd: fix network
2024-01-29 16:23:56 +01:00
Rouven Seifert
ccd6290fb7
Merge pull request #81 from fsr/initrd-ssh
...
quitte: enable ssh in initrd
2024-01-29 16:11:00 +01:00
Rouven Seifert
48683c6b2f
nextcloud: update to nextcloud28
2024-01-29 16:04:51 +01:00
Rouven Seifert
0e2d68fb26
postfix: fix format
2024-01-28 14:26:12 +01:00
Rouven Seifert
583990556e
postfix: lift message size limit
2024-01-28 14:25:02 +01:00
Lyn Fugmann
316ffbb9e0
quitte: enable ssh in initrd
2024-01-25 19:40:22 +01:00
Rouven Seifert
ffeb47cd5e
verify mail senders
2024-01-24 16:02:58 +01:00
Rouven Seifert
93baff94f1
formatting
2024-01-13 17:40:20 +01:00
Rouven Seifert
01f5df464f
zammad: set loglevel to warn
2024-01-13 17:36:22 +01:00
Rouven Seifert
1d4da79c16
fix forgejo homedir
2024-01-10 15:23:56 +01:00
Rouven Seifert
94c2a2de5d
fix integer formatting
2024-01-07 01:22:42 +01:00
Rouven Seifert
d6571ac695
bacula: restrict port to agdsn networks
2024-01-07 01:16:37 +01:00
Rouven Seifert
0084a02568
git: set loglevel to WARN
...
- gitea is crawled by some bots and logs every request
2024-01-06 16:07:48 +01:00
Rouven Seifert
bde7d0b3d4
matrix: disable spammy logging
2024-01-06 16:01:32 +01:00
Jonas Gaffke
9f465f4f66
dex: customize login page
2024-01-05 16:49:29 +01:00
quitte
693154fe1a
padlist: dex openid connect login instead of basic auth
2024-01-05 15:57:32 +01:00
Jonas Gaffke
2ed00fb4c0
quitte: add vscode server
2024-01-01 17:23:01 +01:00
Rouven Seifert
86cd033cba
forgejo: fix prestart
2023-12-26 17:56:32 +01:00
Rouven Seifert
b8e950d5d0
postfix: apply fix against smtp mail smuggling
2023-12-22 23:39:09 +01:00
Rouven Seifert
12fd11d18e
postgres: fix table names in backup
2023-12-18 12:06:09 +01:00
Rouven Seifert
11bdb6b8f7
zsh: disable root git reminder
2023-12-18 12:04:35 +01:00
Jonas Gaffke
cc39b86e78
base: add unzip package
2023-12-15 16:03:17 +01:00
Jonas Gaffke
956908e981
userdir: add robots.txt
2023-12-15 15:48:40 +01:00
Jonas Gaffke
9607dd1b54
wiki: format
2023-12-15 12:05:43 +01:00
Jonas Gaffke
3aeec71dd4
wiki: add SyntaxHighlight extension
2023-12-15 12:02:15 +01:00
Jonas Gaffke
5ce0b2d4ec
wiki: update extensions
2023-12-15 11:19:38 +01:00
Rouven Seifert
7022528b62
fix phil postgres
2023-12-14 17:32:13 +01:00
Rouven Seifert
f57babf97c
use new bacula fixes
2023-12-14 15:51:52 +01:00
Rouven Seifert
8acfe6ee0c
fix checks
2023-12-14 15:42:10 +01:00
Rouven Seifert
2eb832c8a9
better homedir creation
2023-12-12 13:04:03 +01:00
Rouven Seifert
1789ac741d
formatting
2023-12-12 13:01:08 +01:00
Rouven Seifert
220136af25
tomate: init sssd
2023-12-12 12:57:47 +01:00
Rouven Seifert
2b5706b987
zammad: enable backup
2023-11-29 23:29:59 +01:00
Rouven Seifert
fd5e0108f6
quitte: allow ldaps access
2023-11-28 23:00:41 +01:00
Lyn Fugmann
964183a0e7
userdir: increase upload size limit
2023-11-28 18:34:51 +01:00
Rouven Seifert
e86fdf1819
tomate: init
2023-11-28 11:37:35 +01:00
Lyn Fugmann
b972d22997
matrix: use upstream ldap plugin
...
it has been updated and supports reading bind_password from a file now
2023-11-17 20:38:36 +01:00
quitte
8a8af52ec7
zammad: init
2023-11-17 18:18:35 +01:00
Rouven Seifert
127ab9d92e
rspamd: add more headers
2023-11-16 00:07:22 +01:00
Rouven Seifert
7ad0c7d98e
bacula: close udp port
...
not needed for operation
2023-11-14 13:20:41 +01:00
Rouven Seifert
121a9f001e
ssh: enable mosh
2023-11-13 14:20:18 +01:00
Lyn Fugmann
fe946150d7
nginx: refactor, remove hard coded vhost names
2023-11-13 11:12:58 +01:00
Rouven Seifert
87a5486114
nginx: fix newline
2023-11-13 10:04:12 +01:00
Rouven Seifert
075bc2b6fa
nginx: split logs per vhost
2023-11-13 09:51:07 +01:00
Lyn Fugmann
3e70f7a0fc
element-web: disable identity server
2023-11-10 15:42:58 +01:00
Rouven Seifert
2496192efc
nextcloud: configure redis
2023-11-09 18:03:04 +01:00
Jonas Gaffke
5de01790c4
nextcloud: enable HEIC image preview
2023-11-09 15:35:26 +01:00
Jonas Gaffke
0dab62ebff
postgres: increse max_connections to 1000
2023-11-09 15:29:42 +01:00
Lyn Fugmann
7e17d77b1d
nextcloud: migration changes
2023-11-08 18:40:11 +01:00
Rouven Seifert
0eeac8391d
mail: enable imap_filter_sieve
2023-11-03 11:08:42 +01:00
Rouven Seifert
85e6ebbc29
fail2ban: disable tor lists
...
