Commit graph

448 commits

Author SHA1 Message Date
83e46a95fe ldap: optional field to mark it as secure 2023-07-20 21:22:53 +01:00
b918c04f13 email: may not have to restart daily now that permissions are fixed 2023-07-16 21:30:54 +01:00
6bf5088bb5 ldap: raise response limit 2023-07-16 21:28:03 +01:00
3e8037153f email: quota buffer 2023-07-16 15:18:23 +01:00
bdf6c699e0 email: quota setup 2023-07-16 15:06:06 +01:00
0c26f37507 email: properly set teh DKIM keys 2023-07-16 12:32:18 +01:00
dbc7aa8690 email: restart daily, shhould minimise permission issues 2023-07-16 03:23:47 +01:00
ad6280189b email: use the nginx generated certs. 2023-07-16 02:44:22 +01:00
bc2e781586 dns: cleaned up teh implmentation of the dns, partly to make it easier toa dd records and partly to make it really neat config files. 2023-07-16 01:53:21 +01:00
d683598060 dns: abstracted away much of the dns logic into teh dns config file 2023-07-15 15:54:42 +01:00
6412a53070 fmt: a bit of a cleanup 2023-07-15 15:05:57 +01:00
3a28291933 backup: got it working for email + some improvements 2023-07-15 14:51:11 +01:00
6cb3fcf409 dns: remove leading spaces 2023-07-08 10:27:30 +01:00
0d13f47f80 Merge branch 'main' of gitlab.com:c2842/computer_society/nixos 2023-07-05 18:32:09 +01:00
66b59d42a9 email: thunderbird, users can jsut accept defaults 2023-07-04 23:14:58 +01:00
0e9a44f67c backups: got the backup configed, but fecked up the networking 2023-07-04 22:26:47 +01:00
ccf78c06a4 email: updated email config 2023-07-04 21:53:24 +01:00
ad1f5a8678 games: added second gsoc server 2023-06-25 21:29:27 +01:00
c756a1d03e fix: got jones back working again 2023-06-24 15:41:31 +01:00
7dcda8021c backup: more robust handling of credentials 2023-06-24 01:34:45 +01:00
88353f3727 feat: added backup config
(currently temp server, will be using hardware soon)
2023-06-23 23:52:31 +01:00
eb173944dc feat: new ldap backend api is up and running, with ci as well 2023-06-18 22:49:31 +01:00
bb505ce3c7 fix: Got the mailserver "working"
Used https://gitlab.com/-/snippets/2481362

Need to get port 25 opened though
2023-06-18 12:50:23 +01:00
46742c1a2a fix: no custom domains for pages :( 2023-06-18 01:14:10 +01:00
33ebd7150f feat: enable custom domains for pages 2023-06-17 23:36:01 +01:00
67661e3431 feat: added gitlab pages 2023-06-17 22:51:13 +01:00
e990626c7a feat: updated to nginx 23.05 2023-06-17 22:08:31 +01:00
704222fcb9 gitlab: runner up and running
heh
2023-06-17 19:37:06 +01:00
f24b450b36 dns: fixed some records related to email 2023-06-17 01:28:55 +01:00
9b1a936f03 dns: got reverse dns working 2023-06-17 00:59:22 +01:00
6585a3c88a email: email is semi functional, can send but it doesnot save to sent items
Unsure about recieve
2023-06-16 23:18:53 +01:00
524d014cb1 fix: just use a groupOfNames 2023-06-16 18:51:24 +01:00
1939f4648f dns: now using the server for our other domain 2023-06-15 22:50:29 +01:00
6e25003b5c fmt: removed some duplicates 2023-06-15 22:02:30 +01:00
775d6412af fix: formatting and tidying up 2023-06-15 21:38:42 +01:00
