00121f2516
Work on getting a development environment set up
...
/ dev-shell (push) Successful in 1m23s
/ rust-packages (push) Successful in 1m10s
/ terraform-providers (push) Successful in 59s
/ check (push) Has been cancelled
/ systems (push) Has been cancelled
for developing the mx-aliases service
2025-08-12 23:36:03 +02:00
af3c61d75c
Attempt to get basic leptos site working in devshell and nix package
/ dev-shell (push) Successful in 6m23s
/ check (push) Failing after 7m19s
/ rust-packages (push) Successful in 11m54s
/ terraform-providers (push) Successful in 5m32s
/ systems (push) Successful in 56m18s
2025-08-12 00:36:38 +02:00
0ff2b12fb0
Some fixes regarding startup of postgres
...
/ dev-shell (push) Successful in 2m5s
/ rust-packages (push) Successful in 9m2s
/ systems (push) Successful in 47m47s
/ terraform-providers (push) Successful in 7m45s
/ check (push) Failing after 11m24s
There were some issues with setting mount dependencies
for postgresql. Now however that is solved. What didn't work
was when the disk-mapping.json file depended on vault-agent.
As that file is not secret by any means, I moved it to /var/lib.
The only thing left to do, is to make postgresql start up
when the server is first created, and the /var/lib file
does not exist.
2025-08-11 00:13:57 +02:00
1ca3a407f2
Add some automatic backups of postgresql databases
...
/ dev-shell (push) Successful in 4m10s
/ rust-packages (push) Successful in 10m52s
/ check (push) Failing after 11m2s
/ systems (push) Successful in 44m21s
/ terraform-providers (push) Successful in 7m21s
when using zfs volume
2025-08-10 22:56:36 +02:00
457eb3f6b0
Update flake inputs
2025-08-10 22:26:59 +02:00
9fbfd0ce02
Attempt to improve zfs setup a bit
/ check (push) Failing after 51s
/ dev-shell (push) Successful in 53s
/ rust-packages (push) Successful in 1m5s
/ terraform-providers (push) Successful in 1m2s
/ systems (push) Successful in 4m23s
2025-08-10 22:01:27 +02:00
dbe31fd176
Add some comments in the zpool setup code wrt. adding/removing
...
/ dev-shell (push) Successful in 1m44s
/ rust-packages (push) Successful in 6m57s
/ systems (push) Successful in 16m11s
/ check (push) Failing after 51s
/ terraform-providers (push) Successful in 57s
disks from zpools
2025-08-10 00:03:15 +02:00
3027ff2f1a
Some minor fixes for vm target
/ check (push) Failing after 1m7s
/ dev-shell (push) Successful in 1m3s
/ rust-packages (push) Successful in 1m5s
/ terraform-providers (push) Successful in 1m40s
/ systems (push) Successful in 39m4s
2025-08-09 23:47:36 +02:00
4f12db815b
Growpart with lvm root volume seems to not work
/ terraform-providers (push) Successful in 12m27s
/ rust-packages (push) Successful in 12m48s
/ systems (push) Successful in 54m50s
/ check (push) Failing after 1m9s
/ dev-shell (push) Successful in 1m49s
2025-08-09 23:31:29 +02:00
554761c118
Add some ZFS alerting rules to prometheus
/ rust-packages (push) Failing after 41s
/ check (push) Failing after 47s
/ dev-shell (push) Successful in 49s
/ systems (push) Successful in 4m11s
/ terraform-providers (push) Successful in 1m25s
2025-08-07 22:49:49 +02:00
5abaa9322e
Attempt to get merging of zfs options in zpool setup working
...
/ dev-shell (push) Successful in 49s
/ terraform-providers (push) Successful in 59s
/ rust-packages (push) Successful in 1m2s
/ check (push) Failing after 3m6s
/ systems (push) Successful in 4m28s
I have not yet tested addition of new datasets, or the removal/
unmounting of newly disappeared datasets.
2025-08-07 22:32:18 +02:00
89a3e16ab7
Add some note about missing dovecot alerts
/ dev-shell (push) Successful in 1m11s
/ check (push) Failing after 9m33s
/ rust-packages (push) Successful in 8m56s
/ terraform-providers (push) Successful in 59s
/ systems (push) Successful in 18m15s
2025-08-07 00:04:13 +02:00
aaf4d1e5a3
Get basic PoC up and running on mx.kaareskovgaard.net
...
/ terraform-providers (push) Waiting to run
/ systems (push) Waiting to run
/ dev-shell (push) Successful in 1m36s
/ check (push) Has been cancelled
/ rust-packages (push) Has been cancelled
Now zpool-helper can create the zpool and datasets.
