71ab2af0e5 
								
							 
						 
						
							
							
								
								fix(pam): Switch to rssh for ssh-agent based PAM auth  
							
							... 
							
							
							
							The old module stopped working with my new yubikey, so... 
							
						 
						
							2025-10-21 02:18:28 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								309a775b0f 
								
							 
						 
						
							
							
								
								feat(ssh): Enable sftp  
							
							... 
							
							
							
							The old scp protocol was deprecated in favor of this. 
							
						 
						
							2025-08-02 18:35:02 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								0b5b6ef421 
								
							 
						 
						
							
							
								
								feat: Add minecraft server  
							
							
							
						 
						
							2025-07-31 03:58:32 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								913944cff3 
								
							 
						 
						
							
							
								
								feat(immich): Add immich service  
							
							
							
						 
						
							2025-05-24 05:30:06 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								63b3cbe00b 
								
							 
						 
						
							
							
								
								style(treewide): Apply linter suggestions  
							
							
							
						 
						
							2025-05-20 20:48:47 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								c939b935bf 
								
							 
						 
						
							
							
								
								feat(conduit): Refactor matrix appservices and add matrix-hookshot  
							
							
							
						 
						
							2025-02-11 05:01:37 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								40187d4b2d 
								
							 
						 
						
							
							
								
								feat: Add crowdsec to replace fail2ban  
							
							
							
						 
						
							2025-02-01 00:08:31 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								22981fdcdd 
								
							 
						 
						
							
							
								
								feat: Remove fail2ban  
							
							
							
						 
						
							2025-02-01 00:08:29 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								b3be7bd88f 
								
							 
						 
						
							
							
								
								bump: Update to NixOS 24.11  
							
							
							
						 
						
							2025-01-19 17:40:30 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								34f88ee8d5 
								
							 
						 
						
							
							
								
								chore: Remove afvalcalendar  
							
							
							
						 
						
							2025-01-19 17:40:29 +08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								04f7a7ef1d 
								
							 
						 
						
							
							
								
								treewide: Use nixfmt for formatting  
							
							
							
						 
						
							2024-08-18 20:41:20 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								222829d82a 
								
							 
						 
						
							
							
								
								starbound: Don't build service for now  
							
							... 
							
							
							
							This includes the really huge steam-run closure, which is just a PITA
to keep up with if we're never using it. 
							
						 
						
							2024-07-01 19:24:03 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								fd138d45e6 
								
							 
						 
						
							
							
								
								treewide: Start using nixpkgs-fmt formatting  
							
							
							
						 
						
							2024-06-28 20:12:55 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								501c3466bc 
								
							 
						 
						
							
							
								
								Update to NixOS 24.05  
							
							
							
						 
						
							2024-06-14 00:49:12 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								8f178f776e 
								
							 
						 
						
							
							
								
								afvalcalendar: Host enschede afvalcalendar  
							
							
							
						 
						
							2024-04-15 03:14:46 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								119db5e1d3 
								
							 
						 
						
							
							
								
								sonnenshift: Init  
							
							
							
						 
						
							2024-04-08 20:02:53 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								14785afa14 
								
							 
						 
						
							
							
								
								vm: Set up proper bridge networking  
							
							
							
						 
						
							2024-03-27 01:51:15 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								fa73574dba 
								
							 
						 
						
							
							
								
								nginx: Factor nginx configuration into a separate module  
							
							
							
						 
						
							2024-03-12 06:07:24 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								1c6e7ec106 
								
							 
						 
						
							
							
								
								acme: Don't attempt to get certs if the domain is wrong  
							
							
							
						 
						
							2024-03-11 03:42:29 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								ddda6f534b 
								
							 
						 
						
							
							
								
								hetzner: Add new server config  
							
							
							
						 
						
							2024-03-11 03:42:28 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								95b5d4b3bd 
								
							 
						 
						
							
							
								
								nginx: Reduce number of rotated logs kept around  
							
							
							
						 
						
							2023-12-15 17:04:42 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								55a4aaf48b 
								
							 
						 
						
							
							
								
								metrics: Add metrics with victoriametrics + grafana  
							
							
							
						 
						
							2023-10-12 20:41:04 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								87dd9daa4f 
								
							 
						 
						
							
							
								
								backups: Add atomic backups with restic  
							
							
							
						 
						
							2023-10-12 20:27:34 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								828d3f3878 
								
							 
						 
						
							
							
								
								services: Update outdated options  
							
							
							
						 
						
							2023-07-28 11:23:56 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								acd7cc802b 
								
							 
						 
						
							
							
								
								networking: Set up static IP address  
							
							
							
						 
						
							2023-05-11 22:09:32 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								bb397841ee 
								
							 
						 
						
							
							
								
								refactoring: Use flake-inputs instead of awkwardly passing through  
							
							
							
						 
						
							2023-02-26 05:59:09 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								b7726af1c4 
								
							 
						 
						
							
							
								
								config: Make changes suggested post 22.11 update  
							
							
							
						 
						
							2023-01-11 02:38:56 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								957ab110c5 
								
							 
						 
						
							
							
								
								firewall: Open Minecraft ports for port forwarding  
							
							
							
						 
						
							2023-01-11 02:38:53 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tristan Daniël Maat 
								
							 
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								a28d385b17 
								
							 
						 
						
							
							
								
								conduit: Enable TURNS with a ZeroSSL-provided certificate  
							
							
							
						 
						
							2022-11-05 22:26:52 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tristan Daniël Maat 
								
							 
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								997707021b 
								
							 
						 
						
							
							
								
								config: Enable authorization through ssh agent  
							
							... 
							
