Commit graph

782 commits

Author SHA1 Message Date
Rouven Seifert 4e569a8f7b
Merge pull request #78 from fsr/sssd
tomate: init sssd
2023-12-12 13:18:14 +01:00
Rouven Seifert 2eb832c8a9
better homedir creation 2023-12-12 13:04:03 +01:00
Rouven Seifert 1789ac741d
formatting 2023-12-12 13:01:08 +01:00
Rouven Seifert 220136af25
tomate: init sssd 2023-12-12 12:57:47 +01:00
Rouven Seifert 3ee4380328
tomate: prepare secrets for sssd 2023-12-12 11:39:38 +01:00
Rouven Seifert a16337f84f
tomate: secret consistency 2023-12-12 11:35:27 +01:00
Rouven Seifert 7d4a6e08ef
tomate: init secrets 2023-12-12 11:31:48 +01:00
Rouven Seifert 2b5706b987
zammad: enable backup 2023-11-29 23:29:59 +01:00
Rouven Seifert fd5e0108f6
quitte: allow ldaps access 2023-11-28 23:00:41 +01:00
Rouven Seifert 2d73376a60
tomate: enable fail2ban 2023-11-28 22:44:12 +01:00
Lyn Fugmann 964183a0e7
userdir: increase upload size limit 2023-11-28 18:34:51 +01:00
Rouven Seifert 549fffcab2
Merge pull request #77 from fsr/tomate
tomate: init
2023-11-28 11:57:42 +01:00
Rouven Seifert 8b9099fe04
tomate: remove fsr from wheel 2023-11-28 11:48:11 +01:00
Rouven Seifert 7197d6b2e2
tomate: add missing modules 2023-11-28 11:42:50 +01:00
Rouven Seifert 71f197c2f5
tomate: reformat 2023-11-28 11:40:04 +01:00
Rouven Seifert e86fdf1819
tomate: init 2023-11-28 11:37:35 +01:00
Rouven Seifert e04914e30d
nix: flake update 2023-11-20 21:30:37 +01:00
Lyn Fugmann b972d22997
matrix: use upstream ldap plugin
it has been updated and supports reading bind_password from a file now
2023-11-17 20:38:36 +01:00
quitte 8a8af52ec7 zammad: init 2023-11-17 18:18:35 +01:00
Rouven Seifert 65b2bff6b1
nix: flake update 2023-11-16 15:59:47 +01:00
Rouven Seifert 127ab9d92e
rspamd: add more headers 2023-11-16 00:07:22 +01:00
Rouven Seifert 4324dceddc
firewall: stop logging every refused connection 2023-11-14 14:00:22 +01:00
Rouven Seifert 7ad0c7d98e
bacula: close udp port
not needed for operation
2023-11-14 13:20:41 +01:00
Rouven Seifert 121a9f001e
ssh: enable mosh 2023-11-13 14:20:18 +01:00
Lyn Fugmann fe946150d7 nginx: refactor, remove hard coded vhost names 2023-11-13 11:12:58 +01:00
Rouven Seifert 87a5486114
nginx: fix newline 2023-11-13 10:04:12 +01:00
Rouven Seifert 075bc2b6fa
nginx: split logs per vhost 2023-11-13 09:51:07 +01:00
Lyn Fugmann 3e70f7a0fc
element-web: disable identity server 2023-11-10 15:42:58 +01:00
Rouven Seifert fd9e9c8b0b
nix: flake update 2023-11-10 00:03:41 +01:00
Rouven Seifert 2496192efc nextcloud: configure redis 2023-11-09 18:03:04 +01:00
Jonas Gaffke 5de01790c4 nextcloud: enable HEIC image preview 2023-11-09 15:35:26 +01:00
Jonas Gaffke 0dab62ebff postgres: increse max_connections to 1000 2023-11-09 15:29:42 +01:00
Lyn Fugmann 7e17d77b1d
nextcloud: migration changes 2023-11-08 18:40:11 +01:00
Rouven Seifert faddb9ea87
nix: flake update 2023-11-05 19:22:59 +01:00
Rouven Seifert 0eeac8391d mail: enable imap_filter_sieve 2023-11-03 11:08:42 +01:00
Rouven Seifert 85e6ebbc29
fail2ban: disable tor lists
some people have legimitate interest in accessing our services via tor
in case of abuse out of these networks this commit can be reverted
2023-11-02 22:50:23 +01:00
Rouven Seifert a9d4543da7
rspamd: whitelist tu networks 2023-11-01 22:45:21 +01:00
Rouven Seifert c038ea7ed9
nix: flake update 2023-10-28 17:36:10 +02:00
Rouven Seifert dd50175c58
httpd: limit number of spawned processes 2023-10-28 17:35:14 +02:00
Rouven Seifert 245d5bc498
fail2ban: use nftables 2023-10-28 17:34:55 +02:00
Rouven Seifert 9a5d048676
hydra: disable
Not in use and spams database connections
2023-10-28 17:34:07 +02:00
Rouven Seifert 7b3925deca
courses-phil: use systemd credentials to load the secrets 2023-10-23 15:08:33 +02:00
Rouven Seifert 6e269d8dc7
firewall: use nftables 2023-10-23 11:59:12 +02:00
Rouven Seifert 8eaf733126
fail2ban: whitelist tu ranges 2023-10-23 11:57:01 +02:00
Rouven Seifert 0899143b8c
formatting 2023-10-23 10:47:40 +02:00
Rouven Seifert 303888dfd9
nixify the manual 2023-10-23 10:27:30 +02:00
Rouven Seifert 75be7e22a3
mail: add keyword blacklist 2023-10-21 00:49:24 +02:00
Rouven Seifert 5171b2f443
nix: flake update 2023-10-21 00:05:29 +02:00
quitte 5270ab09e6 add btop package 2023-10-20 21:38:28 +02:00
Rouven Seifert 3763b8b106
fail2ban: enable incremental bantime 2023-10-20 16:57:02 +02:00