summary refs log tree commit diff stats
path: root/system/services/openssh/default.nix (unfollow)
Commit message (Collapse)Author
2023-08-11Fix(system/services/invidious): Force the new script option to be appliedSoispha
2023-08-11Fix(system/service/invidious): Copy their script, to remove shell escapeSoispha
The default ExecStart implementation in the module, escapes all stings. This does not work for us because we need to use the `$CREDENTIALS_DIR` environment variable, for the credentials deployed in den `LoadCredential` option
2023-08-11Fix(system/services/invidious): Set correct access permissions on hmacSoispha
2023-08-11Fix(system/services/invidious): Check tables on startupSoispha
2023-08-11Refactor(system/secrets/invidious): Remove unneeded files and improve namesSoispha
2023-08-11Fix(system/services/invidious): Quote attr names in json configSoispha
2023-08-11Fix(system/secrets/invidious): Change formatting of invidiousSettingssils
2023-08-11Fix(system/secrets): make invidious settings readable for invidioussils
2023-08-11Fix(system): Binary substitution for debuggingsils
2023-08-11Fix(system/services/invidious): Specifiy database hostsils
2023-08-11Feat(system): Add invidioussils
2023-08-11Refactor(system/secrets/secrets.nix): Remove redundant secretlistsils
2023-08-04chore(version): v0.7.0 v0.7.0sils
2023-08-04Fix(system/users): declare nixremote as normal usersils
2023-08-04Feat(system/users): Add nixremotesils
This user is intended to be used for remote-builds
2023-08-02Feat(system/services/snapper): AddSoispha
2023-08-02Build(flake): UpdateSoispha
2023-08-02Fix(system/services/nix-sync): Remove timeout on buildSoispha
The unit had the potential to fail, if the build took longer than the default timeout. This is obviously not ideal, so the timeout was removed, as all nix builds should be safe enough not to devour resources.
2023-08-02Fix(system/services/nix-sync): Rebase on pulls, to allow for force pushesSoispha
As the nix-sync service should _never_ commit new stuff, this rebase should always be a fast-forward, i.e. it works without manual intervention. Without the rebase as argument, this services would break, when the history gets rewritten, for example on a amended commit.
2023-08-02Fix(system/services/nix-sync): Make the timer relative to the unit startSoispha
The timer before hand started `repo.interval` after it self was started, i.e., it was a oneshot timer. This change now fixes this by make the point the timer activates relative to the time elapsed, since the associated unit was last started.
2023-07-31Feat(system/services/nginx/hosts): Add another domainSoispha
2023-07-28chore(version): v0.6.0 v0.6.0Soispha
2023-07-28Fix(treewide): Use correct function argument specificationSoispha
2023-07-28Feat(system/services/mail/users): Add mailusersSoispha
2023-07-28Refactor(system/services/nginx): Reduce encrypted stuff to a minimumSoispha
2023-07-28chore(version): v0.5.1 v0.5.1sils
2023-07-28Fix(system/services/mail): Update mail userssils
2023-07-27chore(version): v0.5.0 v0.5.0Soispha
2023-07-27Fix(system/services/matrix/bridges/m-wa): Use own databaseSoispha
2023-07-27Fix(system/services/matrix/bridges/m-wa): Correct postgresql uriSoispha
2023-07-27Fix(system/impermanence): Keycloak was actually postgresqlSoispha
2023-07-27Feat(system/services/matrix/bridges): Add mautrix-whatsapp bridgeSoispha
2023-07-26Fix(system/mail): Add Usersils
2023-07-25chore(version): v0.4.1 v0.4.1sils
2023-07-25Build(flake): Updatesils
2023-07-25Fix(system/services/mail): Add new usersils
2023-07-22chore(version): v0.4.0 v0.4.0sils
2023-07-22Fix(system/services/matrix): Change registration_shared_secret_path tosils
age secret
2023-07-22Feat(system/secrets): Add matrix-synapse_registration_shared_secretsils
2023-07-22Fix(system/services/matrix): Add registration_shared_secret to registersils
users
2023-07-22Fix(system/services/matrix): Move persisting files ctrl to impermanenceSoispha
2023-07-22Fix(system/services/matrix): Fix extra " =" in locations pathSoispha
2023-07-19Chore(system/secrets): Rekey to support new public keySoispha
2023-07-19Style(treewide): Format after removing vim linesSoispha
2023-07-19Feat(.editorconfig): Add the configuration for all filesSoispha
This sets some formatting option based on the file. In comparison to the vim lines, this should be supported by more editors.
2023-07-19Chore(system/secrets): Add sils' public keysils
2023-07-10chore(version): v0.3.0 v0.3.0Soispha
2023-07-08Fix(system/secrets): Update after redeploySoispha
2023-07-08Fix(system/secrets): Ensure that ssh host key is available in stage 2Soispha
The `/var/lib/sshd` directory is only mounted _after_ the stage 2 init, thus also after the system activation. Agenix, which runs in the system activation needs the hostkey however to decrypt the secrets needed for some units (as of right now only keycloak). Alas the only way I see to achieve that is to store the ssh hostkey directly on /srv, which is mounted before (it's marked as 'neededForBoot' after all) the stage 2 init. It should be possible to achieve this with impermanence however, as `/var/log` is mounted in the stage 1 init; The problem is that I have no idea _why_ only this is the only directory mounted and nothing else.
2023-07-08Fix(system/services/keycloak): Use agenix to store passwdSoispha