							
							
							This enables sudo-via-yubikey and therefore makes `-t` obsolete, in
turn fixing a whole sleuth of issues with deploy-rs.
*And* seems more secure and convenient at the same time. 
							
						 
						
							2022-11-05 18:01:07 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tristan Daniël Maat 
								
							 
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								0528f73187 
								
							 
						 
						
							
							
								
								nginx: Remove mitigation for openssl CVE  
							
							... 
							
							
							
							This has been fixed, instead we just update to the latest openssl. 
							
						 
						
							2022-11-05 17:33:28 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tristan Daniël Maat 
								
							 
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								2304711359 
								
							 
						 
						
							
							
								
								config: Mitigate upcoming SSL CVE  
							
							... 
							
							
							
							See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html 
As 1.1 is unaffected, this override should be sufficient to evade this
problem. 
							
						 
						
							2022-10-31 16:07:41 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tristan Daniël Maat 
								
							 
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								b3e8b0e85c 
								
							 
						 
						
							
							
								
								default.nix: Turn on minimal profile  
							
							
							
						 
						
							2022-10-30 18:26:45 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Tristan Daniël Maat 
								
							 
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								c72953e1ef 
								
							 
						 
						
							
							
								
								matrix: Add coturn support for calls  
							
							
							
						 
						
							2022-10-29 01:39:09 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								c56de6cf7e 
								
							 
						 
						
							
							
								
								conduit: Add new conduit service  
							
							
							
						 
						
							2022-10-22 21:22:55 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								61d3008bc3 
								
							 
						 
						
							
							
								
								nextcloud: Fetch apps using nvfetcher  
							
							
							
						 
						
							2022-10-17 11:00:02 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								c4fa991b62 
								
							 
						 
						
							
							
								
								treewide: Add fail2ban  
							
							
							
						 
						
							2022-10-14 06:27:11 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								78ecfd63a1 
								
							 
						 
						
							
							
								
								starbound: Fix post-update issues  
							
							
							
						 
						
							2022-10-14 05:58:15 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								e8b16459d9 
								
							 
						 
						
							
							
								
								treewide: Refactor in order to clean up flake.nix  
							
							
							
						 
						
							2022-10-14 05:58:13 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								068e6d5d77 
								
							 
						 
						
							
							
								
								webserver: Use a hardened systemd unit instead of a container  
							
							
							
						 
						
							2022-10-14 05:58:11 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								b6594cea54 
								
							 
						 
						
							
							
								
								gitea: Use a hardened systemd unit instead of a container  
							
							
							
						 
						
							2022-10-14 05:58:08 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								3cedb9f978 
								
							 
						 
						
							
							
								
								nextcloud: Use a hardened systemd unit instead of a container  
							
							
							
						 
						
							2022-10-14 05:58:05 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								6a81ce4c1d 
								
							 
						 
						
							
							
								
								sops: Improve secrets provisioning to split out staging  
							
							
							
						 
						
							2022-10-12 23:22:50 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								ab3aa19481 
								
							 
						 
						
							
							
								
								treewide: Perform another nitpicking sweep  
							
							
							
						 
						
							2022-10-12 23:22:42 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								7095ab2631 
								
							 
						 
						
							
							
								
								treewide: Remove minecraft server  
							
							... 
							
							
							
							This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.
Hence I'll remove the server completely for the time being. 
							
						 
						
							2022-10-12 13:12:04 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								046a88905d 
								
							 
						 
						
							
							
								
								treewide: Reformat project with alejandra  
							
							
							
						 
						
							2022-10-10 13:03:18 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								58e52dd119 
								
							 
						 
						
							
							
								
								ssh: Allow proxy connections with gatewayPorts  
							
							
							
						 
						
							2022-10-10 13:01:26 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								cd92ec64c2 
								
							 
						 
						
							
							
								
								Add starbound server  
							
							
							
						 
						
							2022-04-23 08:47:13 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								e7102adec1 
								
							 
						 
						
							
							
								
								Add sops-nix  
							
							
							
						 
						
							2022-04-23 08:47:07 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
						 
						
							
							
								
								
									
										
									
								
							
							
							
								
							
							
								3bdbe66fe4 
								
							 
						 
						
							
							
								
								nginx: Enable HSTS  
							
							
							
						 
						
							2021-10-12 13:53:08 +01:00