144b572b1b fix: set the alternatate port used for the ssh 2023-06-15 21:36:10 +01:00
1c03644912 fix: no need to have the enabled tag now that it is definitely going to be groups 2023-06-15 14:32:35 +01:00
61bd023737 fix: now using two sets of ldap groups, one for linux, one for everything else 2023-06-15 14:29:06 +01:00
564fe272b1 fix: gonna need an extra field that is stable 2023-06-15 02:45:13 +01:00
f5b1cb33ef feat: add the ldap client to all servers 2023-06-14 21:04:29 +01:00
883a6b239c feat: setup minecraft for both us and gsoc 2023-06-11 22:11:57 +01:00
378b4d0b8f ldap: dir to back up 2023-05-27 00:30:39 +01:00
60d3025d88 gitlab: added useful commands 2023-05-26 22:21:47 +01:00
894837494c ldap: set password hash back to SSH512 2023-05-26 10:21:14 +01:00
eb34303c7b ldap: set fields the user can change on their own 2023-05-25 22:23:25 +01:00
d1b79da77c ldap: only allow ssh key login on linux servers 2023-05-25 16:53:59 +01:00
e748eb306a ldap: add an attribute for the created date 2023-05-25 12:12:30 +01:00
1cbe71db12 gitlab: limit to only active members 2023-05-24 22:01:01 +01:00
d1cf49bb83 gitlab: would like to use ee, but sadly too expensive 2023-05-24 21:37:16 +01:00
3dc27bcf77 gitlab: properly use the username 2023-05-24 21:08:42 +01:00
59f4057698 gitlab: basic setup 2023-05-24 20:57:49 +01:00
e0e1b83e12 gitlab: I think this is the right config 2023-05-24 16:56:59 +01:00
02fb3e28cd fix: needed the right imports 2023-05-24 16:52:18 +01:00
3df29a42d4 fix: need the dns imported 2023-05-24 16:51:15 +01:00
95cdbf2b4e feat: properly modularised games 2023-05-24 16:39:02 +01:00
920f6ab86e feat: dns fully modularised now 2023-05-24 16:12:48 +01:00
34de735720 feat: turned ulfm into a proper module 2023-05-24 15:59:22 +01:00
91a3eb6a1a ldap: use the home given in the ldap, will allow for custom homes 2023-05-24 15:54:00 +01:00
d63ebabc85 ldap: able to deal with up to ssha512 passwords 2023-05-24 15:31:58 +01:00
d056929a18 ldap: extended class 2023-05-24 00:35:17 +01:00
934b1ff1c4 ldap: using ladps seems to work 2023-05-23 23:47:57 +01:00
41449dd28c ldap: fixced the encryption key required 2023-05-23 23:30:27 +01:00
44921afecd acme: may as well be patient 2023-05-21 22:45:40 +01:00
de76e8eee6 ldap: now got secure mode 2023-05-21 22:45:20 +01:00
a660a60346 fix: group should be able to write to it as well 2023-05-21 21:51:17 +01:00
693043b081 dns: new functions work well
Will try to figure out if the two functions can be merged so its a single function called
2023-05-21 21:48:30 +01:00
f8f2f6fa15 dns: better function for the etc files (basically using a nice wrapper) 2023-05-21 21:30:14 +01:00
c6b766bd65 dns: function to handle opn domains 2023-05-21 21:25:21 +01:00
e47f2c85f2 dns: a function to give thw whitelist for the cache networks 2023-05-21 20:22:54 +01:00
126db6e3cb dns: now have a proper primary and secondary 2023-05-21 19:38:13 +01:00
1e9b63e13d dns: added more otehr domains, will tidy up config better later 2023-05-21 19:06:30 +01:00
d3e1e3e67f dns: added csn.ul.ie 2023-05-21 16:18:53 +01:00
