Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix(modules/back): add root_url to back config | Benedikt Peetz | 12 days |
| | | | | Co-authored-by: Silas Schöffel <sils@sils.li> | ||
* | fix(modules/back): Update to the new config file input | Benedikt Peetz | 13 days |
| | |||
* | fix(modules/back): Remove the `gitPath` from the service name | Benedikt Peetz | 2024-12-25 |
| | | | | With it, the service names become nearly illegible. | ||
* | feat(modules/nginx): Modularise the redirects and migrate them to server2 | Benedikt Peetz | 2024-12-25 |
| | | | | | | The redirects always have an implicit dependency on the DNS config of the running host. As such, simply stating them for all host is never a possibility and setting them per host the only viable option. | ||
* | fix(modules/nix-sync/internal): Fix syntax errors in shell-script | Benedikt Peetz | 2024-12-25 |
| | |||
* | fix(modules/dhcpcd): Also set uid/gid for the `dhcpcd` user | Benedikt Peetz | 2024-12-25 |
| | | | | | Otherwise, this user's/group's owned files/directories could change when a new user is added or removed, as we do not persist `/var/lib/nixos`. | ||
* | fix(treewide): Add constant uids and gids to each user and group | Benedikt Peetz | 2024-12-25 |
| | | | | This allows us to avoid persisting `/var/lib/nixos`. | ||
* | refactor(system/services/fail2ban): Migrate to `by-name` | Benedikt Peetz | 2024-12-25 |
| | | | | | | Additionally, I've changed to owner of the `/var/lib/fail2ban` directory to `root:root` as the main `fail2ban` service also runs under `root` and a `fail2ban` user is never created. | ||
* | refactor(system/services/rust-motd): Migrate to `by-name` | Benedikt Peetz | 2024-12-25 |
| | |||
* | fix(modules/impermanence): Don't always persist `/var/log` and `/var/lib/nixos` | Benedikt Peetz | 2024-12-25 |
| | | | | | | | | | | Persisting them, without marking the `/srv` containing fs as `neededForBoot` will result in a kernel panic in the init (because `impermanence` tries to mount these directories and fails as `/srv` is still missing.) Thus, each host, that sets `/srv` to `neededForBoot` should add these directories to `vhack.persist.directories`. | ||
* | refactor(system/users): Migrate to `by-name` | Benedikt Peetz | 2024-12-25 |
| | |||
* | fix(modules/git-server): Use `vhack.persist` for data-directories | Benedikt Peetz | 2024-12-25 |
| | | | | | This avoids having to create them manually on the server and is, overall just generally a better way to solve this problem. | ||
* | fix(modules/back): Use correct source-code environment variable | Benedikt Peetz | 2024-12-25 |
| | |||
* | refactor(modules/impermanence): Migrate to by-name while distributing mods | Benedikt Peetz | 2024-12-24 |
| | |||
* | fix(modules/back): Set now needed source code URL environment variable | Benedikt Peetz | 2024-12-24 |
| | |||
* | feat(modules/back): Init | Benedikt Peetz | 2024-12-24 |
| | |||
* | fix(modules/nix-sync/internal): Use correct command grouping syntax | Benedikt Peetz | 2024-12-24 |
| | | | | | | Commands in parentheses (i.e., `()`) are _subshells_ and `exit`ting from these will not result in an `exit` of the actually _shell_. Thus, we use want simple command grouping and use the correct syntax for that. | ||
* | fix(modules/disko): Actually honor `cfg.enable` | Benedikt Peetz | 2024-12-24 |
| | |||
* | style(treewide): Format | Benedikt Peetz | 2024-12-23 |
| | |||
* | fix(modules/disko): Remove deprecated legacy type and migrate to `by-name` | Benedikt Peetz | 2024-12-21 |
| | |||
* | fix(modules/redlib): Change subdomain to `redlib` | Benedikt Peetz | 2024-12-20 |
| | | | | | | The old `libreddit` subdomain still has redirection to avoid this being a breaking change. But keeping the old subdomain is rather weird considering their new name. | ||
* | refactor(system/services/libreddit): Migrate to `by-name` | Benedikt Peetz | 2024-12-20 |
| | | | | This also includes a rename into `redlib` because of upstream changes. | ||
* | refactor({modules,test}): Migrate to a `by-name` structure | Benedikt Peetz | 2024-12-20 |
| | |||
* | fix(treewide): Update to nixos release 24.11 | Benedikt Peetz | 2024-12-19 |
| | |||
* | fix(git-server/cgit): Don't run `cgit` as `root` use `git` instead | Benedikt Peetz | 2024-09-06 |
| | | | | | | | | | | | | This option was newly added, as previously only on `fcgiwrap` instance was run as root. We probably have not been affected by this, as our `fcgiwrap` instance was already running as `git:nginx`. Usage of the new options seems better either way, as they provide a finer grained control over the user _each_ `fcgiwrap`ped service is running at. The security advisory: https://discourse.nixos.org/t/51419 | ||
