Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | chore(version): v0.9.0 | sils | 2023-08-13 | |
| | ||||
* | Fix(system/secrets): Tell (r)agenix new location of invidious hmac secret | sils | 2023-08-13 | |
| | ||||
* | chore(version): v0.8.0 | Soispha | 2023-08-11 | |
| | ||||
* | Chore(Merge): Branch 'invidious' | Soispha | 2023-08-11 | |
|\ | ||||
| * | Fix(system/services/invidious): Add interpreter to start script | Soispha | 2023-08-11 | |
| | | ||||
| * | Fix(system/services/invidious): Force the new script option to be applied | Soispha | 2023-08-11 | |
| | | ||||
| * | Fix(system/service/invidious): Copy their script, to remove shell escape | Soispha | 2023-08-11 | |
| | | | | | | | | | | | | | | The default ExecStart implementation in the module, escapes all stings. This does not work for us because we need to use the `$CREDENTIALS_DIR` environment variable, for the credentials deployed in den `LoadCredential` option | |||
| * | Fix(system/services/invidious): Set correct access permissions on hmac | Soispha | 2023-08-11 | |
| | | ||||
| * | Fix(system/services/invidious): Check tables on startup | Soispha | 2023-08-11 | |
| | | ||||
| * | Refactor(system/secrets/invidious): Remove unneeded files and improve names | Soispha | 2023-08-11 | |
| | | ||||
| * | Fix(system/services/invidious): Quote attr names in json config | Soispha | 2023-08-11 | |
| | | ||||
| * | Fix(system/secrets/invidious): Change formatting of invidiousSettings | sils | 2023-08-11 | |
| | | ||||
| * | Fix(system/secrets): make invidious settings readable for invidious | sils | 2023-08-11 | |
| | | ||||
| * | Fix(system): Binary substitution for debugging | sils | 2023-08-11 | |
| | | ||||
| * | Fix(system/services/invidious): Specifiy database host | sils | 2023-08-11 | |
| | | ||||
| * | Feat(system): Add invidious | sils | 2023-08-11 | |
| | | ||||
| * | Refactor(system/secrets/secrets.nix): Remove redundant secretlist | sils | 2023-08-11 | |
| | | ||||
* | | chore(version): v0.8.0 v0.8.0 | Soispha | 2023-08-11 | |
|/ | ||||
* | Merge: Branch 'snapper' | Soispha | 2023-08-11 | |
|\ | ||||
| * | Feat(system/services/snapper): Add | Soispha | 2023-08-02 | |
| | | ||||
* | | Fix(system/users): declare nixremote as normal user | sils | 2023-08-04 | |
| | | ||||
* | | Feat(system/users): Add nixremote | sils | 2023-08-04 | |
|/ | | | | This user is intended to be used for remote-builds | |||
* | Fix(system/services/nix-sync): Remove timeout on build | Soispha | 2023-08-02 | |
| | | | | | | | The unit had the potential to fail, if the build took longer than the default timeout. This is obviously not ideal, so the timeout was removed, as all nix builds should be safe enough not to devour resources. | |||
* | Fix(system/services/nix-sync): Rebase on pulls, to allow for force pushes | Soispha | 2023-08-02 | |
| | | | | | | | | As the nix-sync service should _never_ commit new stuff, this rebase should always be a fast-forward, i.e. it works without manual intervention. Without the rebase as argument, this services would break, when the history gets rewritten, for example on a amended commit. | |||
* | Fix(system/services/nix-sync): Make the timer relative to the unit start | Soispha | 2023-08-02 | |
| | | | | | | | The timer before hand started `repo.interval` after it self was started, i.e., it was a oneshot timer. This change now fixes this by make the point the timer activates relative to the time elapsed, since the associated unit was last started. | |||
* | Feat(system/services/nginx/hosts): Add another domain | Soispha | 2023-07-31 | |
| | ||||
* | Fix(treewide): Use correct function argument specification | Soispha | 2023-07-28 | |
| | ||||
* | Feat(system/services/mail/users): Add mailusers | Soispha | 2023-07-28 | |
| | ||||
* | Refactor(system/services/nginx): Reduce encrypted stuff to a minimum | Soispha | 2023-07-28 | |
| | ||||
* | Fix(system/services/mail): Update mail users | sils | 2023-07-28 | |
| | ||||
* | Fix(system/services/matrix/bridges/m-wa): Use own database | Soispha | 2023-07-27 | |
| | ||||
* | Fix(system/services/matrix/bridges/m-wa): Correct postgresql uri | Soispha | 2023-07-27 | |
| | ||||
* | Fix(system/impermanence): Keycloak was actually postgresql | Soispha | 2023-07-27 | |
| | ||||
* | Feat(system/services/matrix/bridges): Add mautrix-whatsapp bridge | Soispha | 2023-07-27 | |
| | ||||
* | Fix(system/mail): Add User | sils | 2023-07-26 | |
| | ||||
* | Fix(system/services/mail): Add new user | sils | 2023-07-25 | |
| | ||||
* | Fix(system/services/matrix): Change registration_shared_secret_path to | sils | 2023-07-22 | |
| | | | | age secret | |||
* | Feat(system/secrets): Add matrix-synapse_registration_shared_secret | sils | 2023-07-22 | |
| | ||||
* | Fix(system/services/matrix): Add registration_shared_secret to register | sils | 2023-07-22 | |
| | | | | users | |||
* | Fix(system/services/matrix): Move persisting files ctrl to impermanence | Soispha | 2023-07-22 | |
| | ||||
* | Fix(system/services/matrix): Fix extra " =" in locations path | Soispha | 2023-07-22 | |
| | ||||
* | Feat(system): Add matrix-synapse | sils | 2023-07-20 | |
|\ | ||||
| * | Feat(system/services): Add matrix synapse | sils | 2023-06-19 | |
| | | ||||
* | | Chore(system/secrets): Rekey to support new public key | Soispha | 2023-07-19 | |
| | | ||||
* | | Style(treewide): Format after removing vim lines | Soispha | 2023-07-19 | |
| | | ||||
* | | Feat(.editorconfig): Add the configuration for all files | Soispha | 2023-07-19 | |
| | | | | | | | | | | This sets some formatting option based on the file. In comparison to the vim lines, this should be supported by more editors. | |||
* | | Chore(system/secrets): Add sils' public key | sils | 2023-07-19 | |
| | | ||||
* | | Fix(system/secrets): Update after redeploy | Soispha | 2023-07-08 | |
| | | ||||
* | | Fix(system/secrets): Ensure that ssh host key is available in stage 2 | Soispha | 2023-07-08 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `/var/lib/sshd` directory is only mounted _after_ the stage 2 init, thus also after the system activation. Agenix, which runs in the system activation needs the hostkey however to decrypt the secrets needed for some units (as of right now only keycloak). Alas the only way I see to achieve that is to store the ssh hostkey directly on /srv, which is mounted before (it's marked as 'neededForBoot' after all) the stage 2 init. It should be possible to achieve this with impermanence however, as `/var/log` is mounted in the stage 1 init; The problem is that I have no idea _why_ only this is the only directory mounted and nothing else. | |||
* | | Fix(system/services/keycloak): Use agenix to store passwd | Soispha | 2023-07-08 | |
| | |