But there's no reconsiliation of existing zpools and datasets.
However everything gets encrypted as it should, and unlocked on boot.
2025-08-07 00:01:36 +02:00
71b4792fdd
Fix some issues with zpool-setup
/ dev-shell (push) Successful in 3m28s
/ check (push) Failing after 9m2s
/ rust-packages (push) Successful in 10m3s
/ terraform-providers (push) Successful in 7m22s
/ systems (push) Successful in 54m13s
2025-08-06 23:28:48 +02:00
4fa553db56
Begin initial attempt at getting zfs setup working
2025-08-06 23:27:26 +02:00
18651b63ed
Maybe actually fix execvpe stuff
/ check (push) Failing after 4m2s
/ dev-shell (push) Successful in 45s
/ rust-packages (push) Successful in 1m9s
/ terraform-providers (push) Successful in 52s
/ systems (push) Successful in 22m41s
2025-08-05 22:10:46 +02:00
3ad3a21eed
Fix build error on linux
/ dev-shell (push) Successful in 45s
/ check (push) Failing after 3m43s
/ rust-packages (push) Failing after 3m58s
/ terraform-providers (push) Successful in 1m47s
/ systems (push) Successful in 29m39s
2025-08-05 22:04:41 +02:00
8640dce7bc
Remove openbao helper and replace it with more general program
...
/ check (push) Failing after 2m26s
/ terraform-providers (push) Successful in 58s
/ systems (push) Successful in 30m33s
/ dev-shell (push) Successful in 2m10s
/ rust-packages (push) Failing after 3m16s
This gets rid of the messy nix code for handling bitwarden
secrets, and unifies it all into a nice single program
in rust. Ensuring that only the needed secrets are loaded.
2025-08-05 21:59:07 +02:00
e6a152e95c
Begin working on porting much of the opentofu related code
...
/ rust-packages (push) Successful in 13m31s
/ dev-shell (push) Successful in 4m18s
/ check (push) Failing after 4m18s
/ terraform-providers (push) Successful in 13m19s
/ systems (push) Successful in 50m43s
into rust. Mainly this should give proper argument parsing and
error handling, and also remove some of all the scattered shell
scripts.
2025-08-05 01:42:57 +02:00
30cf1f407a
Split up terraform configurations even more
...
/ rust-packages (push) Successful in 52s
/ dev-shell (push) Successful in 47s
/ terraform-providers (push) Successful in 51s
/ check (push) Successful in 1m41s
/ systems (push) Successful in 4m2s
This should allow for disks to survive destruction of
instances.
Also support creating additional disks on hetzner, storing
a mapping of nix names for disks with their linux device paths.
Something similiar should also be possible to create for openstack
allowing a provider agnostic way of mapping between them.
2025-08-04 23:46:01 +02:00
7adc4a20bd
Clean up provisioning code by moving some logic into
...
/ terraform-providers (push) Successful in 1m23s
/ systems (push) Successful in 4m8s
/ dev-shell (push) Successful in 47s
/ rust-packages (push) Successful in 52s
/ check (push) Successful in 2m34s
readOnly options
2025-08-04 22:23:47 +02:00
eec5e02770
Move configuration of secret source outside of provisioning setup
...
/ dev-shell (push) Successful in 46s
/ terraform-providers (push) Successful in 51s
/ check (push) Failing after 2m44s
/ systems (push) Successful in 4m8s
/ rust-packages (push) Successful in 52s
itself
2025-08-04 22:02:47 +02:00
f0725c503f
Implement resizing of zpool
/ dev-shell (push) Successful in 2m7s
/ rust-packages (push) Successful in 2m22s
/ terraform-providers (push) Successful in 53s
/ check (push) Failing after 3m31s
/ systems (push) Successful in 26m15s
2025-08-04 02:20:26 +02:00
f410517ffa
Actually get zfs mounting working
...
/ dev-shell (push) Successful in 3m50s
/ check (push) Failing after 6m55s
/ terraform-providers (push) Successful in 14m1s
/ systems (push) Successful in 48m20s
/ rust-packages (push) Successful in 6m46s
This is done by not using the built in mounting, but
relying on ZFS to mount correctly after importing the pool
and loading the encryption key
2025-08-04 01:07:05 +02:00
fa8320b805
Mount IMAP data in zfs volume, which should be easily backed
...
