summary refs log tree commit diff stats
path: root/system/services/opensshd/default.nix (unfollow)
Commit message (Collapse)Author
3 daysfix(system/services/mastodon): Update char patch to v4.3Benedikt Peetz
4 daysfix(modules/redlib): Change subdomain to `redlib` migrate-by-nameBenedikt Peetz
The old `libreddit` subdomain still has redirection to avoid this being a breaking change. But keeping the old subdomain is rather weird considering their new name.
4 daysrefactor(system/services/libreddit): Migrate to `by-name`Benedikt Peetz
This also includes a rename into `redlib` because of upstream changes.
4 daysrefactor({modules,test}): Migrate to a `by-name` structureBenedikt Peetz
5 daysfix(treewide): Update to nixos release 24.11 update-24.11Benedikt Peetz
5 daysbuild(system/services/taskserver/certs/generate): Convert to `nix-shell`Benedikt Peetz
Lix does not support the newer `nix shell` shebang.
2024-12-06fix(system/services/invidious-router): remove_no_ratio = false HEAD mainSilas Schöffel
2024-11-16fix(system/services/libreddit): Use unstable `redlib` versionBenedikt Peetz
The current stable version has a bug with regard to parsing the current reddit json responses.
2024-11-16build(flake.lock): UpdateBenedikt Peetz
2024-11-03docs(system/services/matrix): Fix typos in commentBenedikt Peetz
2024-11-03build(flake): UpdateBenedikt Peetz
2024-10-05feat(taskserver/certs/ca.certs.pem): Regenerate certificate taskdBenedikt Peetz
2024-10-05refactor(taskserver/certs): Format scripts and allow selecting which certs ↵Benedikt Peetz
to generate
2024-10-05chore(taskserver/certs/ca.key.pem.gpg): reencrypt with new keys as recipientsSilas Schöffel
2024-10-04fix(system/services/invidious-router): Use the unstable pkg updateBenedikt Peetz
This has been updated to provide a means to send the user to YouTube, if no invidious instances are available.
2024-10-04build(flake): UpdateBenedikt Peetz
2024-09-21build(flake): UpdateBenedikt Peetz
2024-09-18fix(system/services/invidious-router): Set health check path to a video URLBenedikt Peetz
The main page does sometimes load, but videos are still not playable. This new path really checks, whether the instance works.
2024-09-06fix(system/impermanence): Persist `/var/lib/nixos`Benedikt Peetz
Otherwise, the mapping of uid/gid to user name or group name could change between reboots, which would result in magically change permissions. We were already affected by this at some point, so just remove the possibility of it happening again.
2024-09-06fix(git-server/cgit): Don't run `cgit` as `root` use `git` insteadBenedikt Peetz
This option was newly added, as previously only on `fcgiwrap` instance was run as root. We probably have not been affected by this, as our `fcgiwrap` instance was already running as `git:nginx`. Usage of the new options seems better either way, as they provide a finer grained control over the user _each_ `fcgiwrap`ped service is running at. The security advisory: https://discourse.nixos.org/t/51419
2024-09-06fix(services/matrix/mautrix-whatsapp): Disable to remove libolmBenedikt Peetz
Libolm is marked as insecure and must thus be removed from the system closure.
2024-09-06build(flake): Update inputsBenedikt Peetz
2024-08-19fix(system/services/invidious-router): Stop filtering regionsSilas Schöffel
Filtering regions limits our possible instance selection without actually providing great value. Let's stop discriminating based on server location.
2024-08-16feat(system/services/mastodon): Apply patch to increase the message length mastodonBenedikt Peetz
2024-08-14fix(disks): Increase root tmpfs size to 6GBBenedikt Peetz
The 2GB are just not enough.