some people have legimitate interest in accessing our services via tor
in case of abuse out of these networks this commit can be reverted
2023-11-02 22:50:23 +01:00
Rouven Seifert
a9d4543da7
rspamd: whitelist tu networks
2023-11-01 22:45:21 +01:00
Rouven Seifert
dd50175c58
httpd: limit number of spawned processes
2023-10-28 17:35:14 +02:00
Rouven Seifert
245d5bc498
fail2ban: use nftables
2023-10-28 17:34:55 +02:00
Rouven Seifert
7b3925deca
courses-phil: use systemd credentials to load the secrets
2023-10-23 15:08:33 +02:00
Rouven Seifert
8eaf733126
fail2ban: whitelist tu ranges
2023-10-23 11:57:01 +02:00
Rouven Seifert
0899143b8c
formatting
2023-10-23 10:47:40 +02:00
Rouven Seifert
303888dfd9
nixify the manual
2023-10-23 10:27:30 +02:00
Rouven Seifert
75be7e22a3
mail: add keyword blacklist
2023-10-21 00:49:24 +02:00
quitte
5270ab09e6
add btop package
2023-10-20 21:38:28 +02:00
Rouven Seifert
3763b8b106
fail2ban: enable incremental bantime
2023-10-20 16:57:02 +02:00
Rouven Seifert
a8d1444ef9
Merge pull request #76 from fsr/fail2ban-mail
...
fail2ban: setup postfix and dovecot
2023-10-20 12:27:58 +02:00
Rouven Seifert
0712f02d40
fail2ban: setup postfix and dovecot
2023-10-19 14:24:11 +02:00
quitte
2058b8f955
add infoscreen, manual and sharepic websites
2023-10-19 11:54:15 +02:00
Rouven Seifert
c360abe7d9
ftp: remove TUD private subnet
...
was added on kaki back then. Probably because of some routing misconfigurations
let's embrace some hope that this is now fixed
2023-10-18 23:30:16 +02:00
Rouven Seifert
ddc7179312
kanboard: add short domain
2023-10-16 11:59:06 +02:00
quitte
94c9be356c
kanboard: first version
2023-10-15 13:38:48 +02:00
quitte
8c7ffab70e
mautrix-telegram: enable again and small fix
2023-10-09 21:19:05 +02:00
Rouven Seifert
3d18969471
nginx: disable ip anonymizing
2023-10-08 13:43:04 +02:00
Rouven Seifert
5820741dd2
matrix: move to ifsr.de
2023-10-08 13:42:29 +02:00
Lyn Fugmann
d48fb6c13a
setup fail2ban
...
block tor exit nodes
2023-10-04 18:49:12 +02:00
Rouven Seifert
23fb7747fb
Revert "temporarily show participants again in the course-management"
...
This reverts commit 39db962a2c
.
2023-10-02 17:32:52 +02:00
quitte
a9c8c03f08
userdir: disable php error display
2023-10-01 19:17:29 +02:00
Rouven Seifert
39db962a2c
temporarily show participants again in the course-management
2023-09-29 17:49:45 +02:00
quitte
6d277b6814
courses-phil: add redirects
2023-09-28 13:34:58 +02:00
quitte
3c17c0ad6a
course-phil: on-metal fixes
2023-09-27 15:08:12 +02:00
Rouven Seifert
a5d29c3338
sops: set sopsfile
2023-09-27 14:25:03 +02:00
Rouven Seifert
8908b3bbff
courses: phil: init as container
2023-09-27 14:20:11 +02:00
Rouven Seifert
e4b26a640b
mail: set mailUser and mailGroup
2023-09-27 11:12:07 +02:00
Rouven Seifert
aa1f91c5b4
mail: fix typo
2023-09-27 11:04:37 +02:00
Rouven Seifert
201fef3084
added global spam filtering script
2023-09-27 11:03:10 +02:00
Rouven Seifert
71f4c64022
nextcloud upgrade to 27
2023-09-24 16:06:10 +02:00
Rouven Seifert
1b36010ad9
mail: disable pam authentication
2023-09-22 13:46:49 +02:00
Rouven Seifert
92efae76ed
rspamd: formatting fix
2023-09-21 21:50:36 +02:00
Rouven Seifert
7c15108f3d
rspamd: enable the neural module
...
so we can throw some buzzwords
2023-09-21 21:49:00 +02:00
Rouven Seifert
3b59947673
rspamd: configure dynamic blacklisting
2023-09-21 21:20:48 +02:00
quitte
b35703040b
nix: allow fetching the index from github
2023-09-20 22:20:49 +02:00
quitte
bed0f24e94
format
2023-09-20 14:09:55 +02:00
quitte
e739a60e66
userdir, zsh fixes
2023-09-20 14:07:50 +02:00