Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix(system/services/invidious): set db.user to invidious | Silas Schöffel | 2024-06-01 |
| | | | | | This also changes the dbname to "invidious" which isn't mentioned in the commit message as it's the default in nixpkgs. | ||
* | fix(treewide): use invidious-router module provided by nixpkgs | Silas Schöffel | 2024-06-01 |
| | |||
* | feat(system/services/nginx)!: Change meaning of `root` key | Benedikt Peetz | 2024-06-01 |
| | | | | | | | | | | | | The `root` key was rather useless (it was always just the `/etc/.../<domain>` path.). This change gives it a real meaning. See the 'BREAKING CHANGE' section for more information. BREAKING CHANGE: Previously the `root` key denoted the _absolute_ root of a repository. Now it just denotes the root relative (i.e. a path within the built repository) to the repos cloning position. You should just remove the absolute part of the path (that, which is not an output in your built repository) | ||
* | feat(system/services/nginx): add wkd for sils.li | Silas Schöffel | 2024-05-26 |
| | |||
* | feat(system/services/nginx): add wkd for s-schoeffel.de | Silas Schöffel | 2024-05-26 |
| | |||
* | fix(system/services/nginx/hosts): Update trinitrix source git path | Benedikt Peetz | 2024-05-26 |
| | |||
* | feat(system/services/nginx): Add the trinitrix website | Benedikt Peetz | 2024-05-25 |
| | |||
* | feat(system/services/nginx): Add the GPG WKD | Benedikt Peetz | 2024-05-25 |
| | |||
* | feat(system/servies): remove snapper | Silas Schöffel | 2024-04-26 |
| | | | | We handle backups with restic | ||
* | feat(system/services/fail2ban): add postfix jail | Silas Schöffel | 2024-04-25 |
| | | | | | This bans IP Addresses which fail to login into postfix at least 3 times in 600 seconds. | ||
* | style(system/services/mastodon): format with alejandra | Silas Schöffel | 2024-04-25 |
| | |||
* | fix(system/services/mastodon): change back to stable package | Silas Schöffel | 2024-04-25 |
| | |||
* | fix(treewide): move former git-crypted files to correct location | Silas Schöffel | 2024-04-24 |
| | | | | They were accidentally added at the wrong location in dd4b6bcfc16c7c795b697195eb6703966352d9f4 | ||
* | fix(system/services/taskserver): Add required kernel settings | Soispha | 2024-04-02 |
| | | | | | | These are the defaults, but I think it is better to explicitly state them to ensure that we don't suffer from a mistake, when we think about changing them in the future. | ||
* | chore(git-crypt): Remove `git-crypt` and associated encrypted files | Soispha | 2024-03-29 |
| | |||
* | refactor(system/services/taskserver): Move away from git-crypt | Soispha | 2024-03-29 |
| | |||
* | fix(system/services/libreddit): correct binary location in systemd service | Silas Schöffel | 2024-03-28 |
| | | | | | | This is a manual fix until we get this merged into nixpkgs Co-authored-by: Benedikt Peetz <benedikt.peetz@b-peetz.de> | ||
* | feat(system/servics/libreddit): Use the continued redlib package | Soispha | 2024-03-28 |
| | | | | Fixes: #87 | ||
* | fix(system/services/invidious-router): add new healthcheck config | sils | 2024-03-10 |
| | |||
* | fix(system/services/invidious-router): remove invidious.vhack.eu from ↵ | sils | 2024-02-25 |
| | | | | | | | instance list This is necessary because of a bug in our instance which causes search to fail under certain circumstances. | ||
* | style(system/services/invidious-router): one list entry per line | sils | 2024-02-21 |
| | |||
* | fix(system/services/invidious-router): change allowed_status_codes type to int | sils | 2024-02-21 |
| | |||
* | fix(system/services/invidious-router): bind to 127.0.0.1 | sils | 2024-02-21 |
| | |||