2024-08-14chore(version): v0.24.0 v0.24.0Benedikt Peetz
2024-08-14docs(nixos/git-server): Improve the comment on the possible git config keysBenedikt Peetz
2024-08-14fix(nixos/git-server): Use the correct number in the `section-from-path` settingBenedikt Peetz
Take for example a repository name like: `some/organisation/project_a/team_c/repo_b`. Setting the setting to `-1` means that cgit traverses the path from left to right, until it has found 1 element (and `section-from-path` (or n for short)is 0, because n is incremented after each iteration). E.g. : ~ [n=-1] starting point: `some/organisation/project_a/team_c/repo_b` ~ [n=0] after the first iteration: `some/organisation/project_a/team_c/repo_b` Now `some/organisation/project_a/team_c` becomes the section, whilst `repo_b` becomes the repo name.
2024-08-13build(flake.nix): Remove `ragenix` from the devshellBenedikt Peetz
The rust code does not compile, resulting in a really bothersome wait every time a command is run in the devshell because direnv tries to build it again.
2024-08-13test(nixos/git-server): Include the start of a test for cgit's README renderingBenedikt Peetz
2024-08-13fix(nixos/git-server): Correctly specify the section from path lengthBenedikt Peetz
Cgit effectively splits the repo path on '/' and then takes `section-from-path` segments, which form the section. A negative value here results in cgit traversing the path from left to right instead of right to left. Beware that cgit only sets the section, if the path contains `section-from-path` or more slashes in it (thus rendering this setting defunct with the previous value of 1000). There seems to be no way to tell cgit to always use all components up-to the second to last for the section name, thus requiring all projects that need a longer than 1 section length to set the `cgit.section` git config variable via gitolite.
2024-08-13fix(nixos/git-server): Correctly enable the git config feature of gitoliteBenedikt Peetz
The previously set variable is only used in the gitolite.conf file for the `config` specifications on each repo. We can't use that because we use "wild-repos". Thus we need to add the `user-configs` option to each repo, allow users to change the git settings specified there with a simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`.
2024-08-13fix(nixos/git-server): Use correct regex syntax in allowed git config valuesBenedikt Peetz
2024-08-13fix(nixos/git-server): Correctly specify cgit's css pathBenedikt Peetz
2024-08-13feat(nixos/git-server): Add nice gitolite featuresBenedikt Peetz
2024-08-13fix(nixos/git-server): Tell gitolite to allow changing some `git` settingsBenedikt Peetz
2024-08-13test(tests/git-server): Add initial testsBenedikt Peetz
The last line, testing for the about page rendering is not yet working. I assume that's because of our hand-rolled list-to-string function thingy in the `cgitrc`. After <https://github.com/NixOS/nixpkgs/pull/317293> is merged, this should probably improve immensely.
2024-08-13feat(nixos/git-server): Add further cgit settingsBenedikt Peetz
A lot of the added settings here have been tested. They will get get tests to ensure they stay working, in later commits.
2024-08-02build(tests): Add complementary scriptsBenedikt Peetz
2024-08-02test(tests): Init infrastructureBenedikt Peetz
The modules still need to be imported one-by-one in `default.nix` files because we have yet to rewrite this, but the new test infrastructure might as well use the new `fileset` functions from `nixpkgs`.
2024-08-02feat(hosts/server1): Activate the migrated servicesBenedikt Peetz
2024-08-02refactor(nixos/openssh): Migrate from `system/services`Benedikt Peetz
2024-08-02fix(nixos/git-server): Add the required configuration to support http-cloneBenedikt Peetz
2024-08-02refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`Benedikt Peetz
Nix-sync was sort-of mixed into the nginx configuration, thus separating it completely seemed reasonable.
