| Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Using `repo.path` (with the slash on the end) results in operations on
the directory, which is the symlink target. Using `repoPath` (without
the slash) instead results in the intended operations on the symlink
itself.
|
|
This file was renamed to the `hmac.age` file in
320cc252c1e59de8fed8993b3a527839bc0963a6, but was actually never removed
from the `secrets.nix` list.
|
|
|
|
|
|
|
|
|
|
The fixes have been up streamed into `nixpkgs` by now.
|
|
|
|
|
|
Flake lock file updates:
• Updated input 'crane':
'github:ipetkov/crane/55e7754ec31dac78980c8be45f8a28e80e370946?narHash=sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU%3D' (2024-06-04)
→ 'github:ipetkov/crane/17d9e9dedd58dde2c562a4296934c6d6a0844534?narHash=sha256-hGLeRxSEeFz9WvmQ4s4AuMJ5InLSZvoczDdXkWSFi1A%3D' (2024-06-09)
• Updated input 'disko':
'github:nix-community/disko/398acc470f7c2d68621db01900f053e6000129c4?narHash=sha256-eq9gP060TqWqRf2k4WO5FrG49rVq5Jy3Ptusg0CFdds%3D' (2024-06-07)
→ 'github:nix-community/disko/c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82?narHash=sha256-nlh/2uD5p2SAdkn6Zuey20yaR5FFWvhL3poapDGNE4Y%3D' (2024-06-10)
• Updated input 'impermanence':
'github:nix-community/impermanence/a33ef102a02ce77d3e39c25197664b7a636f9c30?narHash=sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y%3D' (2024-02-26)
→ 'github:nix-community/impermanence/27979f1c3a0d3b9617a3563e2839114ba7d48d3f?narHash=sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0%3D' (2024-06-09)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/8e0a5f16b7bf7f212be068dd302c49888c6ad68f?narHash=sha256-BKjQ9tQdsuoROrojHZb7KTAv95WprqCkNFvuzatfEo0%3D' (2024-06-07)
→ 'github:NixOS/nixpkgs/f589903f0c98110b2ad5fdd764950a99ec26715e?narHash=sha256-RmiZ7RBRO7D5pZKy4yhdtPkfezWUXjUTUD0JBxq1%2B14%3D' (2024-06-09)
• Updated input 'nixpkgs-unstable':
'github:NixOS/nixpkgs/9bbc9cf36dcfdb4300824fd134ad506794205c0c?narHash=sha256-CdbkVYeP%2Br1yqxujYhNVXTyoQTupOY92Awe2dcupkvw%3D' (2024-06-08)
→ 'github:NixOS/nixpkgs/f12b3b98676c3a9c9373576965743fa30b972b31?narHash=sha256-Eg2U1nwo5JBmsZ/2RAqXv/4E9clucexY/76P8kMC9Gs%3D' (2024-06-10)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/6dc3e45fe4aee36efeed24d64fc68b1f989d5465?narHash=sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28%3D' (2024-06-08)
→ 'github:oxalica/rust-overlay/abfe5b3126b1b7e9e4daafc1c6478d17f0b584e7?narHash=sha256-24h/qKp0aeI%2BEw13WdRF521kY24PYa5HOvw0mlrABjk%3D' (2024-06-10)
|
|
|
|
|
|
|
|
|
|
The `(cmd1 && cmd2)` pattern works, but fails with commands like `exit`
as the parentheses start a new subshell, which the `exit` command will
then close instead of exiting the main shell.
The curly brackets have the intended effect here, as they simply group
the commands together.
|
|
Otherwise, `ln` tries to create the symlink _in_ the target directory.
|
|
|
|
Previously, the generated service _could_ write to the directory, but
wanted to create the directory, if it was absent. Creating this
directory, requires to be able to write in the parent directory.