* | docs(nixos/git-server): Improve the comment on the possible git config keys | Benedikt Peetz | 2024-08-14 |
| | |||
* | fix(nixos/git-server): Use the correct number in the `section-from-path` setting | Benedikt Peetz | 2024-08-14 |
| | | | | | | | | | | | | | | Take for example a repository name like: `some/organisation/project_a/team_c/repo_b`. Setting the setting to `-1` means that cgit traverses the path from left to right, until it has found 1 element (and `section-from-path` (or n for short)is 0, because n is incremented after each iteration). E.g. : ~ [n=-1] starting point: `some/organisation/project_a/team_c/repo_b` ~ [n=0] after the first iteration: `some/organisation/project_a/team_c/repo_b` Now `some/organisation/project_a/team_c` becomes the section, whilst `repo_b` becomes the repo name. | ||
* | fix(nixos/git-server): Correctly specify the section from path length | Benedikt Peetz | 2024-08-13 |
| | | | | | | | | | | | | | | Cgit effectively splits the repo path on '/' and then takes `section-from-path` segments, which form the section. A negative value here results in cgit traversing the path from left to right instead of right to left. Beware that cgit only sets the section, if the path contains `section-from-path` or more slashes in it (thus rendering this setting defunct with the previous value of 1000). There seems to be no way to tell cgit to always use all components up-to the second to last for the section name, thus requiring all projects that need a longer than 1 section length to set the `cgit.section` git config variable via gitolite. | ||
* | fix(nixos/git-server): Correctly enable the git config feature of gitolite | Benedikt Peetz | 2024-08-13 |
| | | | | | | | | The previously set variable is only used in the gitolite.conf file for the `config` specifications on each repo. We can't use that because we use "wild-repos". Thus we need to add the `user-configs` option to each repo, allow users to change the git settings specified there with a simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`. | ||
* | fix(nixos/git-server): Use correct regex syntax in allowed git config values | Benedikt Peetz | 2024-08-13 |
| | |||
* | fix(nixos/git-server): Correctly specify cgit's css path | Benedikt Peetz | 2024-08-13 |
| | |||
* | feat(nixos/git-server): Add nice gitolite features | Benedikt Peetz | 2024-08-13 |
| | |||
* | fix(nixos/git-server): Tell gitolite to allow changing some `git` settings | Benedikt Peetz | 2024-08-13 |
| | |||
* | feat(nixos/git-server): Add further cgit settings | Benedikt Peetz | 2024-08-13 |
| | | | | | A lot of the added settings here have been tested. They will get get tests to ensure they stay working, in later commits. | ||
* | refactor(nixos/openssh): Migrate from `system/services` | Benedikt Peetz | 2024-08-02 |
| | |||
* | fix(nixos/git-server): Add the required configuration to support http-clone | Benedikt Peetz | 2024-08-02 |
| | |||
* | refactor(nixos/{nginx, nix-sync}): Migrate from `system/services` | Benedikt Peetz | 2024-08-02 |
| | | | | | Nix-sync was sort-of mixed into the nginx configuration, thus separating it completely seemed reasonable. | ||
* | fix(git-server): set git default-branch to main | Silas Schöffel | 2024-07-30 |
| | |||
* | fix(peertube): allow sane user creation | Silas Schöffel | 2024-06-28 |
| | | | | | This enables reviewed registration, assigns quota to new users and enables manual approval of new videos. | ||
* | fix(peertube): configure https | Silas Schöffel | 2024-06-28 |
| | |||
* | fix(peertube): Specify admin email (where to send the reports to) | Benedikt Peetz | 2024-06-28 |
| | |||
* | fix(peertube): Use correct localhost ip | Benedikt Peetz | 2024-06-28 |
| | |||
* | fix(peertube): Add required listen setting | Benedikt Peetz | 2024-06-28 |
| | |||
* | fix(peertube): Activate smtp support | Benedikt Peetz | 2024-06-28 |
| | |||
* | fix(peertube): Ensure that the nginx reverse proxy works | Benedikt Peetz | 2024-06-28 |
| | |||
* | fix(peertube/secrets): Improve smtp secret | Benedikt Peetz | 2024-06-27 |
| | |||
* | feat(peertube): Init | Benedikt Peetz | 2024-06-27 |
| | |||
* | refactor(modules/etesync): Move to a complete module | Benedikt Peetz | 2024-06-13 |
| | |||
* | refactor(modules): Ensure strict coherence to patterns | Benedikt Peetz | 2024-06-13 |
| | |||
* | fix(git-server): enable http-clone through cgit | Silas Schöffel | 2024-06-11 |
| |