/ check (push) Failing after 7m39s
/ dev-shell (push) Successful in 3m22s
/ rust-packages (push) Successful in 6m41s
/ systems (push) Successful in 42m54s
/ terraform-providers (push) Successful in 8m2s
up by TrueNAS.
Also enable full text search
2025-08-03 22:29:19 +02:00
8f6c428305
Get some metrics and a dashboard for dovecot
/ dev-shell (push) Successful in 4m8s
/ check (push) Failing after 7m12s
/ rust-packages (push) Successful in 7m7s
/ systems (push) Successful in 48m15s
/ terraform-providers (push) Successful in 13m33s
2025-08-02 00:34:01 +02:00
28f4b34cd1
Monitoring: Add scrape down alerts
/ dev-shell (push) Successful in 43s
/ rust-packages (push) Successful in 49s
/ check (push) Successful in 2m32s
/ terraform-providers (push) Successful in 48s
/ systems (push) Successful in 4m3s
2025-08-01 23:07:48 +02:00
af583fcbd4
Add fleet handling and ensure all instances are up to date
/ check (push) Failing after 2m43s
/ systems (push) Successful in 4m6s
/ dev-shell (push) Successful in 44s
/ rust-packages (push) Successful in 50s
/ terraform-providers (push) Successful in 48s
2025-08-01 22:21:21 +02:00
735df0ad8f
Update hakari crate
/ dev-shell (push) Successful in 4m12s
/ rust-packages (push) Successful in 4m27s
/ check (push) Failing after 7m25s
/ systems (push) Successful in 27m44s
/ terraform-providers (push) Successful in 49s
2025-08-01 21:45:38 +02:00
020ac99447
Update nixpkgs
2025-08-01 21:45:27 +02:00
1f88fa3c49
Move kas.codes over to using mx.kaareskovgaard.net
/ dev-shell (push) Successful in 43s
/ terraform-providers (push) Successful in 47s
/ check (push) Failing after 1m55s
/ rust-packages (push) Successful in 48s
/ systems (push) Successful in 4m9s
2025-08-01 02:04:06 +02:00
6ac55b7e44
I think I finally understand how the postfix and dovecot
...
/ check (push) Failing after 2m13s
/ dev-shell (push) Successful in 2m41s
/ rust-packages (push) Successful in 14m7s
/ terraform-providers (push) Successful in 13m11s
/ systems (push) Successful in 53m57s
integration works now. Now the regular accounts should work again,
and with proper handling of catch all aliases for domains, as well
as handling postmaster and abuse emails being forwarded to khs
with proper auto tagging of the mails.
2025-08-01 00:53:09 +02:00
9c4a751fe0
Some more accounts stuff
/ check (push) Failing after 1m10s
/ systems (push) Successful in 4m9s
/ rust-packages (push) Successful in 54s
/ dev-shell (push) Successful in 49s
/ terraform-providers (push) Successful in 1m22s
2025-07-31 22:38:20 +02:00
cd4c06686e
Non working attempt at getting correct login information working
2025-07-31 10:34:23 +02:00
fbe957b046
Move the setup of the mailserver around
...
/ check (push) Failing after 1m22s
/ dev-shell (push) Successful in 1m55s
/ rust-packages (push) Successful in 13m34s
/ systems (push) Successful in 54m5s
/ terraform-providers (push) Successful in 13m26s
Currently delivery of mails is broken. There's some work
to be done in accounts.nix. But once done this should (I think)
support all the use cases desired.
2025-07-31 00:04:13 +02:00
02325a7017
Begin preparing to move LDAP accounts into passdb only
...
This should allow LDAP accounts to have password
set in LDAP, as well as provisioning service accounts
statically in nix.
This will also move alias configuration of all accounts
into nix as well.
2025-07-30 21:36:48 +02:00
cc1ab841c2
Add basic support for managesieve (+ roundcube support)
/ dev-shell (push) Successful in 41s
/ rust-packages (push) Successful in 47s
/ check (push) Failing after 58s
/ terraform-providers (push) Successful in 45s
/ systems (push) Successful in 3m56s
2025-07-30 17:25:02 +02:00
fabaf54549
Get ed25519 dkim signature working
/ check (push) Failing after 1m1s
/ dev-shell (push) Successful in 2m22s
/ rust-packages (push) Successful in 2m43s
/ systems (push) Successful in 28m40s
/ terraform-providers (push) Successful in 2m27s
2025-07-30 16:29:00 +02:00
9af8f29b48
Revert "Attempt at using stalwart again"
...
