Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | fix(sys/services/restic): Include a db dump of PostgreSQL | Soispha | 2024-01-14 | |
| | | | | | | | | | | | | | | | Including this dump should remove the risk of a backup with a corrupt PostgreSQL database. Initial test showed that the backup takes around 32 GB and runs in under 3 hours. There is one big oversight not yet included in this commit: All services running a SQLite database are not included in this dump and thus can not be safely recovered. At present these are: - etebase-server (db.sqlite3) - murmur (murmur.sqlite) (This is list was generated with `sudo fd sqlite /srv/`) | |||
* | fix(system/services): import restic config | sils | 2024-01-07 | |
| | ||||
* | feat(system): add restic | sils | 2024-01-07 | |
| | ||||
* | feat(system/secrets): rename .tix files to .age | sils | 2024-01-06 | |
| | ||||
* | feat(system/services/mastodon): define streamingProcesses | sils | 2024-01-06 | |
| | ||||
* | feat(system/services/fail2ban): define config in daemonSettings | sils | 2024-01-06 | |
| | | | | This isn't strictly necessary as we define the default config | |||
* | feat(system/services/matrix): use mautrix-whatsapp module provided by | sils | 2024-01-06 | |
| | | | | nixpkgs | |||
* | chore(merge): branch 'redirect' | sils | 2023-12-12 | |
|\ | ||||
| * | fix(system/services/nginx/redirects): Enable ssl for the domains | Soispha | 2023-11-03 | |
| | | | | | | | | | | | | Although the page does not actually serve any content, many browsers will still refuse to access it at all, if they have the 'https-only' mode activated. | |||
* | | refactor(system/services/etebase): explain outcommented static files | sils | 2023-11-30 | |
| | | ||||
* | | fix(system/services/etebase): don't serve static files | sils | 2023-11-27 | |
| | | | | | | | | This doesn't work as nginx doesn't have the right permissions. | |||
* | | fix(system/services/etebase): serve static_root | sils | 2023-11-27 | |
| | | ||||
* | | fix(system/services/etebase): micellanous changes to make it work | sils | 2023-11-27 | |
| | | ||||
* | | Merge branch 'main' into etebase_new | sils | 2023-11-27 | |
|\ \ | ||||
| * | | fix(system/services/nix): add nixremote to trusted-users | sils | 2023-11-20 | |
| | | | ||||
* | | | fix(system/impermanence): Remove keycloak mod, as it does not exist | Soispha | 2023-11-18 | |
| | | | ||||
* | | | refactor(system/services/etebase): Use a reference to the port number | Soispha | 2023-11-18 | |
| | | | ||||
* | | | fix(system/services/etebase): Use the correct subdomains | Soispha | 2023-11-18 | |
| | | | | | | | | | | | | This is done to comply with the naming scheme employed at `vhack.eu`. | |||
* | | | fix(system/services/etebase): Hard-code localhost ip | Soispha | 2023-11-18 | |
| | | | | | | | | | | | | | | | Otherwise, etebase might use the ipv6 ip, whilst nginx uses the ipv4 version. This prevents this issue | |||
* | | | Fix(system/services/etebase): Add proxy parameters | sils | 2023-11-18 | |
| | | | ||||
* | | | Fix(system/services/etebase): Proxy ipv4 | sils | 2023-11-18 | |
| | | | ||||
* | | | Refactor(system/services/etebase): Format | sils | 2023-11-18 | |
| | | | ||||
* | | | Fix(system/impermanence): Add permissions | sils | 2023-11-18 | |
| | | | ||||
* | | | Fix(system/services/etebase-server): Use nginx | sils | 2023-11-18 | |
| | | | ||||
* | | | Fix(system/impermanence): Add etebase-server | sils | 2023-11-18 | |
| | | | ||||
* | | | Feat(system/services): Add etebase-server | sils | 2023-11-18 | |
| | | | ||||
* | | | Feat(system/secrets): Add etebase-server secret | sils | 2023-11-18 | |
|/ / | ||||
* | | docs(system/services/taskserver): Add docs about expectations to runtime | Soispha | 2023-11-18 | |
| | | ||||
* | | feat(system/users): remove obsolete ss-key for sils | sils | 2023-11-18 | |
| | | | | | | | | | | | | | | | | | | | | | | | | # Please enter the commit message for your changes. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # # On branch main # Your branch is up to date with 'origin/main'. # # Changes to be committed: # modified: system/users/default.nix # | |||
* | | fix(system/services/taskserver): Support both ipv4 and ipv6 | Soispha | 2023-11-18 | |
| | | ||||
* | | fix(system/users): change ssh-keys for sils | sils | 2023-11-18 | |
| | | ||||
* | | fix(system/users): add ssh-key for sils | sils | 2023-11-15 | |
| | | ||||
* | | fix(system/services/taskserver/certs): Move cert generation to script | Soispha | 2023-11-07 | |
|/ | | | | | | This fully removes the human-factor and allows it to just run `./generate` to generate all required certificates and keys (with the needed extra keys and certificates) | |||
* | feat(system/services/taskserver): Add a way to connect users together | Soispha | 2023-10-17 | |
| | ||||
* | fix(system/services/taskserver): Disable debug | Soispha | 2023-10-17 | |
| | ||||
* | fix(system/services/taskserver): Activate debug | Soispha | 2023-10-16 | |
| | ||||
* | fix(system/services/taskserver): Use correct key name (`key.pem`) | Soispha | 2023-10-16 | |
| | ||||
* | fix(system/services/taskserver): Switch to strings instead of paths | Soispha | 2023-10-16 | |
| | ||||
* | fix(system/services/taskserver): Store the self-signed ca key in agenix | Soispha | 2023-10-16 | |
| | ||||
* | feat(system/services/taskserver): Integrate Let's Encrypt certificates | Soispha | 2023-10-16 | |
| | | | | | | | | | | | | The current setup now runs the `taskserver.vhack.eu` domain with a Let's Encrypt certificate and additionally uses a self-signed CA certificate to validate clients. The shell scripts used to generate the CA certificate and the derived client certificate (and keys) are taken nearly unmodified from the upstream repository [1]. [1]: https://github.com/GothenburgBitFactory/taskserver/tree/9794cff61e56bdfb193c6aa4cebb57970ac68aef/pki | |||
* | fix(system/services/taskserver): declare certs/keys in pki.manual | sils | 2023-10-16 | |
| | ||||
* | feat(system/services/taskserver): change ca to letsencrypt | sils | 2023-10-16 | |
| | ||||
* | fix(system/services/taskserver): Hide organisations | Soispha | 2023-10-16 | |
| | ||||
* | refactor(system/services/redirects): Move under the nginx directory | Soispha | 2023-10-14 | |
| | ||||
* | fix(system/services/redirects): disable ssl | sils | 2023-10-14 | |
| | ||||
* | Feat(system/services/redirects): Build up the base to comply with the AGPL | Soispha | 2023-10-14 | |
| | ||||
* | Style(treewide): Merge attrs together | Soispha | 2023-10-14 | |
| | ||||
* | fix(system/services/miniflux): Set correct subdomain, but leave alias | Soispha | 2023-10-13 | |
| | ||||
* | fix(system/services/mastodon): Correctly avoid string casts | Soispha | 2023-10-13 | |
| | ||||
* | Revert "fix(system/services/mastodon): remove unneccessary stringcasts" | sils | 2023-10-13 | |
| | | | | | | These stringcasts were mandatory. This reverts commit cfdd2e350ff5df55beef4fa5b7bc11e9ff5e23c1. |