Commit message (Collapse) | Author | ||
---|---|---|---|
2023-07-26 | Refactor(system/secrets/secrets.nix): Remove redundant secretlist | sils | |
2023-07-26 | Fix(system/mail): Add User | sils | |
2023-07-25 | chore(version): v0.4.1 v0.4.1 | sils | |
2023-07-25 | Build(flake): Update | sils | |
2023-07-25 | Fix(system/services/mail): Add new user | sils | |
2023-07-22 | chore(version): v0.4.0 v0.4.0 | sils | |
2023-07-22 | Fix(system/services/matrix): Change registration_shared_secret_path to | sils | |
age secret | |||
2023-07-22 | Feat(system/secrets): Add matrix-synapse_registration_shared_secret | sils | |
2023-07-22 | Fix(system/services/matrix): Add registration_shared_secret to register | sils | |
users | |||
2023-07-22 | Fix(system/services/matrix): Move persisting files ctrl to impermanence | Soispha | |
2023-07-22 | Fix(system/services/matrix): Fix extra " =" in locations path | Soispha | |
2023-07-19 | Chore(system/secrets): Rekey to support new public key | Soispha | |
2023-07-19 | Style(treewide): Format after removing vim lines | Soispha | |
2023-07-19 | Feat(.editorconfig): Add the configuration for all files | Soispha | |
This sets some formatting option based on the file. In comparison to the vim lines, this should be supported by more editors. | |||
2023-07-19 | Chore(system/secrets): Add sils' public key | sils | |
2023-07-10 | chore(version): v0.3.0 v0.3.0 | Soispha | |
2023-07-08 | Fix(system/secrets): Update after redeploy | Soispha | |
2023-07-08 | Fix(system/secrets): Ensure that ssh host key is available in stage 2 | Soispha | |
The `/var/lib/sshd` directory is only mounted _after_ the stage 2 init, thus also after the system activation. Agenix, which runs in the system activation needs the hostkey however to decrypt the secrets needed for some units (as of right now only keycloak). Alas the only way I see to achieve that is to store the ssh hostkey directly on /srv, which is mounted before (it's marked as 'neededForBoot' after all) the stage 2 init. It should be possible to achieve this with impermanence however, as `/var/log` is mounted in the stage 1 init; The problem is that I have no idea _why_ only this is the only directory mount |