# Changelog All notable changes to this project will be documented in this file. See [conventional commits](https://www.conventionalcommits.org/) for commit guidelines. - - - ## v0.24.0 - 2024-08-14 #### Bug Fixes - **(disko)** explicitely state type of main disk - (6d116da) - Silas Schöffel - **(etesync-server)** Re-activate - (cb3aa75) - Benedikt Peetz - **(fail2ban)** increase max retry number to 7 - (de89fa0) - Silas Schöffel - **(flake)** override invidious-router-flake nixpkgs with nixpkgs-unstable - (fba2650) - sils - **(flake)** update invidious-router-flake url - (6bbe7b3) - sils - **(git-server)** set git default-branch to main - (6f86a93) - Silas Schöffel - **(git-server)** enable http-clone through cgit - (129e614) - Silas Schöffel - **(git-server)** enable SSL for cgit - (14938c6) - Silas Schöffel - **(gitattributes)** Remove unused taskserver paths - (fe7bc38) - Soispha - **(gitolite)** change user to git - (deabf78) - Silas Schöffel - **(impermanence)** Re-active etesync module - (8f78f52) - Benedikt Peetz - **(libreddit)** Remove manual module override - (5ce77f1) - Benedikt Peetz - **(mail)** persist additional state directories - (35eb6de) - Silas Schöffel - **(nginx)** add gallery.s-schoeffel.de - (c74eeaa) - Silas Schöffel - **(nix-sync)** Change last occurrences of `repo.path` to `repoPath` - (9b81ec3) - Benedikt Peetz - **(nix-sync)** Don't try to exit in a subshell - (4721eb7) - Benedikt Peetz - **(nix-sync)** Ensure that the `target` for `ln` never ends with a `/` - (2adfa79) - Benedikt Peetz - **(nix-sync)** Add code-path to create a repo's path, if absent - (2742072) - Benedikt Peetz - **(nix-sync)** Ensure that the service can write to all needed paths - (1652407) - Benedikt Peetz - **(nix-sync)** Explicitly set the `network-online.target` dependency - (a2e86e1) - Benedikt Peetz - **(nixos/git-server)** Use the correct number in the `section-from-path` setting - (5967931) - Benedikt Peetz - **(nixos/git-server)** Correctly specify the section from path length - (4337bf2) - Benedikt Peetz - **(nixos/git-server)** Correctly enable the git config feature of gitolite - (6a66736) - Benedikt Peetz - **(nixos/git-server)** Use correct regex syntax in allowed git config values - (5cbc15b) - Benedikt Peetz - **(nixos/git-server)** Correctly specify cgit's css path - (1b30ea9) - Benedikt Peetz - **(nixos/git-server)** Tell gitolite to allow changing some `git` settings - (b2bb2de) - Benedikt Peetz - **(nixos/git-server)** Add the required configuration to support http-clone - (d8fd64d) - Benedikt Peetz - **(peertube)** allow sane user creation - (8e7bd12) - Silas Schöffel - **(peertube)** configure https - (46b5d53) - Silas Schöffel - **(peertube)** Specify admin email (where to send the reports to) - (37dd8fb) - Benedikt Peetz - **(peertube)** Use correct localhost ip - (d33cc61) - Benedikt Peetz - **(peertube)** Add required listen setting - (f5d531e) - Benedikt Peetz - **(peertube)** Activate smtp support - (0fbb1f3) - Benedikt Peetz - **(peertube)** Ensure that the nginx reverse proxy works - (625a776) - Benedikt Peetz - **(peertube/secrets)** Improve smtp secret - (328fccc) - Benedikt Peetz - **(secrets.nix)** Remove non-existent `settings.age` secret file - (5aca455) - Benedikt Peetz - **(system/impermanence/mods/mail.nix)** fix typo - (14ef60c) - Silas Schöffel - **(system/impermanence/mods/users.nix)** add /root/.ssh as persistent directory - (746814e) - sils - **(system/services/invidious)** set db.user to invidious - (b3396ab) - Silas Schöffel - **(system/services/invidious-router)** add new healthcheck config - (217efda) - sils - **(system/services/invidious-router)** remove invidious.vhack.eu from instance list - (3a12985) - sils - **(system/services/invidious-router)** change allowed_status_codes type to int - (cad78b3) - sils - **(system/services/invidious-router)** bind to 127.0.0.1 - (de44cb9) - sils - **(system/services/invidious-router)** correct typo - (a22ad26) - sils - **(system/services/libreddit)** correct binary location in systemd service - (ccefd04) - Silas Schöffel - **(system/services/mastodon)** change back to stable package - (bf49e56) - Silas Schöffel - **(system/services/nginx/hosts)** Update trinitrix source git path - (dd12c9c) - Benedikt Peetz - **(system/services/taskserver)** Add required kernel settings - (9025068) - Soispha - **(treewide)** stop using none-existent etebase user and group - (a60bd0f) - Silas Schöffel - **(treewide)** use invidious-router module provided by nixpkgs - (34fa09d) - Silas Schöffel - **(treewide)** move former git-crypted files to correct location - (1f461e4) - Silas Schöffel #### Build system - **(flake)** Update - (871c99b) - Benedikt Peetz - **(flake)** update - (00a4d38) - Silas Schöffel - **(flake)** update - (572d1e5) - Silas Schöffel - **(flake)** update - (4fd150a) - Silas Schöffel - **(flake)** update - (bcd9ceb) - Silas Schöffel - **(flake)** update simple-nixos-mailserver to master - (46df7d6) - Silas Schöffel - **(flake)** update - (e34edf8) - Silas Schöffel - **(flake)** update - (cf13080) - Silas Schöffel - **(flake)** Update - (54aae2c) - Soispha - **(flake)** update - (435a7e4) - sils - **(flake)** update - (aff24bb) - sils - **(flake)** update - (d8e9e5a) - sils - **(flake)** update invidious-router-flake - (16d27ad) - sils - **(flake)** Update - (0b0be92) - Soispha - **(flake)** update - (2f41a3e) - sils - **(flake.nix)** Remove `ragenix` from the devshell - (105e4ff) - Benedikt Peetz - **(tests)** Add complementary scripts - (1de8eda) - Benedikt Peetz #### Documentation - **(nixos/git-server)** Improve the comment on the possible git config keys - (6b07f0e) - Benedikt Peetz - **(password)** Add documentation on the creation of new service passwords - (6298e41) - Benedikt Peetz #### Features - **(etebase)** disable etebase-server - (34996d7) - Silas Schöffel - **(flake)** Add `git-bug` - (fc611d7) - Benedikt Peetz - **(flake)** update nixpkgs to 24.05 - (11cebdc) - Silas Schöffel - **(hosts/server1)** Activate the migrated services - (92c6efe) - Benedikt Peetz - **(nixos/git-server)** Add nice gitolite features - (3b3f2ff) - Benedikt Peetz - **(nixos/git-server)** Add further cgit settings - (37352ea) - Benedikt Peetz - **(peertube)** Init - (580b011) - Benedikt Peetz - **(system/services/fail2ban)** add postfix jail - (9c17c1c) - Silas Schöffel - **(system/services/invidious-router)** add extraDomains - (1fa1ae2) - sils - **(system/services/invidious-router)** add configuration - (e5a029e) - sils - **(system/services/nginx)** Change meaning of `root` key - (49659ab) - Benedikt Peetz - **(system/services/nginx)** add wkd for sils.li - (3f75052) - Silas Schöffel - **(system/services/nginx)** add wkd for s-schoeffel.de - (89185d7) - Silas Schöffel - **(system/services/nginx)** Add the trinitrix website - (3e3aa5a) - Benedikt Peetz - **(system/services/nginx)** Add the GPG WKD - (572cb12) - Benedikt Peetz - **(system/servics/libreddit)** Use the continued redlib package - (b9d8295) - Soispha - **(system/servies)** remove snapper - (fa289bf) - Silas Schöffel - **(system/users/soispha)** Set a new gpg-based ssh key - (90b2b99) - Benedikt Peetz - **(treewide)** add git-server module - (4215714) - Silas Schöffel #### Miscellaneous Chores - **(flake)** override simple-nixos-mailserver.inputs.utils - (0486b37) - Silas Schöffel - **(git-crypt)** Remove `.git-crypt` directory - (07a442f) - Soispha - **(git-crypt)** Re-add previously encrypted files in decrypted form - (dd4b6bc) - Soispha - **(git-crypt)** Remove `git-crypt` and associated encrypted files - (71dce73) - Soispha #### Refactoring - **(flake)** Use camelCase for `pkgsUnstable` - (59c2568) - Benedikt Peetz - **(modules)** Ensure strict coherence to patterns - (8b628ed) - Benedikt Peetz - **(modules/etesync)** Move to a complete module - (c33889e) - Benedikt Peetz - **(nixos/openssh)** Migrate from `system/services` - (4c978e0) - Benedikt Peetz - **(system/services/taskserver)** Move away from git-crypt - (94b9ce3) - Soispha #### Style - **(flake)** format with alejandra - (6827e42) - sils - **(system/secrets)** Sort `secret.nix` and `default.nix` alphabetically - (e37ce0b) - Soispha - **(system/services/invidious-router)** one list entry per line - (3ef119b) - sils - **(system/services/mastodon)** Remove forgotten `pkgs-unstable` - (7ae7a69) - Benedikt Peetz - **(system/services/mastodon)** format with alejandra - (93bfe12) - Silas Schöffel #### Tests - **(nixos/git-server)** Include the