/ dev-shell (push) Successful in 41s
/ rust-packages (push) Successful in 47s
/ check (push) Failing after 58s
/ terraform-providers (push) Successful in 1m12s
/ systems (push) Successful in 4m0s
This reverts commit 2d3e02ad78
2025-07-30 11:11:17 +02:00
ad84cfae7e
Revert "Final attempt at getting stalwart working before revert"
...
This reverts commit fbcd590bfe
2025-07-30 11:11:14 +02:00
fbcd590bfe
Final attempt at getting stalwart working before revert
...
Non working parts:
1. OIDC login, stalwart assumes the entire token is base64 encoded,
which it is not.
2. Apparently there's no support for mixed directories, allowing both
logins from ldap and from internal database. I want this in order
to support accounts for services as well as persons.
2025-07-30 11:08:00 +02:00
2d3e02ad78
Attempt at using stalwart again
...
/ check (push) Failing after 1m25s
/ dev-shell (push) Successful in 1m49s
/ rust-packages (push) Successful in 13m3s
/ terraform-providers (push) Successful in 15m11s
/ systems (push) Successful in 39m14s
LDAP directory setup seems to work
2025-07-30 00:36:51 +02:00
40e3182d78
Adjust display name of khs
/ dev-shell (push) Successful in 40s
/ terraform-providers (push) Successful in 41s
/ check (push) Failing after 56s
/ rust-packages (push) Successful in 45s
/ systems (push) Successful in 3m51s
2025-07-29 22:48:58 +02:00
b59ad3af51
Roundcube oauth2 login working
/ check (push) Failing after 55s
/ dev-shell (push) Successful in 40s
/ rust-packages (push) Successful in 46s
/ terraform-providers (push) Successful in 40s
/ systems (push) Successful in 3m51s
2025-07-29 16:02:01 +02:00
4d48bc1457
Continue working on oauth2 auth in roundcube
/ systems (push) Successful in 3m49s
/ dev-shell (push) Successful in 40s
/ rust-packages (push) Successful in 45s
/ terraform-providers (push) Successful in 40s
/ check (push) Failing after 56s
2025-07-29 15:30:44 +02:00
d62c0a32ec
Fix some postfix startup issues after reboot
...
/ dev-shell (push) Successful in 40s
/ rust-packages (push) Successful in 45s
/ check (push) Failing after 54s
/ terraform-providers (push) Successful in 1m7s
/ systems (push) Successful in 3m49s
And enable ARC signing of emails
2025-07-29 11:55:55 +02:00
343c87b279
Mostly working postfix+dovecot2+ldap setup
...
/ dev-shell (push) Successful in 46s
/ rust-packages (push) Successful in 52s
/ check (push) Failing after 1m8s
/ terraform-providers (push) Successful in 1m15s
/ systems (push) Successful in 4m4s
Missing:
1. Figure out how to do some useful aliases for the mail
addresses. Either something like assigning @kas.agerlinskovgaard.dk
to kaare@agerlinskovgaard.dk or usual + aliases.
2. Oauth2 login is not working yet.
3. Need to be able to create accounts not handled by LDAP, such
that eg. forgejo can have an account to send mails from (maybe
also an account to receive mails?).
4. Once support in kanidm lands, need to look into application passwords
such that one doesn't have to use their regular posix password,
and maybe, ideally, doesn't need a posix password at all.
2025-07-29 11:27:09 +02:00
6a1aca24a9
Getting close to working ldap setup with postfix and dovecot
...
/ check (push) Failing after 1m44s
/ rust-packages (push) Successful in 2m34s
/ dev-shell (push) Successful in 2m17s
/ terraform-providers (push) Successful in 14m28s
/ systems (push) Successful in 38m13s
LDAP login works for IMAP, but postfix doesn't recognise
the mail addresses for the users.
2025-07-29 00:27:07 +02:00
cd8a0db1b6
Begin reverting back to simple-nixos-mailserver
...
/ dev-shell (push) Successful in 1m8s
/ check (push) Failing after 1m29s
/ systems (push) Failing after 33s
/ rust-packages (push) Successful in 3m40s
/ terraform-providers (push) Successful in 5m13s
It appears I can get app passwords with kanidm and ldap
so just going to a more stable, probably supported setup,
should be good.
2025-07-28 12:02:24 +02:00
c97b19c495
Begin attempting to configure stalwart
/ dev-shell (push) Successful in 1m50s
/ rust-packages (push) Successful in 11m58s
/ check (push) Failing after 1m16s
/ systems (push) Successful in 38m10s
/ terraform-providers (push) Successful in 15m4s
2025-07-27 00:39:55 +02:00