9618d87c67 dns: parametrised the config 2023-05-21 16:18:39 +01:00
c42b13b990 fix: ports are numbers not strings 2023-05-21 12:23:57 +01:00
81b41087fe feat: added ldaps 2023-05-21 12:17:06 +01:00
ad2c9dad6b fix: better handling of domain 2023-05-21 12:08:26 +01:00
6e58eac8c1 fix: properly use the port 2023-05-21 12:05:19 +01:00
b15b07ae36 fix: move base into teh config 2023-05-21 12:02:52 +01:00
48a23519e9 fix: got permissions "working" for teh password reset, not ideal though 2023-05-21 03:09:24 +01:00
60e33e2abb ldap: give users a home dir 2023-05-21 01:39:01 +01:00
e73e15f524 ldap: client is properly working now 2023-05-21 01:38:19 +01:00
67a0d1b8bf fix: had to give the file the right permissions
Also need to restart openlpad.service on password change
2023-05-21 00:19:20 +01:00
32577ecebc fix: typo in name 2023-05-20 22:20:06 +01:00
4e664ce1bc feat: ldap now has secrets properly stored 2023-05-20 21:33:04 +01:00
144f3bce54 ldap: got a tool to manage the password resets and ssh key 2023-05-20 19:33:08 +01:00
c17a28d7a9 ldap: now got skMemberOf to replace memberof (memberof does not work on unixgroups) 2023-05-20 15:26:03 +01:00
0c57b35778 ldap: is working as intended, working on scripting to add and manage users 2023-05-20 03:08:30 +01:00
f6183c1b10 podman: was working, now it isnt AGHHHHHHHHH 2023-05-19 19:15:22 +01:00
614d905dfd docker: now using podman
had to reboot to make ti come into effect
2023-05-19 18:18:41 +01:00
7e380d6932 ldap: a mostly working ldaish setup 2023-05-18 21:59:23 +01:00
baa226cacf ldap: cant have uppercase letters in username 2023-05-16 23:58:34 +01:00
53696c927e ldap: first attempt at ldap 2023-05-16 22:23:04 +01:00
4ef6c14a32 feat: basic gitlab setup 2023-05-16 16:40:49 +01:00
5579de7e7c dns: fixed issue that could cause a DOS attach (via DNS amplification)
ITD's router was setting teh IP of all external traffic as 193.1.99.65, which was part of the 193.1.99.64/26 subnet.
The fix is to explisitly list all our IP's
2023-05-05 14:40:27 +01:00
d750b046d1 dns: go back to basically an earlier config 2023-04-29 02:35:58 +01:00
ec8b458d75 dns: use a hash to make a unique config file 2023-04-29 01:54:17 +01:00
e8254a0d65 minecraft: got the classic server and maps up and running 2023-04-27 01:47:17 +01:00
81afc614a3 minecraft: fix up the paths 2023-04-27 00:49:55 +01:00
b85410e895 minecraft: use a better proxy 2023-04-26 02:18:21 +01:00
de87d97fbc fmt: reduced nesting to make it easier to read/understand 2023-04-26 02:01:29 +01:00
3eac87bbd8 games: split it up into 3 different services for easier management 2023-04-26 01:52:47 +01:00
733b867f47 games: split minecraft out into its own folder for manageability 2023-04-26 00:24:54 +01:00
2603cf9584 games: turns out I wasnt treating it properly like a docker-compose file 2023-04-26 00:09:31 +01:00
4052aeac6b dns: setup dnssec (need to backup the required folders later)
Also it cleared out the spam of errors
2023-04-25 15:11:02 +01:00
c0f160faa3 dns: use epoch for the serial instead of YYYYMMDDSS.