start of a test for cgit's README rendering - (5e87897) - Benedikt Peetz - **(tests)** Init infrastructure - (9a80695) - Benedikt Peetz - **(tests/git-server)** Add initial tests - (0f76cb1) - Benedikt Peetz - - - ## v0.23.1 - 2024-02-15 #### Bug Fixes - update mastodon - (37f71c4) - sils - - - ## v0.23.0 - 2024-02-15 #### Bug Fixes - **(flake)** rename invidious-router to invidious-router-flake - (6476a4e) - sils #### Build system - **(flake)** update - (feca110) - sils - **(flake)** update - (7ae7cd1) - sils #### Features - remove keycloak - (455df50) - sils - - - ## v0.22.0 - 2024-02-11 #### Bug Fixes - **(system/services/invidious-router)** fix typo in domain - (cfb2f00) - sils #### Build system - **(flake)** update - (dc7a8a2) - sils #### Features - add invidious-router - (e4cfc59) - sils - - - ## v0.21.0 - 2024-01-19 #### Bug Fixes - **(.gitignore)** exclude nix build result - (9e8635d) - sils - **(system/services/restic)** create /srv/snapshots if non-existent - (e5ff84a) - sils #### Build system - **(flake)** update - (3bb2573) - sils #### Features - **(flake)** add formatter - (1903592) - sils - - - ## v0.20.1 - 2024-01-17 #### Bug Fixes - **(sys/services/restic)** Set the system start time to 'daily' - (3581f97) - Soispha - **(sys/services/restic)** Include a db dump of PostgreSQL - (5abcac4) - Soispha - - - ## v0.20.0 - 2024-01-07 #### Bug Fixes - **(system/services)** import restic config - (3afee45) - sils #### Features - **(system)** add restic - (bba9591) - sils - **(system/secrets)** rename .tix files to .age - (e3a4cb6) - sils - - - ## v0.19.0 - 2024-01-06 #### Bug Fixes - **(system/impermanence)** Remove keycloak mod, as it does not exist - (2f46936) - Soispha - **(system/impermanence)** Add permissions - (560a0fa) - sils - **(system/impermanence)** Add etebase-server - (b43cef9) - sils - **(system/services/etebase)** don't serve static files - (f50fc4d) - sils - **(system/services/etebase)** serve static_root - (98de5f3) - sils - **(system/services/etebase)** micellanous changes to make it work - (9e3cf0b) - sils - **(system/services/etebase)** Use the correct subdomains - (1493e3e) - Soispha - **(system/services/etebase)** Hard-code localhost ip - (c734641) - Soispha - **(system/services/etebase)** Add proxy parameters - (dd64ea8) - sils - **(system/services/etebase)** Proxy ipv4 - (073cfe1) - sils - **(system/services/etebase-server)** Use nginx - (9efa409) - sils - **(system/services/nginx/redirects)** Enable ssl for the domains - (366587a) - Soispha - **(system/services/nix)** add nixremote to trusted-users - (8dbdcec) - sils #### Build system - **(flake)** update - (eae5f0e) - sils #### Documentation - **(system/services/taskserver)** Add docs about expectations to runtime - (47cec55) - Soispha #### Features - **(flake)** update to nixos-23.11 - (d792a15) - sils - **(system/secrets)** Add etebase-server secret - (d86727f) - sils - **(system/services)** Add etebase-server - (e8ab3ba) - sils - **(system/services/fail2ban)** define config in daemonSettings - (0b8b7c6) - sils - **(system/services/mastodon)** define streamingProcesses - (1679c39) - sils - **(system/services/matrix)** use mautrix-whatsapp module provided by - (488968f) - sils - **(system/users)** remove obsolete ss-key for sils - (eb75593) - sils #### Miscellaneous Chores - **(merge)** branch 'redirect' - (702f222) - sils #### Refactoring - **(system/services/etebase)** explain outcommented static files - (0258170) - sils - **(system/services/etebase)** Use a reference to the port number - (859fa88) - Soispha - **(system/services/etebase)** Format - (3b508e2) - sils - - - ## v0.18.0 - 2023-11-18 #### Bug Fixes - **(system/services/taskserver)** Support both ipv4 and ipv6 - (5200f2e) - Soispha - **(system/services/taskserver)** Support both ipv4 and ipv6 - (6948186) - Soispha - **(system/users)** change ssh-keys for sils - (0b865b6) - sils - **(system/users)** add ssh-key for sils - (5e50f8d) - sils #### Build system - **(flake)** Update - (257befb) - Soispha #### Features - **(git-crypt)** add new key - (d74f1f6) - sils #### Miscellaneous Chores - **(merge)** Branch 'taskd' - (288ea14) - Soispha - - - ## v0.17.1 - 2023-11-07 #### Bug Fixes - **(system/services/taskserver/certs)** Move