summary refs log tree commit diff stats
path: root/modules (follow)
Commit message (Collapse)AuthorAge
* fix(modules/back): Update to the new config file inputBenedikt Peetz2024-12-26
|
* fix(modules/back): Remove the `gitPath` from the service nameBenedikt Peetz2024-12-25
| | | | With it, the service names become nearly illegible.
* feat(modules/nginx): Modularise the redirects and migrate them to server2Benedikt Peetz2024-12-25
| | | | | | The redirects always have an implicit dependency on the DNS config of the running host. As such, simply stating them for all host is never a possibility and setting them per host the only viable option.
* fix(modules/nix-sync/internal): Fix syntax errors in shell-scriptBenedikt Peetz2024-12-25
|
* fix(modules/dhcpcd): Also set uid/gid for the `dhcpcd` userBenedikt Peetz2024-12-25
| | | | | Otherwise, this user's/group's owned files/directories could change when a new user is added or removed, as we do not persist `/var/lib/nixos`.
* fix(treewide): Add constant uids and gids to each user and groupBenedikt Peetz2024-12-25
| | | | This allows us to avoid persisting `/var/lib/nixos`.
* refactor(system/services/fail2ban): Migrate to `by-name`Benedikt Peetz2024-12-25
| | | | | | Additionally, I've changed to owner of the `/var/lib/fail2ban` directory to `root:root` as the main `fail2ban` service also runs under `root` and a `fail2ban` user is never created.
* refactor(system/services/rust-motd): Migrate to `by-name`Benedikt Peetz2024-12-25
|
* fix(modules/impermanence): Don't always persist `/var/log` and `/var/lib/nixos`Benedikt Peetz2024-12-25
| | | | | | | | | | Persisting them, without marking the `/srv` containing fs as `neededForBoot` will result in a kernel panic in the init (because `impermanence` tries to mount these directories and fails as `/srv` is still missing.) Thus, each host, that sets `/srv` to `neededForBoot` should add these directories to `vhack.persist.directories`.
* refactor(system/users): Migrate to `by-name`Benedikt Peetz2024-12-25
|
* fix(modules/git-server): Use `vhack.persist` for data-directoriesBenedikt Peetz2024-12-25
| | | | | This avoids having to create them manually on the server and is, overall just generally a better way to solve this problem.
* fix(modules/back): Use correct source-code environment variableBenedikt Peetz2024-12-25
|
* refactor(modules/impermanence): Migrate to by-name while distributing modsBenedikt Peetz2024-12-24
|
* fix(modules/back): Set now needed source code URL environment variableBenedikt Peetz2024-12-24
|
* feat(modules/back): InitBenedikt Peetz2024-12-24
|
* fix(modules/nix-sync/internal): Use correct command grouping syntaxBenedikt Peetz2024-12-24
| | | | | | Commands in parentheses (i.e., `()`) are _subshells_ and `exit`ting from these will not result in an `exit` of the actually _shell_. Thus, we use want simple command grouping and use the correct syntax for that.
* fix(modules/disko): Actually honor `cfg.enable`Benedikt Peetz2024-12-24
|
* style(treewide): FormatBenedikt Peetz2024-12-23
|
* fix(modules/disko): Remove deprecated legacy type and migrate to `by-name`Benedikt Peetz2024-12-21
|
* fix(modules/redlib): Change subdomain to `redlib`Benedikt Peetz2024-12-20
| | | | | | The old `libreddit` subdomain still has redirection to avoid this being a breaking change. But keeping the old subdomain is rather weird considering their new name.
* refactor(system/services/libreddit): Migrate to `by-name`Benedikt Peetz2024-12-20
| | | | This also includes a rename into `redlib` because of upstream changes.
