summary refs log tree commit diff stats
path: root/system (follow)
Commit message (Collapse)AuthorAge
* feat(taskserver/certs/ca.certs.pem): Regenerate certificate taskdBenedikt Peetz2024-10-05
|
* refactor(taskserver/certs): Format scripts and allow selecting which certs ↵Benedikt Peetz2024-10-05
| | | | to generate
* chore(taskserver/certs/ca.key.pem.gpg): reencrypt with new keys as recipientsSilas Schöffel2024-10-05
|
* fix(system/services/invidious-router): Use the unstable pkg updateBenedikt Peetz2024-10-04
| | | | | This has been updated to provide a means to send the user to YouTube, if no invidious instances are available.
* fix(system/services/invidious-router): Set health check path to a video URLBenedikt Peetz2024-09-18
| | | | | The main page does sometimes load, but videos are still not playable. This new path really checks, whether the instance works.
* fix(system/impermanence): Persist `/var/lib/nixos`Benedikt Peetz2024-09-06
| | | | | | | | | Otherwise, the mapping of uid/gid to user name or group name could change between reboots, which would result in magically change permissions. We were already affected by this at some point, so just remove the possibility of it happening again.
* fix(services/matrix/mautrix-whatsapp): Disable to remove libolmBenedikt Peetz2024-09-06
| | | | | Libolm is marked as insecure and must thus be removed from the system closure.
* fix(system/services/invidious-router): Stop filtering regionsSilas Schöffel2024-08-19
| | | | | | Filtering regions limits our possible instance selection without actually providing great value. Let's stop discriminating based on server location.
* feat(system/services/mastodon): Apply patch to increase the message length mastodonBenedikt Peetz2024-08-16
|
* fix(disks): Increase root tmpfs size to 6GBBenedikt Peetz2024-08-14
| | | | The 2GB are just not enough.
* refactor(nixos/openssh): Migrate from `system/services`Benedikt Peetz2024-08-02
|
* refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`Benedikt Peetz2024-08-02
| | | | | Nix-sync was sort-of mixed into the nginx configuration, thus separating it completely seemed reasonable.
* fix(nginx): add gallery.s-schoeffel.deSilas Schöffel2024-07-11
|
* style(system/services/mastodon): Remove forgotten `pkgs-unstable`Benedikt Peetz2024-06-28
|
* fix(peertube): Activate smtp supportBenedikt Peetz2024-06-28
|
* fix(nix-sync): Change last occurrences of `repo.path` to `repoPath`Benedikt Peetz2024-06-15
| | | | | | | Using `repo.path` (with the slash on the end) results in operations on the directory, which is the symlink target. Using `repoPath` (without the slash) instead results in the intended operations on the symlink itself.
* refactor(modules/etesync): Move to a complete moduleBenedikt Peetz2024-06-13
|
* fix(impermanence): Re-active etesync moduleBenedikt Peetz2024-06-13
|
* fix(libreddit): Remove manual module overrideBenedikt Peetz2024-06-11
| | | | The fixes have been up streamed into `nixpkgs` by now.
* fix(etesync-server): Re-activateBenedikt Peetz2024-06-11
|
* fix(fail2ban): increase max retry number to 7Silas Schöffel2024-06-05
|
* fix(nix-sync): Don't try to exit in a subshellBenedikt Peetz2024-06-05
| | | | | | | | The `(cmd1 && cmd2)` pattern works, but fails with commands like `exit` as the parentheses start a new subshell, which the `exit` command will then close instead of exiting the main shell. The curly brackets have the intended effect here, as they simply group the commands together.
* fix(nix-sync): Ensure that the `target` for `ln` never ends with a `/`Benedikt Peetz2024-06-05
| | | | Otherwise, `ln` tries to create the symlink _in_ the target directory.
* fix(nix-sync): Add code-path to create a repo's path, if absentBenedikt Peetz2024-06-05
|
* fix(nix-sync): Ensure that the service can write to all needed pathsBenedikt Peetz2024-06-01
| | | | | | | Previously, the generated service _could_ write to the directory, but wanted to create the directory, if it was absent. Creating this directory, requires to be able to write in the parent directory. This is fixed, by ensuring that the parent directories are included.
