summary refs log tree commit diff stats
path: root/modules/nixos/vhack/nginx/default.nix (unfollow)
Commit message (Collapse)Author
2024-09-06fix(git-server/cgit): Don't run `cgit` as `root` use `git` insteadBenedikt Peetz
This option was newly added, as previously only on `fcgiwrap` instance was run as root. We probably have not been affected by this, as our `fcgiwrap` instance was already running as `git:nginx`. Usage of the new options seems better either way, as they provide a finer grained control over the user _each_ `fcgiwrap`ped service is running at. The security advisory: https://discourse.nixos.org/t/51419
2024-09-06fix(services/matrix/mautrix-whatsapp): Disable to remove libolmBenedikt Peetz
Libolm is marked as insecure and must thus be removed from the system closure.
2024-09-06build(flake): Update inputsBenedikt Peetz
2024-08-19fix(system/services/invidious-router): Stop filtering regionsSilas Schöffel
Filtering regions limits our possible instance selection without actually providing great value. Let's stop discriminating based on server location.
2024-08-16feat(system/services/mastodon): Apply patch to increase the message length mastodonBenedikt Peetz
2024-08-14fix(disks): Increase root tmpfs size to 6GBBenedikt Peetz
The 2GB are just not enough.
2024-08-14chore(version): v0.24.0 v0.24.0Benedikt Peetz
2024-08-14docs(nixos/git-server): Improve the comment on the possible git config keysBenedikt Peetz
2024-08-14fix(nixos/git-server): Use the correct number in the `section-from-path` settingBenedikt Peetz
Take for example a repository name like: `some/organisation/project_a/team_c/repo_b`. Setting the setting to `-1` means that cgit traverses the path from left to right, until it has found 1 element (and `section-from-path` (or n for short)is 0, because n is incremented after each iteration). E.g. : ~ [n=-1] starting point: `some/organisation/project_a/team_c/repo_b` ~ [n=0] after the first iteration: `some/organisation/project_a/team_c/repo_b` Now `some/organisation/project_a/team_c` becomes the section, whilst `repo_b` becomes the repo name.
2024-08-13build(flake.nix): Remove `ragenix` from the devshellBenedikt Peetz
The rust code does not compile, resulting in a really bothersome wait every time a command is run in the devshell because direnv tries to build it again.
2024-08-13test(nixos/git-server): Include the start of a test for cgit's README renderingBenedikt Peetz
2024-08-13fix(nixos/git-server): Correctly specify the section from path lengthBenedikt Peetz
Cgit effectively splits the repo path on '/' and then takes `section-from-path` segments, which form the section. A negative value here results in cgit traversing the path from left to right instead of right to left. Beware that cgit only sets the section, if the path contains `section-from-path` or more slashes in it (thus rendering this setting defunct with the previous value of 1000). There seems to be no way to tell cgit to always use all components up-to the second to last for the section name, thus requiring all projects that need a longer than 1 section length to set the `cgit.section` git config variable via gitolite.
2024-08-13fix(nixos/git-server): Correctly enable the git config feature of gitoliteBenedikt Peetz
The previously set variable is only used in the gitolite.conf file for the `config` specifications on each repo. We can't use that because we use "wild-repos". Thus we need to add the `user-configs` option to each repo, allow users to change the git settings specified there with a simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`.
2024-08-13fix(nixos/git-server): Use correct regex syntax in allowed git config valuesBenedikt Peetz
2024-08-13fix(nixos/git-server): Correctly specify cgit's css pathBenedikt Peetz
2024-08-13feat(nixos/git-server): Add nice gitolite featuresBenedikt Peetz
2024-08-13fix(nixos/git-server): Tell gitolite to allow changing some `git` settingsBenedikt Peetz
2024-08-13test(tests/git-server): Add initial testsBenedikt Peetz
The last line, testing for the about page rendering is not yet working. I assume that's because of our hand-rolled list-to-string function thingy in the `cgitrc`. After <https://github.com/NixOS/nixpkgs/pull/317293> is merged, this should probably improve immensely.
2024-08-13feat(nixos/git-server): Add further cgit settingsBenedikt Peetz
A lot of the added settings here have been tested. They will get get tests to ensure they stay working, in later commits.