* | fix(system/services/invidious-router): correct typo | sils | 2024-02-21 |
| | |||
* | feat(system/services/invidious-router): add extraDomains | sils | 2024-02-19 |
| | |||
* | feat(system/services/invidious-router): add configuration | sils | 2024-02-19 |
| | |||
* | fix: update mastodon | sils | 2024-02-15 |
| | | | | | This uses the mastodon package from nixos-unstable-small because backporting of a security release failed and we can't afford to wait. | ||
* | feat: remove keycloak | sils | 2024-02-11 |
| | |||
* | fix(system/services/invidious-router): fix typo in domain | sils | 2024-02-10 |
| | |||
* | feat: add invidious-router | sils | 2024-02-10 |
| | |||
* | fix(system/services/restic): create /srv/snapshots if non-existent | sils | 2024-01-19 |
| | |||
* | fix(sys/services/restic): Set the system start time to 'daily' | Soispha | 2024-01-14 |
| | | | | | | Considering that the db dump takes longer than an hour, an hourly service start time could lead to multiple dumps happening concurrently. This should reduce this risk | ||
* | fix(sys/services/restic): Include a db dump of PostgreSQL | Soispha | 2024-01-14 |
| | | | | | | | | | | | | | | | Including this dump should remove the risk of a backup with a corrupt PostgreSQL database. Initial test showed that the backup takes around 32 GB and runs in under 3 hours. There is one big oversight not yet included in this commit: All services running a SQLite database are not included in this dump and thus can not be safely recovered. At present these are: - etebase-server (db.sqlite3) - murmur (murmur.sqlite) (This is list was generated with `sudo fd sqlite /srv/`) | ||
* | fix(system/services): import restic config | sils | 2024-01-07 |
| | |||
* | feat(system): add restic | sils | 2024-01-07 |
| | |||
* | feat(system/services/mastodon): define streamingProcesses | sils | 2024-01-06 |
| | |||
* | feat(system/services/fail2ban): define config in daemonSettings | sils | 2024-01-06 |
| | | | | This isn't strictly necessary as we define the default config | ||
* | feat(system/services/matrix): use mautrix-whatsapp module provided by | sils | 2024-01-06 |
| | | | | nixpkgs | ||
* | chore(merge): branch 'redirect' | sils | 2023-12-12 |
|\ | |||
| * | fix(system/services/nginx/redirects): Enable ssl for the domains | Soispha | 2023-11-03 |
| | | | | | | | | | | | | Although the page does not actually serve any content, many browsers will still refuse to access it at all, if they have the 'https-only' mode activated. | ||
* | | refactor(system/services/etebase): explain outcommented static files | sils | 2023-11-30 |
| | | |||
* | | fix(system/services/etebase): don't serve static files | sils | 2023-11-27 |
| | | | | | | | | This doesn't work as nginx doesn't have the right permissions. | ||
* | | fix(system/services/etebase): serve static_root | sils | 2023-11-27 |
| | | |||
* | | fix(system/services/etebase): micellanous changes to make it work | sils | 2023-11-27 |
| | | |||
* | | Merge branch 'main' into etebase_new | sils | 2023-11-27 |
|\ \ | |||
| * | | fix(system/services/nix): add nixremote to trusted-users | sils | 2023-11-20 |
| | | | |||
* | | | refactor(system/services/etebase): Use a reference to the port number | Soispha | 2023-11-18 |
| | | | |||
* | | | fix(system/services/etebase): Use the correct subdomains | Soispha | 2023-11-18 |
| | | | | | | | | | | | | This is done to comply with the naming scheme employed at `vhack.eu`. | ||
* | | | fix(system/services/etebase): Hard-code localhost ip | Soispha | 2023-11-18 |
| | | | | | | | | | | | | | | | Otherwise, etebase might use the ipv6 ip, whilst nginx uses the ipv4 version. This prevents this issue | ||
* | | | Fix(system/services/etebase): Add proxy parameters | sils | 2023-11-18 |
| | | |