summaryrefslogtreecommitdiff
path: root/sys (follow)
AgeCommit message (Collapse)Author
2025-07-30sys/preset/user: enable nullmailerAlejandro Soto
2025-07-30sys/boot/tpm: enforce passwordless TPM chain-of-trust for LUKS unlockAlejandro Soto
2025-07-26sys/boot/secure-boot: support new path for secure boot keys at /var/lib/sbctlAlejandro Soto
2025-07-26sys/boot/tpm: support different TPM drivers (tpm_tis vs tpm_crb)Alejandro Soto
2025-07-25sys/seat: rename hardware.pulseaudio -> services.pulseaudio (25.05)Alejandro Soto
2025-07-25sys/net/interfaces: change reverse path policy from strict to looseAlejandro Soto
2025-07-25sys/boot: implement TPM2 crypt device unlockAlejandro Soto
2025-07-24sys/boot/tpm: initial commitAlejandro Soto
2025-07-23sys/boot: rename sb.nix -> secure-boot.nixAlejandro Soto
2025-07-06sys/hardware: add support for Athena ASEDrive readerAlejandro Soto
2025-06-02sys/mail: move services.dovecot.modules -> environment.systemPackages after ↵Alejandro Soto
update to 25.05
2025-05-31sys/auth: enable rssh PAM moduleAlejandro Soto
2025-05-31home/desktop/sway: switch from swaylock to gtklockAlejandro Soto
2025-05-19sys/auth/openssh: fix syntax error in sshd_config when ↵Alejandro Soto
PerSourcePenaltyExemptList is empty
2025-05-11sys/baseline: run Nix gc every Saturday at midnightAlejandro Soto
2025-04-30sys/auth/openssh: add PerSourcePenaltyExemptListAlejandro Soto
2025-04-26sys/ns: enable acme-dns for DNS-01 challengesAlejandro Soto
2025-04-24sys/ns: implement automatic PTR zonesAlejandro Soto
2025-04-19sys/ns: sunset junkemailfilter.com as backup MXAlejandro Soto
Had been in place since approximately late 2018.
2025-04-19sys/env: make each user have an 'install' attributeAlejandro Soto
2025-04-19sys/web/sites/host: enable DAV reverse proxyAlejandro Soto
2025-04-19sys/web/sites: add host siteAlejandro Soto
2025-04-19sys/mta: improve postfix hardeningAlejandro Soto
2025-04-19sys/net: harden firewall reverse-path checks, ICMP redirectsAlejandro Soto
2025-04-19sys/net: redefine gate0 and nat64 nets using link-local addressingAlejandro Soto
2025-04-06sys: reload services after certificate renewalAlejandro Soto
2025-04-06sys/platform/[lustrated]: prevent default global IPv6 traffic from going ↵Alejandro Soto
through VPN routes
2025-04-06sys/net: create custom iptables chains for local rulesAlejandro Soto
2025-03-30sys/mta: implement backup MXAlejandro Soto
2025-01-25home, sys: enable syncthing as user serviceAlejandro Soto
2025-01-25sys/hardware/thinkpad: remove digimendAlejandro Soto
2025-01-25sys/[lustrated]: enable syncthingAlejandro Soto
2025-01-22sys: remove IPv4 on dmz, gate; enable DNS64 for dmzAlejandro Soto
2025-01-12sys/platform/{[lustrated], [lustrated]}: enable virtAlejandro Soto
2025-01-11flake, sys: remove conduitAlejandro Soto
2025-01-04sys/nspawn/dmz: restore IPv4 private subnet for DMZAlejandro Soto
2025-01-03sys: update deprecated option names under config.systemd.networkAlejandro Soto
2025-01-03sys: allocate global IPv6 addresses for DMZ servicesAlejandro Soto
2025-01-03sys/net: add conntrack-tools to environmentAlejandro Soto
2025-01-03sys/[lustrated]: implement NAT64Alejandro Soto
2025-01-03sys: unify gate and vpn into a globally-addressable IPv6-only networkAlejandro Soto
2025-01-02sys/net: switch gate0 to public subnet 2a03:3b40:fe:888::/64Alejandro Soto
2025-01-01sys: refactor address and network number managementAlejandro Soto
2025-01-01sys/web: do not return 403 for ACME challenge requestsAlejandro Soto
2025-01-01sys/mta: fix OpenDKIM signingAlejandro Soto
2024-12-17sys/platform/[lustrated]: enable address-restricted ssh password auth, fail2banAlejandro Soto
2024-12-17sys/auth: support openssh password authentication (off by default)Alejandro Soto
2024-12-14sys/baseline: completely disable Nix channelsAlejandro Soto
2024-12-03sys/platform/[lustrated]: initial commit, adapted from old [lustrated] repoAlejandro Soto
2024-12-03flake: update to 24.11Alejandro Soto
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 11:54:53 +0000