* refactor({modules,test}): Migrate to a `by-name` structureBenedikt Peetz2024-12-20
|
* fix(treewide): Update to nixos release 24.11Benedikt Peetz2024-12-19
|
* fix(git-server/cgit): Don't run `cgit` as `root` use `git` insteadBenedikt Peetz2024-09-06
| | | | | | | | | | | | This option was newly added, as previously only on `fcgiwrap` instance was run as root. We probably have not been affected by this, as our `fcgiwrap` instance was already running as `git:nginx`. Usage of the new options seems better either way, as they provide a finer grained control over the user _each_ `fcgiwrap`ped service is running at. The security advisory: https://discourse.nixos.org/t/51419
* docs(nixos/git-server): Improve the comment on the possible git config keysBenedikt Peetz2024-08-14
|
* fix(nixos/git-server): Use the correct number in the `section-from-path` settingBenedikt Peetz2024-08-14
| | | | | | | | | | | | | | Take for example a repository name like: `some/organisation/project_a/team_c/repo_b`. Setting the setting to `-1` means that cgit traverses the path from left to right, until it has found 1 element (and `section-from-path` (or n for short)is 0, because n is incremented after each iteration). E.g. : ~ [n=-1] starting point: `some/organisation/project_a/team_c/repo_b` ~ [n=0] after the first iteration: `some/organisation/project_a/team_c/repo_b` Now `some/organisation/project_a/team_c` becomes the section, whilst `repo_b` becomes the repo name.
* fix(nixos/git-server): Correctly specify the section from path lengthBenedikt Peetz2024-08-13
| | | | | | | | | | | | | | Cgit effectively splits the repo path on '/' and then takes `section-from-path` segments, which form the section. A negative value here results in cgit traversing the path from left to right instead of right to left. Beware that cgit only sets the section, if the path contains `section-from-path` or more slashes in it (thus rendering this setting defunct with the previous value of 1000). There seems to be no way to tell cgit to always use all components up-to the second to last for the section name, thus requiring all projects that need a longer than 1 section length to set the `cgit.section` git config variable via gitolite.
* fix(nixos/git-server): Correctly enable the git config feature of gitoliteBenedikt Peetz2024-08-13
| | | | | | | | The previously set variable is only used in the gitolite.conf file for the `config` specifications on each repo. We can't use that because we use "wild-repos". Thus we need to add the `user-configs` option to each repo, allow users to change the git settings specified there with a simple `ssh git@git.vhack.eu config <repo> --set cgit.owner <name>`.
* fix(nixos/git-server): Use correct regex syntax in allowed git config valuesBenedikt Peetz2024-08-13
|
* fix(nixos/git-server): Correctly specify cgit's css pathBenedikt Peetz2024-08-13
|
* feat(nixos/git-server): Add nice gitolite featuresBenedikt Peetz2024-08-13
|
* fix(nixos/git-server): Tell gitolite to allow changing some `git` settingsBenedikt Peetz2024-08-13
|
* feat(nixos/git-server): Add further cgit settingsBenedikt Peetz2024-08-13
| | | | | A lot of the added settings here have been tested. They will get get tests to ensure they stay working, in later commits.
* refactor(nixos/openssh): Migrate from `system/services`Benedikt Peetz2024-08-02
|
* fix(nixos/git-server): Add the required configuration to support http-cloneBenedikt Peetz2024-08-02
|
* refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`Benedikt Peetz2024-08-02
| | | | | Nix-sync was sort-of mixed into the nginx configuration, thus separating it completely seemed reasonable.
* fix(git-server): set git default-branch to mainSilas Schöffel2024-07-30
|
* fix(peertube): allow sane user creationSilas Schöffel2024-06-28
| | | | | This enables reviewed registration, assigns quota to new users and enables manual approval of new videos.
* fix(peertube): configure httpsSilas Schöffel2024-06-28
|
* fix(peertube): Specify admin email (where to send the reports to)Benedikt Peetz2024-06-28
|
* fix(peertube): Use correct localhost ipBenedikt Peetz2024-06-28
|
* fix(peertube): Add required listen settingBenedikt Peetz2024-06-28
|
* fix(peertube): Activate smtp supportBenedikt Peetz2024-06-28
|
* fix(peertube): Ensure that the nginx reverse proxy worksBenedikt Peetz2024-06-28
|
* fix(peertube/secrets): Improve smtp secretBenedikt Peetz2024-06-27
|
* feat(peertube): InitBenedikt Peetz2024-06-27
|
* refactor(modules/etesync): Move to a complete moduleBenedikt Peetz2024-06-13
|
* refactor(modules): Ensure strict coherence to patternsBenedikt Peetz2024-06-13
|
* fix(git-server): enable http-clone through cgitSilas Schöffel2024-06-11
|
* fix(gitolite): change user to gitSilas Schöffel2024-06-07
|