summary refs log tree commit diff stats
path: root/system/services (follow)
Commit message (Collapse)AuthorAge
* fix(etesync-server): Re-activateBenedikt Peetz2024-06-11
|
* fix(fail2ban): increase max retry number to 7Silas Schöffel2024-06-05
|
* fix(nix-sync): Don't try to exit in a subshellBenedikt Peetz2024-06-05
| | | | | | | | The `(cmd1 && cmd2)` pattern works, but fails with commands like `exit` as the parentheses start a new subshell, which the `exit` command will then close instead of exiting the main shell. The curly brackets have the intended effect here, as they simply group the commands together.
* fix(nix-sync): Ensure that the `target` for `ln` never ends with a `/`Benedikt Peetz2024-06-05
| | | | Otherwise, `ln` tries to create the symlink _in_ the target directory.
* fix(nix-sync): Add code-path to create a repo's path, if absentBenedikt Peetz2024-06-05
|
* fix(nix-sync): Ensure that the service can write to all needed pathsBenedikt Peetz2024-06-01
| | | | | | | Previously, the generated service _could_ write to the directory, but wanted to create the directory, if it was absent. Creating this directory, requires to be able to write in the parent directory. This is fixed, by ensuring that the parent directories are included.
* fix(nix-sync): Explicitly set the `network-online.target` dependencyBenedikt Peetz2024-06-01
|
* feat(etebase)!: disable etebase-serverSilas Schöffel2024-06-01
| | | | | | Sadly, it's author didn't manage to update to a newer version of django before the used version (3.2) reached EOL and was affected by CVE-2024-27351. It's unreasonable to continue using it.
* fix(system/services/invidious): set db.user to invidiousSilas Schöffel2024-06-01
| | | | | This also changes the dbname to "invidious" which isn't mentioned in the commit message as it's the default in nixpkgs.
* fix(treewide): use invidious-router module provided by nixpkgsSilas Schöffel2024-06-01
|
* feat(system/services/nginx)!: Change meaning of `root` keyBenedikt Peetz2024-06-01
| | | | | | | | | | | | The `root` key was rather useless (it was always just the `/etc/.../<domain>` path.). This change gives it a real meaning. See the 'BREAKING CHANGE' section for more information. BREAKING CHANGE: Previously the `root` key denoted the _absolute_ root of a repository. Now it just denotes the root relative (i.e. a path within the built repository) to the repos cloning position. You should just remove the absolute part of the path (that, which is not an output in your built repository)
* feat(system/services/nginx): add wkd for sils.liSilas Schöffel2024-05-26
|
* feat(system/services/nginx): add wkd for s-schoeffel.deSilas Schöffel2024-05-26
|
* fix(system/services/nginx/hosts): Update trinitrix source git pathBenedikt Peetz2024-05-26
|
* feat(system/services/nginx): Add the trinitrix websiteBenedikt Peetz2024-05-25
|
* feat(system/services/nginx): Add the GPG WKDBenedikt Peetz2024-05-25
|
* feat(system/servies): remove snapperSilas Schöffel2024-04-26
| | | | We handle backups with restic
* feat(system/services/fail2ban): add postfix jailSilas Schöffel2024-04-25
| | | | | This bans IP Addresses which fail to login into postfix at least 3 times in 600 seconds.
* style(system/services/mastodon): format with alejandraSilas Schöffel2024-04-25
|
* fix(system/services/mastodon): change back to stable packageSilas Schöffel2024-04-25
|
* fix(treewide): move former git-crypted files to correct locationSilas Schöffel2024-04-24
| | | | They were accidentally added at the wrong location in dd4b6bcfc16c7c795b697195eb6703966352d9f4
* fix(system/services/taskserver): Add required kernel settingsSoispha2024-04-02
| | | | | | These are the defaults, but I think it is better to explicitly state them to ensure that we don't suffer from a mistake, when we think about changing them in the future.
* chore(git-crypt): Remove `git-crypt` and associated encrypted filesSoispha2024-03-29
|
* refactor(system/services/taskserver): Move away from git-cryptSoispha2024-03-29
|
* fix(system/services/libreddit): correct binary location in systemd serviceSilas Schöffel2024-03-28
| | | | | | This is a manual fix until we get this merged into nixpkgs Co-authored-by: Benedikt Peetz <benedikt.peetz@b-peetz.de>
* feat(system/servics/libreddit): Use the continued redlib packageSoispha2024-03-28
| | | | Fixes: #87
* fix(system/services/invidious-router): add new healthcheck configsils2024-03-10
|
* fix(system/services/invidious-router): remove invidious.vhack.eu from ↵sils2024-02-25
| | | | | | | instance list This is necessary because of a bug in our instance which causes search to fail under certain circumstances.
* style(system/services/invidious-router): one list entry per linesils2024-02-21
|
* fix(system/services/invidious-router): change allowed_status_codes type to intsils2024-02-21
|
* fix(system/services/invidious-router): bind to 127.0.0.1sils2024-02-21
|
* fix(system/services/invidious-router): correct typosils2024-02-21
|
* feat(system/services/invidious-router): add extraDomainssils2024-02-19
|
* feat(system/services/invidious-router): add configurationsils2024-02-19
|
* fix: update mastodonsils2024-02-15
| | | | | This uses the mastodon package from nixos-unstable-small because backporting of a security release failed and we can't afford to wait.
* feat: remove keycloaksils2024-02-11
|
* fix(system/services/invidious-router): fix typo in domainsils2024-02-10
|
* feat: add invidious-routersils2024-02-10
|
* fix(system/services/restic): create /srv/snapshots if non-existentsils2024-01-19
|
* fix(sys/services/restic): Set the system start time to 'daily'Soispha2024-01-14
| | | | | | Considering that the db dump takes longer than an hour, an hourly service start time could lead to multiple dumps happening concurrently. This should reduce this risk
* fix(sys/services/restic): Include a db dump of PostgreSQLSoispha2024-01-14
| | | | | | | | | | | | | | | Including this dump should remove the risk of a backup with a corrupt PostgreSQL database. Initial test showed that the backup takes around 32 GB and runs in under 3 hours. There is one big oversight not yet included in this commit: All services running a SQLite database are not included in this dump and thus can not be safely recovered. At present these are: - etebase-server (db.sqlite3) - murmur (murmur.sqlite) (This is list was generated with `sudo fd sqlite /srv/`)
* fix(system/services): import restic configsils2024-01-07
|
* feat(system): add resticsils2024-01-07
|
* feat(system/services/mastodon): define streamingProcessessils2024-01-06
|
* feat(system/services/fail2ban): define config in daemonSettingssils2024-01-06
| | | | This isn't strictly necessary as we define the default config
* feat(system/services/matrix): use mautrix-whatsapp module provided bysils2024-01-06
| | | | nixpkgs
* chore(merge): branch 'redirect'sils2023-12-12
|\
| * fix(system/services/nginx/redirects): Enable ssl for the domainsSoispha2023-11-03
| | | | | | | | | | | | Although the page does not actually serve any content, many browsers will still refuse to access it at all, if they have the 'https-only' mode activated.
* | refactor(system/services/etebase): explain outcommented static filessils2023-11-30
| |
* | fix(system/services/etebase): don't serve static filessils2023-11-27
| | | | | | | | This doesn't work as nginx doesn't have the right permissions.