cert generation to script - (961729e) - Soispha - - - ## v0.17.0 - 2023-11-03 #### Bug Fixes - **(system/services/taskserver)** Disable debug - (d39bcde) - Soispha - **(system/services/taskserver)** Activate debug - (838b709) - Soispha - **(system/services/taskserver)** Use correct key name (`key.pem`) - (a5fb492) - Soispha - **(system/services/taskserver)** Switch to strings instead of paths - (fe9c31f) - Soispha - **(system/services/taskserver)** Store the self-signed ca key in agenix - (dd9bfc3) - Soispha - **(system/services/taskserver)** declare certs/keys in pki.manual - (c74c8d7) - sils - **(system/services/taskserver)** Hide organisations - (257f965) - Soispha #### Build system - **(flake)** Remove language servers from the devshell - (dc958d9) - Soispha - **(flake)** Update - (0627140) - Soispha #### Features - **(system/services/taskserver)** Add a way to connect users together - (c60edf8) - Soispha - **(system/services/taskserver)** Integrate Let's Encrypt certificates - (1dd6f8d) - Soispha - **(system/services/taskserver)** change ca to letsencrypt - (14b6ee0) - sils - - - ## v0.16.0 - 2023-10-14 #### Bug Fixes - **(system/services/redirects)** disable ssl - (d7190a4) - sils #### Features - **(system/services/redirects)** Build up the base to comply with the AGPL - (062df4d) - Soispha #### Refactoring - **(system/services/redirects)** Move under the nginx directory - (c77d2f4) - Soispha - - - ## v0.15.1 - 2023-10-14 #### Bug Fixes - **(system/services/mastodon)** Correctly avoid string casts - (925e993) - Soispha - **(system/services/miniflux)** Set correct subdomain, but leave alias - (0f48f5c) - Soispha #### Style - **(treewide)** Merge attrs together - (1fda274) - Soispha - - - ## v0.15.0 - 2023-10-13 #### Bug Fixes - **(system/services/mastodon)** remove unneccessary stringcasts - (cfdd2e3) - sils - **(system/services/mastodon)** change string to list of string - (478437b) - sils - **(system/services/mastodon)** add nginx to group 'mastodon' - (1ddfb65) - sils - **(system/services/mastodon)** allow registration only with vhack.eu/sils.li mail - (bd82494) - sils - **(system/services/mastodon)** separate domains for user handles and webinterface - (cb49aa5) - sils - **(system/services/mastodon)** correct age secret path - (b8f786b) - sils #### Build system - **(flake)** update - (d4fbb49) - sils #### Features - **(system/services)** actually import mastodon - (927fc16) - sils - **(treewide)** add mastodon - (631e9c0) - sils - - - ## v0.14.0 - 2023-10-11 #### Features - **(system/services/nix)** add wheel group to trusted-users - (52ae495) - sils - - - ## v0.13.0 - 2023-10-03 #### Bug Fixes - **(system/services/murmur)** Allow murmur's user to read certs - (c154fa3) - Soispha #### Features - **(system/services/murmur)** Initialize - (a3c3166) - Soispha #### Miscellaneous Chores - **(version)** v0.12.0 - (5b1220b) - Soispha - - - ## v0.12.0 - 2023-10-03 #### Bug Fixes - **(system/services/murmur)** Allow murmur's user to read certs - (c37bf3d) - Soispha #### Build system - **(flake)** update - (f3eeef8) - sils #### Features - **(system/services/murmur)** Init - (beb53b0) - Soispha - - - ## v0.11.0 - 2023-10-03 #### Bug Fixes - **(system/services/miniflux)** Reduce password length - (ca1e354) - Soispha - **(system/services/miniflux)** Correctly specify secret path - (b4944b1) - Soispha #### Features - **(system/services/miniflux)** Init - (932c45d) - Soispha - - - ## v0.10.0 - 2023-10-02 #### Bug Fixes - **(system/services/nginx)** Update hosts - (2aa1c16) - Soispha - **(system/services/taskserver)** Use strict certificate validation - (17f6a00) - Soispha - **(system/services/taskserver)** Specify domain to listen on - (18624e4) - Soispha #### Build system - **(flake)** Update - (327e8bf) - Soispha - **(flake)** update - (0a877a1) - sils - **(flake)** update - (ec43442) - sils - **(flake)** Update - (a4c1e69) - Soispha #### Features - **(system/services/taskserver)** Init - (cd75ff6) - Soispha - - - ## v0.9.0 - 2023-08-18 #### Bug Fixes - **(system)** Binary substitution for debugging - (9685791) - sils - **(system/secrets)** Tell (r)agenix new location of invidious hmac secret - (95b7f9d) - sils - **(system/secrets)** make invidious settings readable for