Commit Graph

1635 Commits

Author SHA1 Message Date
Lennart
a5df5deb3b add ed25519 pubkey to {catalonia,karakalpakstan}.r 2022-01-05 21:30:29 +01:00
tv
e82cbd6f35 exim: set User= but run as root
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=.  As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.

[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
2022-01-04 20:30:02 +01:00
tv
853e54ec84 htgen: use currect group names 2022-01-03 14:56:44 +01:00
makefu
2313e962e2
Merge remote-tracking branch 'lass/master' 2022-01-03 00:47:24 +01:00
makefu
057adcb836
k 3 ma: removing trace output for ed25519 keys 2022-01-03 00:47:03 +01:00
lassulus
afaf87781a krebs.tinc: make /etc/tinc/ writable by tincd 2022-01-02 23:30:50 +01:00
lassulus
dc42812610 Merge remote-tracking branch 'mic92/master' 2022-01-02 22:54:22 +01:00
lassulus
bb4fdd13a4 Merge remote-tracking branch 'ni/master' 2022-01-02 22:54:07 +01:00
lassulus
4b977044b9 Merge remote-tracking branch 'gum/master' 2022-01-02 22:53:37 +01:00
88ec249276 mic92: drop ipv4 for bernie 2022-01-02 22:14:24 +01:00
6f96a15df6 mic92: add ip address for yasmin 2022-01-02 14:54:01 +01:00
62b30b0720 mic92: add tts.r 2021-12-31 17:26:47 +01:00
lassulus
1b59fef50a Merge remote-tracking branch 'kmein/master' 2021-12-30 03:20:45 +01:00
Kierán Meinhardt
ed896a991f external: update kmein ssh keys 2021-12-30 03:19:58 +01:00
tv
2280c39d3e krebs.systemd: don't offer to reload services
Because new credentials won't be available after reloading, only after
restarting.
2021-12-29 17:17:45 +01:00
lassulus
7e67b78596 Merge remote-tracking branch 'ni/master' 2021-12-29 16:33:02 +01:00
tv
2f15fd1d68 ergo: fix multiclient default config 2021-12-29 16:23:59 +01:00
lassulus
f393c44c22 external: pinpox-ahorn.r -> ahorn.r 2021-12-29 16:13:03 +01:00
lassulus
8a24a9f395 ergo: reload, accounts, channels, doc 2021-12-29 15:52:29 +01:00
lassulus
d3c3f1551f Merge remote-tracking branch 'ni/master' 2021-12-29 00:20:31 +01:00
makefu
7766b006a8
Merge remote-tracking branch 'tv/master' 2021-12-29 00:20:28 +01:00
makefu
3330b6a2c4
k 3 ma: add ed25519 keys for all hosts 2021-12-29 00:05:10 +01:00
tv
69d266b76b ergo: kill dead code and stuff 2021-12-28 23:53:27 +01:00
makefu
a041768aa1
k 3 ma: make ed25519 keys available for hosts 2021-12-28 23:49:34 +01:00
lassulus
3bec49053d hotdog.r tinc: add ed25519 pubkey 2021-12-28 23:34:13 +01:00
tv
e9cd6d91dc ergo: always merge default config 2021-12-28 22:33:36 +01:00
lassulus
2a47990f16 ergo: use DynamicUser 2021-12-28 22:20:54 +01:00
lassulus
96c60accf3 Merge remote-tracking branch 'mic92/master' 2021-12-28 20:27:30 +01:00
tv
13a7209ca2 tv hosts: add all the ed25519 keys 2021-12-28 18:18:35 +01:00
Kierán Meinhardt
98e45d2075 mic92: fix ssh ed25519 keys 2021-12-28 16:49:07 +01:00
lassulus
7870cc2b04 external: fix ed25519 pubkey syntax 2021-12-28 16:44:23 +01:00
lassulus
02fbaca275 external kmein: fix ed25519 pubkey syntax 2021-12-28 16:41:24 +01:00
Pablo Ovelleiro Corral
17e614cb00 external: add pinpox-ahorn 2021-12-28 16:30:33 +01:00
Kierán Meinhardt
6104ec910e external: add kmein ed25519 keys 2021-12-28 16:10:19 +01:00
lassulus
c7b7bd48b5 l tinc: define ed25519 keys for all hosts 2021-12-28 16:09:42 +01:00
lassulus
8692db1285 Merge remote-tracking branch 'mic92/master' 2021-12-25 20:08:31 +01:00
cb26de2f5c matchbox: remove ipv4 2021-12-25 08:39:02 +01:00
tv
969bd9767e exim-smarthost: dkim_strict = true 2021-12-24 10:19:13 +01:00
tv
b33381d15e exim-smarthost: use LoadCredential 2021-12-24 09:22:41 +01:00
tv
7219292dd5 repo-sync: use LoadCredential 2021-12-24 00:51:28 +01:00
tv
71d11e8f2b repo-sync: add group 2021-12-24 00:51:28 +01:00
tv
234d9d96bf krebs.systemd: allow LoadCredential to be a string 2021-12-24 00:51:28 +01:00
lassulus
2be08e3c52 systemd module: use LoadCredentials from config.systemd.services 2021-12-23 23:59:22 +01:00
lassulus
29b796f521 Merge remote-tracking branch 'ni/master' 2021-12-23 21:49:55 +01:00
tv
d4521eb339 krebs.systemd: allow reload if credentials change 2021-12-23 20:18:28 +01:00
tv
1cf495d6eb krebs.systemd: support credentials of any service 2021-12-23 20:18:28 +01:00
a9d324f176 mic92: update ip for eve 2021-12-23 08:36:49 +01:00
tv
5f7ab23ebf krebs.tinc: drop environment.systemPackages TODO
Nobody bothered about this for more than five years.  And even though
fixable, chances are quite high that this feature is not needed anymore.
2021-12-23 03:20:36 +01:00
tv
8029e80632 krebs.tinc: drop api and imp boilerplate 2021-12-23 03:16:44 +01:00
tv
018018e16b krebs.tinc: don't bother aliasing packages 2021-12-23 03:12:58 +01:00