summary refs log tree commit diff stats
path: root/system (follow)
Commit message (Collapse)AuthorAge
...
* | Fix(system/secrets): Ensure that ssh host key is available in stage 2Soispha2023-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `/var/lib/sshd` directory is only mounted _after_ the stage 2 init, thus also after the system activation. Agenix, which runs in the system activation needs the hostkey however to decrypt the secrets needed for some units (as of right now only keycloak). Alas the only way I see to achieve that is to store the ssh hostkey directly on /srv, which is mounted before (it's marked as 'neededForBoot' after all) the stage 2 init. It should be possible to achieve this with impermanence however, as `/var/log` is mounted in the stage 1 init; The problem is that I have no idea _why_ only this is the only directory mounted and nothing else.
* | Fix(system/services/keycloak): Use agenix to store passwdSoispha2023-07-08
| |
* | Feat(flake): Add agenix moduleSoispha2023-07-08
| |
* | Fix(system/services/nix-sync): Nix build needs access to /proc/statSoispha2023-07-08
| |
* | Fix(system/impermanence/m/mail): Add rspamd dirSoispha2023-07-08
| |
* | Fix(system/impermanence/m/users): Make /home readableSoispha2023-07-08
| |
* | Fix(treewide): Move all persistent dirs to impermanence to set permissionsSoispha2023-07-08
| |
* | Fix(system/disks): Change partitioning scheme to support gpt/bios bootSoispha2023-07-08
| |
* | Refactor(system/impermanence): Move to own directorySoispha2023-07-07
| |
* | Feat(system/disks): Add diskoSoispha2023-07-05
| |
* | Style(system/fs_layouts): Merge attrsetsSoispha2023-07-05
| |
* | Fix(system/services/nix-sync): Guard deletion of `repo.path`Soispha2023-07-05
| |
* | Fix(system/services/nix-sync): Pull before rebuildingSoispha2023-07-05
| |
* | Fix(system/services/nix-sync): Generate the needed repo pathsSoispha2023-07-05
| |
* | Fix(system/services/nix-sync): Rebuild website on gcSoispha2023-07-05
| |
* | Fix(system/services/nix-sync): Really remove last reference to git-syncSoispha2023-07-05
| |
* | Fix(system/services/nix-sync): Small typos in ExecStartSoispha2023-07-05
| |
* | Fix(system/fs_layout/impermanence): Make sshd dir 755Soispha2023-07-05
| |
* | Feat(system/services/nix-sync): Split unit into a timer and unitSoispha2023-07-04
| |
* | Fix(system/services/nginx): Set the correct acme webRootSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Use cache directorySoispha2023-07-04
| |
* | Docs(system/services/nix-sync): Change last remnant from git-syncSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Use correct git urlsSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Generate root independent of pathSoispha2023-07-04
| |
* | Fix(system/services/openssh): Set correct permissions on ssh dirSoispha2023-07-04
| |
* | Fix(system/services/nginx): Create nix-sync cache through impermanenceSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Add the cachePath rwSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Add '/etc/nginx/websites' to kept dirsSoispha2023-07-04
| |
* | Fix(system/services): Move acmeWebRoot back to /var/lib/acmeSoispha2023-07-04
| |
* | Feat(system/file_system_layout): Add impermanenceSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Remove slash from cachePathSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Add some required paths to unitSoispha2023-07-04
| |
* | Refactor(system/services/nix-sync): Consolidate into repoCachePathSoispha2023-07-04
| |
* | Fix(system/services/nginx): Remove slash from acme webrootSoispha2023-07-04
| |
* | Fix(system/services): Inherit acmeRoot manuallySoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Generate user and group if set to defaultSoispha2023-07-04
| |
* | Fix(system/services/nix-sync): Rename units to nix-sync-<domain>Soispha2023-07-04
| |
* | Fix(system/services/nix-sync): Use correct shell escape for pathsSoispha2023-07-04
| |
* | Fix(system/services/nginx/hosts): Inherit acmeRoot settingSoispha2023-07-04
| |
* | Style(system/services/nginx): Use nested attr set for acme optionsSoispha2023-07-03
| |
* | Fix(system): Import everythingSoispha2023-07-03
| |
* | Fix(system/services/openssh): Rename to 'openssh' as the 'd' is a typoSoispha2023-07-03
| |
* | Fix(system/services/mail): Tell git-crypt new users.nix locationsils2023-07-03
| |
* | Fix(system/services/nix-sync): Use correct writeScript functionSoispha2023-07-03
| |
* | Refactor(system/services/mail): Move mail to services as it's oneSoispha2023-07-03
| |
* | Fix(system): Import everythingSoispha2023-07-03
| |
* | Fix(system/services/nix-sync): Fully rename to nix-syncSoispha2023-07-03
| |
* | Refactor(system/services/nginx): Adapt to new nix-sync moduleSoispha2023-07-03
| |
* | Feat(system/services/nix-sync): Remodel git-sync to make it usefulSoispha2023-07-03
| |
* | Fix(system/fs-layout): Remove persistent dir as it's now in /srvSoispha2023-06-25
| |