Lacking hours/min could mean that the YYYYMMDD could remain the same but the SS would decrece, which is not what we want
2023-04-25 14:31:19 +01:00
612ba70bbf games: it is possible to have multiple minecraft servers running 2023-04-25 00:44:17 +01:00
d762001cb6 dns: some light reorganisation for clarity 2023-04-24 20:40:48 +01:00
695f9a5763 dns: no mailserver yet 2023-04-24 20:38:36 +01:00
e5e5350b90 dns: added a comment on teh indentation 2023-04-24 20:24:17 +01:00
78fcafc566 ssl: got the ssl certs riunning and live 2023-04-24 20:21:36 +01:00
8de2b27099 dns: reduce te time that the record is alive for 2023-04-24 20:19:16 +01:00
94784ee6d2 dns: this is supposted to cut down spam logs but it dosent 2023-04-24 20:17:24 +01:00
70f3e03b74 dns: turns out this spacing is really really important 2023-04-24 20:14:24 +01:00
3d15446d63 dns: serial of therecord is now updated dynamically 2023-04-23 13:37:42 +01:00
6119c9a88a dns: got a working letsencrypt setup 2023-04-23 04:22:01 +01:00
ef37392f07 ulfm: initial test run 2023-04-21 01:44:11 +01:00
c2842fb766 acme: temp disable this for a bit 2023-04-21 01:20:23 +01:00
c38a2cfd7a nginx: basic setup complete (copied from my own stuff) 2023-04-21 01:10:30 +01:00
fe93f796a6 fix: centralise the ports 2023-04-21 00:53:25 +01:00
f63aa7f245 dns: still some kinks with the dns but its easing out 2023-04-20 23:46:43 +01:00
8e3b4d0243 dns: set upstream dns resolvers 2023-04-20 23:15:08 +01:00
74c00e743c fix: set teh user for the unlocked file 2023-04-20 23:10:47 +01:00
dae38b854b fix: had the secret declation in teh wrong location 2023-04-20 19:22:17 +01:00
e01b0eddb6 acme: frontend with acme itself 2023-04-20 19:03:11 +01:00
e5040278ba acme: config required for the dns side of things 2023-04-20 18:50:00 +01:00
bd9af1b0ee fix: disable this option 2023-04-20 09:34:06 +01:00
bb0fd16903 fix: only serving ipv4 at the current time 2023-04-20 08:56:52 +01:00
b29daa0ea1 feat: I think this is a better firewall setup, still need to properly test it 2023-01-28 15:31:46 +00:00
3d7f99946a fix: eol conversion round 2 2023-01-25 11:48:44 +00:00
180feb17ec fix: eol conversion 2023-01-25 11:37:49 +00:00
75a63212b1 feat: games host configured 2023-01-18 20:41:10 +00:00
654d45a842 feat: can now handle two (or more) nameservers 2023-01-18 02:32:01 +00:00
8db9529449 feat: first nameserver set up 2023-01-18 02:06:08 +00:00
f3a3768f92 fix: small vanity thing to get teh records in a line 2023-01-18 00:20:18 +00:00
ea493b434b fix: had to be in bind.zones 2023-01-17 23:37:07 +00:00
15c5005b37 feat: dns should work well with this 2023-01-17 23:21:35 +00:00
696e8a404f fix: gonna use this as an example file 2023-01-17 23:15:36 +00:00
4177b63c4f doc: a little bit of documentation 2023-01-17 23:02:12 +00:00
2b497b497c feat: setting it up better 2023-01-17 22:56:05 +00:00
2d0079daa4 feat: base setup for dns 2023-01-17 22:40:04 +00:00
c2e4fde98d feat: added better options to teh firewall 2023-01-17 15:46:07 +00:00
6ef12f03de feat: improved config a tad 2023-01-15 19:18:24 +00:00
8f373ada01 feat: no more recusion, simplified the function 2023-01-15 18:42:01 +00:00
badcfe1ada feat: generating firewall forwarding rules from individual machiene configs complete 2023-01-15 18:27:21 +00:00
53aff5987f tmnp: save current state 2023-01-15 15:10:40 +00:00
c819214902 feat: can let each machiene add teh forwards it needs 2023-01-15 13:32:18 +00:00
f1a484eaff feat: basic firewall using the previous 2023-01-13 18:34:19 +00:00
94676e929e feat: basic firewall config to test it out 2023-01-13 17:22:29 +00:00