Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix(modules/impermanence): Don't always persist `/var/log` and `/var/lib/nixos` | Benedikt Peetz | 2024-12-25 |
| | | | | | | | | | | Persisting them, without marking the `/srv` containing fs as `neededForBoot` will result in a kernel panic in the init (because `impermanence` tries to mount these directories and fails as `/srv` is still missing.) Thus, each host, that sets `/srv` to `neededForBoot` should add these directories to `vhack.persist.directories`. | ||
* | fix(system): Remove out-dated imports | Benedikt Peetz | 2024-12-25 |
| | | | | Both of these modules have been moved to `by-name` | ||
* | refactor(system/users): Migrate to `by-name` | Benedikt Peetz | 2024-12-25 |
| | |||
* | fix(modules/git-server): Use `vhack.persist` for data-directories | Benedikt Peetz | 2024-12-25 |
| | | | | | This avoids having to create them manually on the server and is, overall just generally a better way to solve this problem. | ||
* | fix(modules/back): Use correct source-code environment variable | Benedikt Peetz | 2024-12-25 |
| | |||
* | build(scripts/deploy): Init | Benedikt Peetz | 2024-12-25 |
| | | | | | This documents the commands used for the first deployment (i.e., with a full, disko-driven, disk formatting step). | ||
* | build(scripts/mk_network_config): Init | Benedikt Peetz | 2024-12-25 |
| | | | | | | | This has been taken directly from `nixos-infect` (which rather under-maintained, sadly). Currently, it is extremely useful to generate the `networking.nix` config for new hosts. | ||
* | refactor(modules/impermanence): Migrate to by-name while distributing mods | Benedikt Peetz | 2024-12-24 |
| | |||
* | fix(modules/back): Set now needed source code URL environment variable | Benedikt Peetz | 2024-12-24 |
| | |||
* | docs(pkgs/back): Document useful environment variables | Benedikt Peetz | 2024-12-24 |
| | |||
* | feat(pkgs/back): Add a link to the source code | Benedikt Peetz | 2024-12-24 |
| | | | | | This is required by the AGPL license and should probably also be done, because we do not have a reason to hide or obfuscate the code. | ||
* | feat(hosts/server1): Configure back for the `nixos-server` repo | Benedikt Peetz | 2024-12-24 |
| | |||
* | feat(tests/back): Init | Benedikt Peetz | 2024-12-24 |
| | |||
* | feat(modules/back): Init | Benedikt Peetz | 2024-12-24 |
| | |||
* | build(scripts/test_interactive): Fix typo in variable name | Benedikt Peetz | 2024-12-24 |
| | |||
* | fix(modules/nix-sync/internal): Use correct command grouping syntax | Benedikt Peetz | 2024-12-24 |
| | | | | | | Commands in parentheses (i.e., `()`) are _subshells_ and `exit`ting from these will not result in an `exit` of the actually _shell_. Thus, we use want simple command grouping and use the correct syntax for that. | ||
* | build(pkgs/back): Apply source filtering | Benedikt Peetz | 2024-12-24 |
| | | | | | This avoids useless rebuilds, just because files like the `README.md` changed. | ||
* | docs(pkgs/back): Add note about needed write access | Benedikt Peetz | 2024-12-24 |
| | |||
* | fix(pkgs/back): Set `meta.mainProgram` | Benedikt Peetz | 2024-12-24 |
| | |||
* | fix(modules/disko): Actually honor `cfg.enable` | Benedikt Peetz | 2024-12-24 |
| | |||
* | test(scripts/lint_missing_tests.sh): Remove | Benedikt Peetz | 2024-12-23 |
| | | | | | This functionality is now available via the `coImport` feature in the `mkByName` `nixLib` function. | ||
* | style(treewide): Format | Benedikt Peetz | 2024-12-23 |
| | |||
* | build(flake): Use treefmt as nix formatter | Benedikt Peetz | 2024-12-23 |
| | | | | | This allows us to also keep markdown and other documents, that aren't nix, formatted. | ||
* | feat(pkgs): Hook up to the flake and add needed infrastructure | Benedikt Peetz | 2024-12-23 |
| | |||
* | feat(pkgs/back): Init | Benedikt Peetz | 2024-12-23 |
| | | | | | Other options, for example `git-bug webui --read-only` is just to bugged to be useful. | ||
* | fix(modules/disko): Remove deprecated legacy type and migrate to `by-name` | Benedikt Peetz | 2024-12-21 |