* fix(treewide): stop using none-existent etebase user and groupSilas Schöffel2024-06-01
|
* fix(nix-sync): Explicitly set the `network-online.target` dependencyBenedikt Peetz2024-06-01
|
* fix(disko): explicitely state type of main diskSilas Schöffel2024-06-01
|
* feat(etebase)!: disable etebase-serverSilas Schöffel2024-06-01
| | | | | | Sadly, it's author didn't manage to update to a newer version of django before the used version (3.2) reached EOL and was affected by CVE-2024-27351. It's unreasonable to continue using it.
* fix(system/services/invidious): set db.user to invidiousSilas Schöffel2024-06-01
| | | | | This also changes the dbname to "invidious" which isn't mentioned in the commit message as it's the default in nixpkgs.
* fix(treewide): use invidious-router module provided by nixpkgsSilas Schöffel2024-06-01
|
* feat(system/services/nginx)!: Change meaning of `root` keyBenedikt Peetz2024-06-01
| | | | | | | | | | | | The `root` key was rather useless (it was always just the `/etc/.../<domain>` path.). This change gives it a real meaning. See the 'BREAKING CHANGE' section for more information. BREAKING CHANGE: Previously the `root` key denoted the _absolute_ root of a repository. Now it just denotes the root relative (i.e. a path within the built repository) to the repos cloning position. You should just remove the absolute part of the path (that, which is not an output in your built repository)
* feat(system/services/nginx): add wkd for sils.liSilas Schöffel2024-05-26
|
* feat(system/services/nginx): add wkd for s-schoeffel.deSilas Schöffel2024-05-26
|
* fix(system/services/nginx/hosts): Update trinitrix source git pathBenedikt Peetz2024-05-26
|
* feat(system/services/nginx): Add the trinitrix websiteBenedikt Peetz2024-05-25
|
* feat(system/services/nginx): Add the GPG WKDBenedikt Peetz2024-05-25
|
* feat(system/users/soispha): Set a new gpg-based ssh keyBenedikt Peetz2024-05-14
|
* feat(system/servies): remove snapperSilas Schöffel2024-04-26
| | | | We handle backups with restic
* feat(system/services/fail2ban): add postfix jailSilas Schöffel2024-04-25
| | | | | This bans IP Addresses which fail to login into postfix at least 3 times in 600 seconds.
* style(system/services/mastodon): format with alejandraSilas Schöffel2024-04-25
|
* fix(system/impermanence/mods/mail.nix): fix typoSilas Schöffel2024-04-25
|
* fix(system/services/mastodon): change back to stable packageSilas Schöffel2024-04-25
|
* fix(mail): persist additional state directoriesSilas Schöffel2024-04-24
| | | | | This preserves mail state to prevent running out of memory and thus makes our mailsetup more reliable.
* fix(treewide): move former git-crypted files to correct locationSilas Schöffel2024-04-24
| | | | They were accidentally added at the wrong location in dd4b6bcfc16c7c795b697195eb6703966352d9f4
* fix(system/services/taskserver): Add required kernel settingsSoispha2024-04-02
| | | | | | These are the defaults, but I think it is better to explicitly state them to ensure that we don't suffer from a mistake, when we think about changing them in the future.
* chore(git-crypt): Remove `git-crypt` and associated encrypted filesSoispha2024-03-29
|
* refactor(system/services/taskserver): Move away from git-cryptSoispha2024-03-29
|
* style(system/secrets): Sort `secret.nix` and `default.nix` alphabeticallySoispha2024-03-29
|
* fix(system/services/libreddit): correct binary location in systemd serviceSilas Schöffel2024-03-28
| | | | | | This is a manual fix until we get this merged into nixpkgs Co-authored-by: Benedikt Peetz <benedikt.peetz@b-peetz.de>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-28 23:40:37 +0000