2024-08-02build(flake): UpdateBenedikt Peetz
2024-07-30build(flake): updateSilas Schöffel
Flake lock file updates: • Updated input 'crane': 'github:ipetkov/crane/2d83156f23c43598cf44e152c33a59d3892f8b29' (2024-07-09) → 'github:ipetkov/crane/529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf' (2024-07-24) • Updated input 'disko': 'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11) → 'github:nix-community/disko/1e6f8a7b4634fc051cc9361959bf414fcf17e094' (2024-07-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/47c71d41a11104e76d093e3de99eb9dd39b6fe47' (2024-07-11) → 'github:NixOS/nixpkgs/89526a7d969e38fe8c30253170d44d0f131882de' (2024-07-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5f3d1d6eb300f17b57f48b726147789c90301320' (2024-07-10) → 'github:NixOS/nixpkgs/3fcada1050e3820241590679838954bacf7d38f8' (2024-07-30) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/fec97e65fcbaab0decccba740ac8688f61dadd70' (2024-07-11) → 'github:oxalica/rust-overlay/38c2f156fca1868c8be7195ddac150522752f6ab' (2024-07-30) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/290a995de5c3d3f08468fa548f0d55ab2efc7b6b' (2024-06-18) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/059b50b2e729729ea00c6831124d3837c494f3d5' (2024-07-16)
2024-07-30fix(git-server): set git default-branch to mainSilas Schöffel
2024-07-11build(flake): updateSilas Schöffel
Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14) → 'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09) • Updated input 'crane': 'github:ipetkov/crane/aa5dcd0518a422dfd545d565f0d5a25971fea52a' (2024-06-29) → 'github:ipetkov/crane/2d83156f23c43598cf44e152c33a59d3892f8b29' (2024-07-09) • Updated input 'disko': 'github:nix-community/disko/d185770ea261fb5cf81aa5ad1791b93a7834d12c' (2024-06-30) → 'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) → 'github:NixOS/nixpkgs/47c71d41a11104e76d093e3de99eb9dd39b6fe47' (2024-07-11) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc' (2024-07-01) → 'github:NixOS/nixpkgs/5f3d1d6eb300f17b57f48b726147789c90301320' (2024-07-10) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/648b25dd9c3acd255dc50c1eb3ca8b987856f675' (2024-07-01) → 'github:oxalica/rust-overlay/fec97e65fcbaab0decccba740ac8688f61dadd70' (2024-07-11)
2024-07-11fix(nginx): add gallery.s-schoeffel.deSilas Schöffel
2024-07-01build(flake): updateSilas Schöffel
Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24) → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14) • Updated input 'crane': 'github:ipetkov/crane/17d9e9dedd58dde2c562a4296934c6d6a0844534' (2024-06-09) → 'github:ipetkov/crane/aa5dcd0518a422dfd545d565f0d5a25971fea52a' (2024-06-29) • Updated input 'disko': 'github:nix-community/disko/c1cfbfad7cb45f0c177b35b59ba67d1b5fc7ca82' (2024-06-10) → 'github:nix-community/disko/d185770ea261fb5cf81aa5ad1791b93a7834d12c' (2024-06-30) • Updated input 'impermanence': 'github:nix-community/impermanence/27979f1c3a0d3b9617a3563e2839114ba7d48d3f' (2024-06-09) → 'github:nix-community/impermanence/23c1f06316b67cb5dabdfe2973da3785cfe9c34a' (2024-06-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f589903f0c98110b2ad5fdd764950a99ec26715e' (2024-06-09) → 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/f12b3b98676c3a9c9373576965743fa30b972b31' (2024-06-10) → 'github:NixOS/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc' (2024-07-01) • Updated input 'ragenix': 'github:yaxitech/ragenix/06de099ef02840ec463419f12de73729d458e1eb' (2024-03-07) → 'github:yaxitech/ragenix/8a254bbaa93fbd38e16f70fa81af6782794e046e' (2024-06-20) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/abfe5b3126b1b7e9e4daafc1c6478d17f0b584e7' (2024-06-10) → 'github:oxalica/rust-overlay/648b25dd9c3acd255dc50c1eb3ca8b987856f675' (2024-07-01) • Removed input 'rust-overlay/flake-utils' • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/0d51a32e4799d081f260eb4db37145f5f4ee7456' (2024-06-04) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/290a995de5c3d3f08468fa548f0d55ab2efc7b6b' (2024-06-18) • Added input 'simple-nixos-mailserver/nixpkgs-24_05': 'github:NixOS/nixpkgs/805a384895c696f802a9bf5bf4720f37385df547' (2024-05-31)