| | |||
* | fix(system/services/mastodon): Update char patch to v4.3 | Benedikt Peetz | 2024-12-21 |
| | |||
* | fix(modules/redlib): Change subdomain to `redlib` | Benedikt Peetz | 2024-12-20 |
| | | | | | | The old `libreddit` subdomain still has redirection to avoid this being a breaking change. But keeping the old subdomain is rather weird considering their new name. | ||
* | refactor(system/services/libreddit): Migrate to `by-name` | Benedikt Peetz | 2024-12-20 |
| | | | | This also includes a rename into `redlib` because of upstream changes. | ||
* | refactor({modules,test}): Migrate to a `by-name` structure | Benedikt Peetz | 2024-12-20 |
| | |||
* | fix(treewide): Update to nixos release 24.11 | Benedikt Peetz | 2024-12-19 |
| | |||
* | build(system/services/taskserver/certs/generate): Convert to `nix-shell` | Benedikt Peetz | 2024-12-19 |
| | | | | Lix does not support the newer `nix shell` shebang. | ||
* | fix(system/services/invidious-router): remove_no_ratio = false | Silas Schöffel | 2024-12-06 |
| | |||
* | fix(system/services/libreddit): Use unstable `redlib` version | Benedikt Peetz | 2024-11-16 |
| | | | | | The current stable version has a bug with regard to parsing the current reddit json responses. | ||
* | build(flake.lock): Update | Benedikt Peetz | 2024-11-16 |
| | |||
* | docs(system/services/matrix): Fix typos in comment | Benedikt Peetz | 2024-11-03 |
| | |||
* | build(flake): Update | Benedikt Peetz | 2024-11-03 |
| | |||
* | feat(taskserver/certs/ca.certs.pem): Regenerate certificate | Benedikt Peetz | 2024-10-05 |
| | |||
* | refactor(taskserver/certs): Format scripts and allow selecting which certs ↵ | Benedikt Peetz | 2024-10-05 |
| | | | | to generate | ||
* | chore(taskserver/certs/ca.key.pem.gpg): reencrypt with new keys as recipients | Silas Schöffel | 2024-10-05 |
| | |||
* | fix(system/services/invidious-router): Use the unstable pkg | Benedikt Peetz | 2024-10-04 |
| | | | | | This has been updated to provide a means to send the user to YouTube, if no invidious instances are available. | ||
* | build(flake): Update | Benedikt Peetz | 2024-10-04 |
| | |||
* | build(flake): Update | Benedikt Peetz | 2024-09-21 |
| | |||
* | fix(system/services/invidious-router): Set health check path to a video URL | Benedikt Peetz | 2024-09-18 |
| | | | | | The main page does sometimes load, but videos are still not playable. This new path really checks, whether the instance works. | ||
* | fix(system/impermanence): Persist `/var/lib/nixos` | Benedikt Peetz | 2024-09-06 |
| | | | | | | | | | Otherwise, the mapping of uid/gid to user name or group name could change between reboots, which would result in magically change permissions. We were already affected by this at some point, so just remove the possibility of it happening again. | ||
* | fix(git-server/cgit): Don't run `cgit` as `root` use `git` instead | Benedikt Peetz | 2024-09-06 |
| | | | | | | | | | | | | This option was newly added, as previously only on `fcgiwrap` instance was run as root. We probably have not been affected by this, as our `fcgiwrap` instance was already running as `git:nginx`. Usage of the new options seems better either way, as they provide a finer grained control over the user _each_ `fcgiwrap`ped service is running at. The security advisory: https://discourse.nixos.org/t/51419 | ||
* | fix(services/matrix/mautrix-whatsapp): Disable to remove libolm | Benedikt Peetz | 2024-09-06 |
| | | | | | Libolm is marked as insecure and must thus be removed from the system closure. | ||
* | build(flake): Update inputs | Benedikt Peetz | 2024-09-06 |
| | |||
* | fix(system/services/invidious-router): Stop filtering regions | Silas Schöffel | 2024-08-19 |
| | | | | | | Filtering regions limits our possible instance selection without actually providing great value. Let's stop discriminating based on server location. | ||
* | feat(system/services/mastodon): Apply patch to increase the message length | Benedikt Peetz | 2024-08-16 |
| |