This is fixed, by ensuring that the parent directories are included.
|
|
|
|
|
|
|
|
Sadly, it's author didn't manage to update to a newer version of django
before the used version (3.2) reached EOL and was affected by
CVE-2024-27351. It's unreasonable to continue using it.
|
|
This also changes the dbname to "invidious" which isn't mentioned
in the commit message as it's the default in nixpkgs.
|
|
|
|
|
|
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/8d37c5bdeade12b6479c85acd133063ab53187a0' (2024-05-09)
→ 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
• Updated input 'crane':
'github:ipetkov/crane/27025ab71bdca30e7ed0a16c88fd74c5970fc7f5' (2024-05-09)
→ 'github:ipetkov/crane/480dff0be03dac0e51a8dfc26e882b0d123a450e' (2024-05-29)
• Updated input 'disko':
'github:nix-community/disko/f236f6df36e7e8077ff33304a1bf5dbc5c6b7122' (2024-05-14)
→ 'github:nix-community/disko/0274af4c92531ebfba4a5bd493251a143bc51f3c' (2024-05-31)
• Updated input 'nixpkgs-unstable':
'github:NixOS/nixpkgs/21b7c1e62f1856bb793d41198ef4760058c6ebd5' (2024-05-14)
→ 'github:NixOS/nixpkgs/21959d8d44197094aebc74ead6ca4a53bcce0adb' (2024-06-01)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/1d8fcbbfcfd3476c2665384a46ee9d07ef2b4dd9' (2024-05-14)
→ 'github:oxalica/rust-overlay/ab69b67fac9a96709fbef0b899db308ca714a120' (2024-06-01)
• Updated input 'simple-nixos-mailserver/utils':
'github:numtide/flake-utils/5021eac20303a61fafe17224c087f5519baed54d' (2020-11-14)
→ 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
• Added input 'simple-nixos-mailserver/utils/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
|
|
|
|
The `root` key was rather useless (it was always just the
`/etc/.../<domain>` path.). This change gives it a real meaning. See the
'BREAKING CHANGE' section for more information.
BREAKING CHANGE: Previously the `root` key denoted the _absolute_ root of
a repository. Now it just denotes the root relative (i.e. a path within
the built repository) to the repos cloning position. You should just
remove the absolute part of the path (that, which is not an output in
your built repository)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/1381a759b205dff7a6818733118d02253340fd5e' (2024-04-02)
→ 'github:ryantm/agenix/8d37c5bdeade12b6479c85acd133063ab53187a0' (2024-05-09)
• Updated input 'crane':
'github:ipetkov/crane/a5eca68a2cf11adb32787fc141cddd29ac8eb79c' (2024-04-24)
→ 'github:ipetkov/crane/27025ab71bdca30e7ed0a16c88fd74c5970fc7f5' (2024-05-09)
• Updated input 'disko':
'github:nix-community/disko/a816daa384dd754b7586f51157fc2e1a44e76073' (2024-04-25)
→ 'github:nix-community/disko/f236f6df36e7e8077ff33304a1bf5dbc5c6b7122' (2024-05-14)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/4c268f5790f5e697d7e377dfdf21605d3aa123c3' (2024-04-25)
→ 'github:NixOS/nixpkgs/8a4282c38b6cbea9f0989c0eafc6ce1837a26442' (2024-05-13)
• Updated input 'nixpkgs-unstable':
'github:NixOS/nixpkgs/9a4f20210147ecaec0269ec02506be2696635ee7' (2024-04-25)
→ 'github:NixOS/nixpkgs/21b7c1e62f1856bb793d41198ef4760058c6ebd5' (2024-05-14)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/9a2a11479b94afaf1ecc46384b27abda0d3d5f9d' (2024-04-25)
→ 'github:oxalica/rust-overlay/1d8fcbbfcfd3476c2665384a46ee9d07ef2b4dd9' (2024-05-14)
|
|
|
|
We handle backups with restic
|
|
This bans IP Addresses which fail to login into postfix at least 3 times in
600 seconds.
|
|
|
|
|
|
|
|
|
|
This preserves mail state to prevent running out of memory and thus
makes our mailsetup more reliable.
|
|
They were accidentally added at the wrong location in dd4b6bcfc16c7c795b697195eb6703966352d9f4
|
|
These are the defaults, but I think it is better to explicitly state
them to ensure that we don't suffer from a mistake, when we think about
changing them in the future.
|
|
|