aboutsummaryrefslogtreecommitdiffstats
path: root/modules (unfollow)
Commit message (Collapse)Author
2025-01-25fix(modules/etebase): migrate to new vhack.persist optionSilas Schöffel
2025-01-25fix(module/peertube): update emailhostSilas Schöffel
2025-01-25fix(modules/mastodon): update emailhostSilas Schöffel
2025-01-25feat(modules/mail): init on server2Silas Schöffel
2025-01-21feat(modules/backup): initSilas Schöffel
2025-01-21fix(modules/peertube): correct email setupSilas Schöffel
2025-01-21feat(modules/matrix): init on server3Silas Schöffel
2025-01-21feat(modules/mastodon): init on server3Silas Schöffel
2025-01-21fix(peertube): migrate to server3Silas Schöffel
2025-01-20feat(modules/murmur): initSilas Schöffel
2025-01-20feat(modules/nixconfig): initSilas Schöffel
2025-01-20feat(modules/invidious-router): initSilas Schöffel
2025-01-20feat(modules/gallery): initSilas Schöffel
2025-01-20feat(miniflux): init module, host on server2Silas Schöffel
2025-01-20feat(treewide): rekey secrets to allow multiple host setupSilas Schöffel
2024-12-28fix(modules/back): add root_url to back configBenedikt Peetz
Co-authored-by: Silas Schöffel <sils@sils.li>
2024-12-26fix(modules/back): Update to the new config file inputBenedikt Peetz
2024-12-25fix(modules/back): Remove the `gitPath` from the service nameBenedikt Peetz
With it, the service names become nearly illegible.
2024-12-25feat(modules/nginx): Modularise the redirects and migrate them to server2Benedikt Peetz
The redirects always have an implicit dependency on the DNS config of the running host. As such, simply stating them for all host is never a possibility and setting them per host the only viable option.
2024-12-25fix(modules/nix-sync/internal): Fix syntax errors in shell-scriptBenedikt Peetz
2024-12-25fix(modules/dhcpcd): Also set uid/gid for the `dhcpcd` userBenedikt Peetz
Otherwise, this user's/group's owned files/directories could change when a new user is added or removed, as we do not persist `/var/lib/nixos`.
2024-12-25fix(treewide): Add constant uids and gids to each user and groupBenedikt Peetz
This allows us to avoid persisting `/var/lib/nixos`.
2024-12-25refactor(system/services/fail2ban): Migrate to `by-name`Benedikt Peetz
Additionally, I've changed to owner of the `/var/lib/fail2ban` directory to `root:root` as the main `fail2ban` service also runs under `root` and a `fail2ban` user is never created.
2024-12-25refactor(system/services/rust-motd): Migrate to `by-name`Benedikt Peetz
2024-12-25fix(modules/impermanence): Don't always persist `/var/log` and `/var/lib/nixos`Benedikt Peetz
Persisting them, without marking the `/srv` containing fs as `neededForBoot` will result in a kernel panic in the init (because `impermanence` tries to mount these directories and fails as `/srv` is still missing.) Thus, each host, that sets `/srv` to `neededForBoot` should add these directories to `vhack.persist.directories`.
2024-12-25refactor(system/users): Migrate to `by-name`Benedikt Peetz
2024-12-25fix(modules/git-server): Use `vhack.persist` for data-directoriesBenedikt Peetz
This avoids having to create them manually on the server and is, overall just generally a better way to solve this problem.
2024-12-25fix(modules/back): Use correct source-code environment variableBenedikt Peetz
2024-12-24refactor(modules/impermanence): Migrate to by-name while distributing modsBenedikt Peetz
2024-12-24fix(modules/back): Set now needed source code URL environment variableBenedikt Peetz
2024-12-24feat(modules/back): InitBenedikt Peetz
2024-12-24fix(modules/nix-sync/internal): Use correct command grouping syntaxBenedikt Peetz
Commands in parentheses (i.e., `()`) are _subshells_ and `exit`ting from these will not result in an `exit` of the actually _shell_. Thus, we use want simple command grouping and use the correct syntax for that.
2024-12-24fix(modules/disko): Actually honor `cfg.enable`Benedikt Peetz
2024-12-23style(treewide): FormatBenedikt Peetz
2024-12-21fix(modules/disko): Remove deprecated legacy type and migrate to `by-name`Benedikt Peetz
2024-12-20fix(modules/redlib): Change subdomain to `redlib`Benedikt Peetz
The old `libreddit` subdomain still has redirection to avoid this being a breaking change. But keeping the old subdomain is rather weird considering their new name.
2024-12-20refactor(system/services/libreddit): Migrate to `by-name`Benedikt Peetz
This also includes a rename into `redlib` because of upstream changes.
2024-12-20refactor({modules,test}): Migrate to a `by-name` structureBenedikt Peetz
2024-12-19fix(treewide): Update to nixos release 24.11Benedikt Peetz
2024-09-06fix(git-server/cgit): Don't run `cgit` as `root` use `git` insteadBenedikt Peetz
This option was newly added, as previously only on `fcgiwrap` instance was run as root. We probably have not been affected by this, as our `fcgiwrap` instance was already running as `git:nginx`. Usage of the new options seems better either way, as they provide a finer grained control over the user _each_ `fcgiwrap`ped service is running at. The security advisory: https://discourse.nixos.org/t/51419
2024-08-14docs(nixos/git-server): Improve the comment on the possible git config keysBenedikt Peetz
2024-08-14fix(nixos/git-server): Use the correct number in the `section-from-path` settingBenedikt Peetz
Take for example a repository name like: `some/organisation/project_a/team_c/repo_b`. Setting the setting to `-1` means that cgit traverses the path from left to right, until it has found 1 element (and `section-from-path` (or n for short)is 0, because n is incremented after each iteration). E.g. : ~ [n=-1] starting point: `some/organisation/project_a/team_c/repo_b` ~ [n=0] after the first iteration: `some/organisation/project_a/team_c/repo_b` Now `some/organisation/project_a/team_c` becomes the section, whilst `repo_b` becomes the repo name.
2024-08-13fix(nixos/git-server): Correctly specify the section from path lengthBenedikt Peetz
Cgit effectively splits the repo path on '/' and then takes `section-from-path` segments, which form the section. A negative value here results in cgit traversing the path from left to right instead of right to left. Beware that cgit only sets the section, if the path contains `section-from-path` or more slashes in it (thus rendering this setting defunct with the previous value of 1000). There seems to be no way to tell cgit to always use all components up-to the second to last for the section name, thus requiring all projects that need a longer than 1 section length to set the `cgit.section` git config variable via gitolite.
2024-08-13fix(nixos/git-server): Correctly enable the git config feature of gitoliteBenedikt Peetz
The previously set variable is only used in the gitolite.conf file for the `config` specifications on each repo. We can't use that because we use "wild-repos". Thus we need to add the `user-configs` option to each repo, allow users to change the git settings specified there with a simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`.
2024-08-13fix(nixos/git-server): Use correct regex syntax in allowed git config valuesBenedikt Peetz
2024-08-13fix(nixos/git-server): Correctly specify cgit's css pathBenedikt Peetz
2024-08-13feat(nixos/git-server): Add nice gitolite featuresBenedikt Peetz
2024-08-13fix(nixos/git-server): Tell gitolite to allow changing some `git` settingsBenedikt Peetz
2024-08-13feat(nixos/git-server): Add further cgit settingsBenedikt Peetz
A lot of the added settings here have been tested. They will get get tests to ensure they stay working, in later commits.
2024-08-02refactor(nixos/openssh): Migrate from `system/services`Benedikt Peetz
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-02 12:56:14 +0000