invidious - (c31ce7f) - sils - **(system/secrets/invidious)** Change formatting of invidiousSettings - (38c2bb6) - sils - **(system/service/invidious)** Copy their script, to remove shell escape - (542bb5d) - Soispha - **(system/services/invidious)** Add interpreter to start script - (08eb773) - Soispha - **(system/services/invidious)** Force the new script option to be applied - (df87e1d) - Soispha - **(system/services/invidious)** Set correct access permissions on hmac - (c525e36) - Soispha - **(system/services/invidious)** Check tables on startup - (b39d800) - Soispha - **(system/services/invidious)** Quote attr names in json config - (b6d9d96) - Soispha - **(system/services/invidious)** Specifiy database host - (704232e) - sils - **(system/services/libreddit)** Don't open firewall - (f0a9852) - Soispha - **(system/services/libreddit)** Actually proxy services via nginx - (097d566) - Soispha #### Build system - **(flake)** Update - (46dfce2) - Soispha #### Features - **(system)** Add invidious - (3175754) - sils - **(system/services/libreddit)** Init - (7428d69) - Soispha #### Miscellaneous Chores - **(Changelog)** Delete branch specific changelogs - (112606a) - Soispha - **(Merge)** Branch 'invidious' - (e33c36f) - Soispha - **(version)** v0.9.0 - (74e2c16) - sils - **(version)** v0.8.0 - (03ce680) - Soispha - **(version)** v0.8.0 - (d9ac400) - Soispha #### Refactoring - **(system/secrets/invidious)** Remove unneeded files and improve names - (320cc25) - Soispha - **(system/secrets/secrets.nix)** Remove redundant secretlist - (e1f0250) - sils - - - ## v0.9.0 - 2023-08-13 #### Bug Fixes - **(system)** Binary substitution for debugging - (9685791) - sils - **(system/secrets)** Tell (r)agenix new location of invidious hmac secret - (95b7f9d) - sils - **(system/secrets)** make invidious settings readable for invidious - (c31ce7f) - sils - **(system/secrets/invidious)** Change formatting of invidiousSettings - (38c2bb6) - sils - **(system/service/invidious)** Copy their script, to remove shell escape - (542bb5d) - Soispha - **(system/services/invidious)** Add interpreter to start script - (08eb773) - Soispha - **(system/services/invidious)** Force the new script option to be applied - (df87e1d) - Soispha - **(system/services/invidious)** Set correct access permissions on hmac - (c525e36) - Soispha - **(system/services/invidious)** Check tables on startup - (b39d800) - Soispha - **(system/services/invidious)** Quote attr names in json config - (b6d9d96) - Soispha - **(system/services/invidious)** Specifiy database host - (704232e) - sils #### Features - **(system)** Add invidious - (3175754) - sils #### Miscellaneous Chores - **(Merge)** Branch 'invidious' - (e33c36f) - Soispha - **(version)** v0.8.0 - (03ce680) - Soispha - **(version)** v0.8.0 - (d9ac400) - Soispha #### Refactoring - **(system/secrets/invidious)** Remove unneeded files and improve names - (320cc25) - Soispha - **(system/secrets/secrets.nix)** Remove redundant secretlist - (e1f0250) - sils - - - ## v0.8.0 - 2023-08-11 #### Features - **(system/services/snapper)** Add - (1256cab) - Soispha - - - ## v0.7.0 - 2023-08-04 #### Bug Fixes - **(system/services/nix-sync)** Remove timeout on build - (dfb847a) - Soispha - **(system/services/nix-sync)** Rebase on pulls, to allow for force pushes - (8d9ef95) - Soispha - **(system/services/nix-sync)** Make the timer relative to the unit start - (18aa0c5) - Soispha - **(system/users)** declare nixremote as normal user - (e326476) - sils #### Build system - **(flake)** Update - (7e153ea) - Soispha #### Features - **(system/services/nginx/hosts)** Add another domain - (81bf112) - Soispha - **(system/users)** Add nixremote - (6e2578e) - sils - - - ## v0.6.0 - 2023-07-28 #### Bug Fixes - **(treewide)** Use correct function argument specification - (8350b2e) - Soispha #### Features - **(system/services/mail/users)** Add mailusers - (a3eed53) - Soispha #### Refactoring - **(system/services/nginx)** Reduce encrypted stuff to a minimum - (2b766df) - Soispha - - - ## v0.5.1 - 2023-07-28 #### Bug Fixes - **(system/services/mail)** Update mail users - (fe5da03) - sils - - - ## v0.5.0 - 2023-07-27 #### Bug Fixes - **(system/impermanence)** Keycloak was actually postgresql - (595ab5c) - Soispha - **(system/mail)** Add User - (8423cea) - sils - **(system/services/matrix/bridges/m-wa)** Use own database - (911c3a1) - Soispha - **(system/services/matrix/bridges/m-wa)** Correct postgresql uri - (30c0434) - Soispha #### Features - **(system/services/matrix/bridges)** Add mautrix-whatsapp bridge - (7fe499e) - Soispha - - - ## v0.4.1 - 2023-07-25 #### Bug Fixes - **(system/services/mail)** Add new user - (e03e490) - sils #### Build system - **(flake)** Update - (8f86be4) - sils - - - ## v0.4.0 - 2023-07-22 #### Bug Fixes - **(system/services/matrix)** Change registration_shared_secret_path to - (14b09a3) - sils - **(system/services/matrix)** Add registration_shared_secret to register - (2b9502d) - sils - **(system/services/matrix)** Move persisting files ctrl to impermanence - (3982b3d) - Soispha - **(system/services/matrix)** Fix extra " =" in locations path - (091af41) - Soispha #### Build system - **(flake)** Update - (673a2ec) - Soispha #### Features - **(.editorconfig)** Add the configuration for all files - (96aea47) - Soispha - **(system)** Add matrix-synapse - (b59b25f) - sils - **(system/secrets)** Add matrix-synapse_registration_shared_secret - (3cf90fc) - sils - **(system/services)** Add matrix synapse - (50d5091) - sils #### Miscellaneous Chores - **(system/secrets)** Rekey to support new public key - (8c8ead4) - Soispha - **(system/secrets)** Add sils' public key - (e65c5ff) - sils #### Style - **(treewide)** Format after removing vim lines - (20a566f) - Soispha - - - ## v0.3.0 - 2023-07-10 #### Bug Fixes - **(host/server1)** Use working path to disk - (26b6c91) - Soispha - **(system/disks)** Change partitioning scheme to support gpt/bios boot - (40458f4) - Soispha - **(system/impermanence/m/mail)** Add rspamd dir - (a0d04e5) - Soispha - **(system/impermanence/m/users)** Make /home readable - (8c1dd93) - Soispha - **(system/secrets)** Update after redeploy - (778f8ad) - Soispha - **(system/secrets)** Ensure that ssh host key is available in stage 2 - (5bb8cb3) - Soispha - **(system/services/keycloak)** Use agenix to store passwd - (265eb9d) - Soispha - **(system/services/nix-sync)** Nix build needs access to /proc/stat - (123a8d9) - Soispha - **(treewide)** Move all persistent dirs to impermanence to set permissions - (7815ef2) - Soispha #### Documentation - **(notes)** Add section about redeployment - (3ea6a58) - Soispha #### Features - **(flake)** Add agenix module - (78b566e) - Soispha - **(system/disks)** Add disko - (d176a33) - Soispha #### Miscellaneous Chores - **(.gitattributes)** Remove removed acme path - (81cf12b) - Soispha #### Refactoring - **(system/impermanence)** Move to own directory - (2a6b022) - Soispha - - - ## v0.2.0 - 2023-07-07 #### Bug Fixes - **(system)** Import everything - (a1758ed) - Soispha - **(system)** Import everything - (07f1e4a) - Soispha - **(system/fs-layout)** Remove persistent dir as it's now in /srv - (ce36bb2) - Soispha - **(system/fs_layout/impermanence)** Make sshd dir 755 - (4fdf20b) - Soispha - **(system/services)** Move acmeWebRoot back to /var/lib/acme - (532412a) - Soispha - **(system/services)** Inherit acmeRoot manually - (80e5776) - Soispha - **(system/services/acme)** Leave certs generation to nixos - (1f6ff65) - Soispha - **(system/services/git-sync)** Use correct systemd options - (77e512a) - Soispha - **(system/services/git-sync)** Switch to str to avoid impurity - (a8ffaea) - Soispha - **(system/services/git-sync)** Purge assertion, as we're always on linux - (74a735b) - Soispha - **(system/services/mail)** Tell git-crypt new users.nix location - (cdea671) - sils - **(system/services/nginx)** Set the correct acme webRoot - (252d983) - Soispha - **(system/services/nginx)** Create nix-sync cache through impermanence - (869d74c) - Soispha - **(system/services/nginx)** Remove slash from acme webroot - (bec5cf4) - Soispha - **(system/services/nginx)** Actually enable git-sync - (374c499) - Soispha - **(system/services/nginx/hosts)** Inherit acmeRoot setting - (990cb3c) - Soispha - **(system/services/nix-sync)** Guard deletion of `repo.path` - (16da0f2) - Soispha - **(system/services/nix-sync)** Pull before rebuilding - (3df8d67) - Soispha - **(system/services/nix-sync)** Generate the needed repo