2024-08-02build(tests): Add complementary scriptsBenedikt Peetz
2024-08-02test(tests): Init infrastructureBenedikt Peetz
The modules still need to be imported one-by-one in `default.nix` files because we have yet to rewrite this, but the new test infrastructure might as well use the new `fileset` functions from `nixpkgs`.
2024-08-02feat(hosts/server1): Activate the migrated servicesBenedikt Peetz
2024-08-02refactor(nixos/openssh): Migrate from `system/services`Benedikt Peetz
2024-08-02fix(nixos/git-server): Add the required configuration to support http-cloneBenedikt Peetz
2024-08-02refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`Benedikt Peetz
Nix-sync was sort-of mixed into the nginx configuration, thus separating it completely seemed reasonable.
2024-08-02build(flake): UpdateBenedikt Peetz
2024-07-30build(flake): updateSilas Schöffel
Flake lock file updates: • Updated input 'crane': 'github:ipetkov/crane/2d83156f23c43598cf44e152c33a59d3892f8b29' (2024-07-09) → 'github:ipetkov/crane/529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf' (2024-07-24) • Updated input 'disko': 'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11) → 'github:nix-community/disko/1e6f8a7b4634fc051cc9361959bf414fcf17e094' (2024-07-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/47c71d41a11104e76d093e3de99eb9dd39b6fe47' (2024-07-11) → 'github:NixOS/nixpkgs/89526a7d969e38fe8c30253170d44d0f131882de' (2024-07-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5f3d1d6eb300f17b57f48b726147789c90301320' (2024-07-10) → 'github:NixOS/nixpkgs/3fcada1050e3820241590679838954bacf7d38f8' (2024-07-30) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/fec97e65fcbaab0decccba740ac8688f61dadd70' (2024-07-11) → 'github:oxalica/rust-overlay/38c2f156fca1868c8be7195ddac150522752f6ab' (2024-07-30) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/290a995de5c3d3f08468fa548f0d55ab2efc7b6b' (2024-06-18) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/059b50b2e729729ea00c6831124d3837c494f3d5' (2024-07-16)
2024-07-30fix(git-server): set git default-branch to mainSilas Schöffel
2024-07-11build(flake): updateSilas Schöffel
Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14) → 'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09) • Updated input 'crane': 'github:ipetkov/crane/aa5dcd0518a422dfd545d565f0d5a25971fea52a' (2024-06-29) → 'github:ipetkov/crane/2d83156f23c43598cf44e152c33a59d3892f8b29' (2024-07-09) • Updated input 'disko': 'github:nix-community/disko/d185770ea261fb5cf81aa5ad1791b93a7834d12c' (2024-06-30) → 'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) → 'github:NixOS/nixpkgs/47c71d41a11104e76d093e3de99eb9dd39b6fe47' (2024-07-11) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc' (2024-07-01) → 'github:NixOS/nixpkgs/5f3d1d6eb300f17b57f48b726147789c90301320' (2024-07-10) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/648b25dd9c3acd255dc50c1eb3ca8b987856f675' (2024-07-01) → 'github:oxalica/rust-overlay/fec97e65fcbaab0decccba740ac8688f61dadd70' (2024-07-11)
2024-07-11fix(nginx): add gallery.s-schoeffel.deSilas Schöffel
2024-07-01build(flake): updateSilas Schöffel
Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24) → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14) • Updated input 'crane': 'github:ipetkov/crane/17d9e9dedd58dde2c562a4296934c6d6a0844534' (2024-06-09) → 'github:ipetkov/crane/aa5dcd0518a422dfd545d565f0d5a25971fea52a' (2024-06-29) • Updated input 'disko': 'github:nix-community/disko/c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82' (2024-06-10) → 'github:nix-community/disko/d185770ea261fb5cf81aa5ad1791b93a7834d12c' (2024-06-30) • Updated input 'impermanence': 'github:nix-community/impermanence/27979f1c3a0d3b9617a3563e2839114ba7d48d3f' (2024-06-09) → 'github:nix-community/impermanence/23c1f06316b67cb5dabdfe2973da3785cfe9c34a' (2024-06-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f589903f0c98110b2ad5fdd764950a99ec26715e' (2024-06-09) → 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) • Updated input 'nixpkgs-unstable': 'github:N