tv
|
e82cbd6f35
|
exim: set User= but run as root
LoadCredential= will set the owner of $CREDENTIALS_DIRECTORY and the
credentials to User=. As currently Exim is currently has to be run as
root in order to use the standard SMTP port and for local deliveries[1],
set User=exim, but run all processes as root.
[1]: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-security_considerations.html#SECID270
|
2022-01-04 20:30:02 +01:00 |
|
tv
|
853e54ec84
|
htgen: use currect group names
|
2022-01-03 14:56:44 +01:00 |
|
makefu
|
2313e962e2
|
Merge remote-tracking branch 'lass/master'
|
2022-01-03 00:47:24 +01:00 |
|
makefu
|
057adcb836
|
k 3 ma: removing trace output for ed25519 keys
|
2022-01-03 00:47:03 +01:00 |
|
lassulus
|
afaf87781a
|
krebs.tinc: make /etc/tinc/ writable by tincd
|
2022-01-02 23:30:50 +01:00 |
|
lassulus
|
dc42812610
|
Merge remote-tracking branch 'mic92/master'
|
2022-01-02 22:54:22 +01:00 |
|
lassulus
|
bb4fdd13a4
|
Merge remote-tracking branch 'ni/master'
|
2022-01-02 22:54:07 +01:00 |
|
lassulus
|
4b977044b9
|
Merge remote-tracking branch 'gum/master'
|
2022-01-02 22:53:37 +01:00 |
|
|
|
88ec249276
|
mic92: drop ipv4 for bernie
|
2022-01-02 22:14:24 +01:00 |
|
|
|
6f96a15df6
|
mic92: add ip address for yasmin
|
2022-01-02 14:54:01 +01:00 |
|
|
|
62b30b0720
|
mic92: add tts.r
|
2021-12-31 17:26:47 +01:00 |
|
lassulus
|
1b59fef50a
|
Merge remote-tracking branch 'kmein/master'
|
2021-12-30 03:20:45 +01:00 |
|
Kierán Meinhardt
|
ed896a991f
|
external: update kmein ssh keys
|
2021-12-30 03:19:58 +01:00 |
|
tv
|
2280c39d3e
|
krebs.systemd: don't offer to reload services
Because new credentials won't be available after reloading, only after
restarting.
|
2021-12-29 17:17:45 +01:00 |
|
lassulus
|
7e67b78596
|
Merge remote-tracking branch 'ni/master'
|
2021-12-29 16:33:02 +01:00 |
|
tv
|
2f15fd1d68
|
ergo: fix multiclient default config
|
2021-12-29 16:23:59 +01:00 |
|
lassulus
|
f393c44c22
|
external: pinpox-ahorn.r -> ahorn.r
|
2021-12-29 16:13:03 +01:00 |
|
lassulus
|
8a24a9f395
|
ergo: reload, accounts, channels, doc
|
2021-12-29 15:52:29 +01:00 |
|
lassulus
|
d3c3f1551f
|
Merge remote-tracking branch 'ni/master'
|
2021-12-29 00:20:31 +01:00 |
|
makefu
|
7766b006a8
|
Merge remote-tracking branch 'tv/master'
|
2021-12-29 00:20:28 +01:00 |
|
makefu
|
3330b6a2c4
|
k 3 ma: add ed25519 keys for all hosts
|
2021-12-29 00:05:10 +01:00 |
|
tv
|
69d266b76b
|
ergo: kill dead code and stuff
|
2021-12-28 23:53:27 +01:00 |
|
makefu
|
a041768aa1
|
k 3 ma: make ed25519 keys available for hosts
|
2021-12-28 23:49:34 +01:00 |
|
lassulus
|
3bec49053d
|
hotdog.r tinc: add ed25519 pubkey
|
2021-12-28 23:34:13 +01:00 |
|
tv
|
e9cd6d91dc
|
ergo: always merge default config
|
2021-12-28 22:33:36 +01:00 |
|
lassulus
|
2a47990f16
|
ergo: use DynamicUser
|
2021-12-28 22:20:54 +01:00 |
|
lassulus
|
96c60accf3
|
Merge remote-tracking branch 'mic92/master'
|
2021-12-28 20:27:30 +01:00 |
|
tv
|
13a7209ca2
|
tv hosts: add all the ed25519 keys
|
2021-12-28 18:18:35 +01:00 |
|
Kierán Meinhardt
|
98e45d2075
|
mic92: fix ssh ed25519 keys
|
2021-12-28 16:49:07 +01:00 |
|
lassulus
|
7870cc2b04
|
external: fix ed25519 pubkey syntax
|
2021-12-28 16:44:23 +01:00 |
|
lassulus
|
02fbaca275
|
external kmein: fix ed25519 pubkey syntax
|
2021-12-28 16:41:24 +01:00 |
|
Pablo Ovelleiro Corral
|
17e614cb00
|
external: add pinpox-ahorn
|
2021-12-28 16:30:33 +01:00 |
|
Kierán Meinhardt
|
6104ec910e
|
external: add kmein ed25519 keys
|
2021-12-28 16:10:19 +01:00 |
|
lassulus
|
c7b7bd48b5
|
l tinc: define ed25519 keys for all hosts
|
2021-12-28 16:09:42 +01:00 |
|
lassulus
|
8692db1285
|
Merge remote-tracking branch 'mic92/master'
|
2021-12-25 20:08:31 +01:00 |
|
|
|
cb26de2f5c
|
matchbox: remove ipv4
|
2021-12-25 08:39:02 +01:00 |
|
tv
|
969bd9767e
|
exim-smarthost: dkim_strict = true
|
2021-12-24 10:19:13 +01:00 |
|
tv
|
b33381d15e
|
exim-smarthost: use LoadCredential
|
2021-12-24 09:22:41 +01:00 |
|
tv
|
7219292dd5
|
repo-sync: use LoadCredential
|
2021-12-24 00:51:28 +01:00 |
|
tv
|
71d11e8f2b
|
repo-sync: add group
|
2021-12-24 00:51:28 +01:00 |
|
tv
|
234d9d96bf
|
krebs.systemd: allow LoadCredential to be a string
|
2021-12-24 00:51:28 +01:00 |
|
lassulus
|
2be08e3c52
|
systemd module: use LoadCredentials from config.systemd.services
|
2021-12-23 23:59:22 +01:00 |
|
lassulus
|
29b796f521
|
Merge remote-tracking branch 'ni/master'
|
2021-12-23 21:49:55 +01:00 |
|
tv
|
d4521eb339
|
krebs.systemd: allow reload if credentials change
|
2021-12-23 20:18:28 +01:00 |
|
tv
|
1cf495d6eb
|
krebs.systemd: support credentials of any service
|
2021-12-23 20:18:28 +01:00 |
|
|
|
a9d324f176
|
mic92: update ip for eve
|
2021-12-23 08:36:49 +01:00 |
|
tv
|
5f7ab23ebf
|
krebs.tinc: drop environment.systemPackages TODO
Nobody bothered about this for more than five years. And even though
fixable, chances are quite high that this feature is not needed anymore.
|
2021-12-23 03:20:36 +01:00 |
|
tv
|
8029e80632
|
krebs.tinc: drop api and imp boilerplate
|
2021-12-23 03:16:44 +01:00 |
|
tv
|
018018e16b
|
krebs.tinc: don't bother aliasing packages
|
2021-12-23 03:12:58 +01:00 |
|
tv
|
21e407aa59
|
krebs.tinc: use LoadCredential
|
2021-12-23 01:59:25 +01:00 |
|