paths - (5bed7c8) - Soispha - **(system/services/nix-sync)** Rebuild website on gc - (393f0e6) - Soispha - **(system/services/nix-sync)** Really remove last reference to git-sync - (0b36dbd) - Soispha - **(system/services/nix-sync)** Small typos in ExecStart - (0ac9885) - Soispha - **(system/services/nix-sync)** Use cache directory - (6e18fa4) - Soispha - **(system/services/nix-sync)** Use correct git urls - (9f9a140) - Soispha - **(system/services/nix-sync)** Generate root independent of path - (a505c18) - Soispha - **(system/services/nix-sync)** Add the cachePath rw - (dd84945) - Soispha - **(system/services/nix-sync)** Add '/etc/nginx/websites' to kept dirs - (6a5b874) - Soispha - **(system/services/nix-sync)** Remove slash from cachePath - (33398b1) - Soispha - **(system/services/nix-sync)** Add some required paths to unit - (e6b778b) - Soispha - **(system/services/nix-sync)** Generate user and group if set to default - (39abbf7) - Soispha - **(system/services/nix-sync)** Rename units to nix-sync- - (844ff55) - Soispha - **(system/services/nix-sync)** Use correct shell escape for paths - (3c42c6b) - Soispha - **(system/services/nix-sync)** Use correct writeScript function - (4ef4b09) - Soispha - **(system/services/nix-sync)** Fully rename to nix-sync - (c35eeac) - Soispha - **(system/services/openssh)** Set correct permissions on ssh dir - (f3f8e43) - Soispha - **(system/services/openssh)** Rename to 'openssh' as the 'd' is a typo - (99d4b3b) - Soispha #### Build system - **(cog)** Remove 'prod' from whitelist as it's deprecated - (661a2d4) - Soispha - **(flake)** Update - (2f10834) - Soispha #### Documentation - **(system/services/nix-sync)** Change last remnant from git-sync - (1fe7e31) - Soispha #### Features - **(system/file_system_layout)** Add impermanence - (1c4672d) - Soispha - **(system/services/nix-sync)** Split unit into a timer and unit - (42d44c6) - Soispha - **(system/services/nix-sync)** Remodel git-sync to make it useful - (3f2fedf) - Soispha #### Miscellaneous Chores - **(.gitattributes)** Remove removed acme path - (99ae5c9) - Soispha #### Refactoring - **(system/impermanence)** Move to own directory - (2c6c07e) - Soispha - **(system/services/mail)** Move mail to services as it's one - (32ab086) - Soispha - **(system/services/nginx)** Adapt to new nix-sync module - (9b88691) - Soispha - **(system/services/nix-sync)** Consolidate into repoCachePath - (1c93755) - Soispha #### Style - **(system/fs_layouts)** Merge attrsets - (d0a8582) - Soispha - **(system/services/nginx)** Use nested attr set for acme options - (9fc5517) - Soispha - - - ## v0.1.0 - 2023-06-19 #### Bug Fixes - **(acme)** Store certs permanently. - (ab3c9aa) - sils - **(hosts/server1)** Rename boot.cleanTmpDir to boot.tmp.cleanOnBoot - (1412408) - sils - **(hosts/server1/networking)** Correct ipv6 - (9243e3d) - ene - **(hosts/server1/networking)** Fix Gateways - (7937ec7) - ene - **(hosts/server1/networking)** Remove ipv6 route - (8711fb2) - ene - **(services)** Remove Minecraft - (58e24a9) - ene - **(system/hardware)** Use actually needed modules and UUID - (7881651) - ene - **(system/mail)** give certificateScheme string as value - (1ed867d) - sils - **(system/mail)** Allow opening ports in the firewall - (cb92ffc) - ene - **(system/mail)** Change placeholder - (ecb274b) - ene - **(system/mail)** Only accept connections on safe ports - (083a7cb) - ene - **(system/mail)** Declare the password directly - (414ad16) - ene - **(system/mail)** Make extraVirtualAliases fairer - (6ba9c14) - ene - **(system/mail)** Disable protocols with STARTTLS - (f77f884) - ene - **(system/packages)** Explicitly enable zsh to make Nix Vars available - (9f86401) - sils - **(system/services)** Allow minecraft-server, which is sadly unfree - (c543776) - sils - **(system/services)** Ignore unnecessary inputs - (84310c9) - sils - **(system/services/acme)** Add multiple domains - (b21b38c) - Soispha - **(system/services/fail2ban)** Make db persistent - (1fc72de) - ene - **(system/services/keycloak)** Correct path to passwordfile - (85c28d5) - sils - **(system/services/keycloak)** Change value of 'passwordFile' to path - (816e85b) - sils - **(system/services/minecraft)** Reduce simulation-distance - (d2a7b0b) - sils - **(system/services/minecraft)** Finetuning - (e002d4e) - sils - **(system/services/minecraft)** Remove to make compile - (055f4e0) - ene - **(system/services/nginx)** Switch to git-sync - (d4b710d) - Soispha - **(system/services/nginx)** Correct path to index.html - (541a891) - sils - **(system/services/opensshd)** Rename passwordAuthentication to - (973a461) - sils - **(system/services/rust-motd)** Quote ssl-cert names - (f21504a) - ene - **(system/services/rust-motd)** Add fail2ban binary - (64a554d) - ene - **(system/users)** Remove unneeded root ssh login keys - (dc4334d) - ene - **(update)** Remove - (02957ce) - Soispha - Try to fix ipv6 - (c7507b1) - sils - Add imap and smtp subdomains to cert - (db52be2) - sils - correct host name and convenience changes - (cb69f4a) - ene - Made the Minecraft config compile - (e55ac14) - ene - Resolve merge conflicts - (cf63e41) - ene - revert changes in configuration.nix - (5a137ce) - sils - Changed setting names - (977f8c1) - ene - changed to TOML config - (6ab5e73) - ene - typo in programs field - (a116678) - ene - Import pkgs - (f5ab486) - sils - Import pkgs - (2238e70) - sils - Import Minecraft Configuration - (69c6e30) - sils #### Build system - **(cog)** Add - (556adb7) - sils - **(flake)** Update - (6c1700e) - Soispha - **(flake)** Update - (84fcf9e) - sils - **(flake)** Update - (62f1fef) - Soispha - **(flake)** Enable direnv integration - (c5755e3) - Soispha - **(git-crypt)** Add collaborator - (0b75981) - sils - **(git-crypt)** Add - (eeb9d28) - Soispha - Add update script - (58e3d0b) - Soispha #### Documentation - **(License)** Add - (98d8394) - Soispha - **(contributing)** Add - (39abe7c) - Soispha #### Features - **(system/file_system_layout)** Add bindmount for postgresql - (7348002) - sils - **(system/mail)** Add other users, so the admin thing works - (f2ab842) - ene - **(system/mail)** Use '/' to separate mailboxes - (a24dc7d) - ene - **(system/matrix/conduit)** Add matrix-conduit - (fbba7df) - Soispha - **(system/packages)** Add git-crypt to standard packages to minimize - (2564aed) - sils - **(system/services)** Add minecraft server - (08c7fa6) - sils - **(system/services)** Enable keycloak - (4254157) - sils - **(system/services/fail2ban)** Add dovecot jail - (dce980d) - ene - **(system/services/fail2ban)** Add fail2ban - (8d8ad7a) - ene - **(system/services/git-sync)** Add - (357f78e) - Soispha - **(system/services/keycloak)** Add keycloak - (97baac0) - sils - **(system/services/nginx)** Change to declarative websites - (a67e54e) - Soispha - **(system/services/rust-motd)** Info about filesystems - (f84a9f6) - ene - **(system/services/rust-motd)** Show status of ssl-certs - (4758e58) - ene - **(update)** Use update flake - (77dfff2) - Soispha - Added admin@vhack.eu mail - (9296259) - sils - Add mailserver - (820efec) - sils - Add Website - (7b16ff9) - sils - Use default.nix - (1b73e04) - ene - Imported the headless profile - (ec7f43a) - ene - Track last login in motd - (6e0f58c) - ene - Save passwords in hashed form directly - (19f0808) - ene - User configuration, with secure passwords - (211ab56) - ene - Added a nice motd through rust-motd - (b5b56d4) - ene - Added /boot as persistent subvolume - (128e406) - ene - Switch to inpersistent temproot. - (b32d3da) - sils - Separate nix from root - (4f0c0ee) - sils - Switch root into subvolume - (30e47b3) - sils - Added support for btrfs - (a96d535) - ene - Some security for ssh - (78aae0b) - ene #### Miscellaneous Chores - **(flake)** Update - (09cea3e) - Soispha - **(flake)** Update - (a6968f5) - Soispha - **(flake)** Update - (9d54dad) - Soispha - **(flake)** Update and add follows for inputs - (1c9c108) - Soispha - **(flake)** Update - (8ed3979) - sils - **(flake)** Update - (1cacce0) - ene #### Refactoring - **(services)** Remove dead code - (127488e) - Soispha - **(system/hardware)** Move hardware to host - (0b55d02) - ene - **(system/mail)** Hide user emails - (bb4af29) - Soispha - Use better file layout - (5a0cb28) - ene #### Revert - Remove Conduit - (9465eb6) - sils #### Style - **(system)** Format - (f7110fd) - Soispha - **(system/mail)** Reorder options - (d6fbe64) - ene - - - Changelog generated by [cocogitto](https://github.com/cocogitto/cocogitto).