aboutsummaryrefslogtreecommitdiffstats
path: root/system (unfollow)
Commit message (Collapse)Author
2024-02-15fix: update mastodonsils
This uses the mastodon package from nixos-unstable-small because backporting of a security release failed and we can't afford to wait.
2024-02-11feat: remove keycloaksils
2024-02-10fix(system/services/invidious-router): fix typo in domainsils
2024-02-10feat: add invidious-routersils
2024-01-19fix(system/services/restic): create /srv/snapshots if non-existentsils
2024-01-14fix(sys/services/restic): Set the system start time to 'daily'Soispha
Considering that the db dump takes longer than an hour, an hourly service start time could lead to multiple dumps happening concurrently. This should reduce this risk
2024-01-14fix(sys/services/restic): Include a db dump of PostgreSQLSoispha
Including this dump should remove the risk of a backup with a corrupt PostgreSQL database. Initial test showed that the backup takes around 32 GB and runs in under 3 hours. There is one big oversight not yet included in this commit: All services running a SQLite database are not included in this dump and thus can not be safely recovered. At present these are: - etebase-server (db.sqlite3) - murmur (murmur.sqlite) (This is list was generated with `sudo fd sqlite /srv/`)
2024-01-07fix(system/services): import restic configsils
2024-01-07feat(system): add resticsils
2024-01-06feat(system/secrets): rename .tix files to .agesils
2024-01-06feat(system/services/mastodon): define streamingProcessessils
2024-01-06feat(system/services/fail2ban): define config in daemonSettingssils
This isn't strictly necessary as we define the default config
2024-01-06feat(system/services/matrix): use mautrix-whatsapp module provided bysils
nixpkgs
2023-11-30refactor(system/services/etebase): explain outcommented static filessils
2023-11-27fix(system/services/etebase): don't serve static filessils
This doesn't work as nginx doesn't have the right permissions.
2023-11-27fix(system/services/etebase): serve static_rootsils
2023-11-27fix(system/services/etebase): micellanous changes to make it worksils
2023-11-20fix(system/services/nix): add nixremote to trusted-userssils
2023-11-18fix(system/impermanence): Remove keycloak mod, as it does not existSoispha
2023-11-18refactor(system/services/etebase): Use a reference to the port numberSoispha
2023-11-18fix(system/services/etebase): Use the correct subdomainsSoispha
This is done to comply with the naming scheme employed at `vhack.eu`.
2023-11-18fix(system/services/etebase): Hard-code localhost ipSoispha
Otherwise, etebase might use the ipv6 ip, whilst nginx uses the ipv4 version. This prevents this issue
2023-11-18Fix(system/services/etebase): Add proxy parameterssils
2023-11-18Fix(system/services/etebase): Proxy ipv4sils
2023-11-18Refactor(system/services/etebase): Formatsils
2023-11-18Fix(system/impermanence): Add permissionssils
2023-11-18Fix(system/services/etebase-server): Use nginxsils
2023-11-18Fix(system/impermanence): Add etebase-serversils
2023-11-18Feat(system/services): Add etebase-serversils
2023-11-18Feat(system/secrets): Add etebase-server secretsils
2023-11-18docs(system/services/taskserver): Add docs about expectations to runtimeSoispha
2023-11-18feat(system/users): remove obsolete ss-key for silssils
# Please enter the commit message for your changes. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # # On branch main # Your branch is up to date with 'origin/main'. # # Changes to be committed: # modified: system/users/default.nix #
2023-11-18fix(system/services/taskserver): Support both ipv4 and ipv6Soispha
2023-11-18fix(system/users): change ssh-keys for silssils
2023-11-18fix(system/services/taskserver): Support both ipv4 and ipv6Soispha
2023-11-15fix(system/users): add ssh-key for silssils
2023-11-07fix(system/services/taskserver/certs): Move cert generation to scriptSoispha
This fully removes the human-factor and allows it to just run `./generate` to generate all required certificates and keys (with the needed extra keys and certificates)
2023-11-03fix(system/services/nginx/redirects): Enable ssl for the domainsSoispha
Although the page does not actually serve any content, many browsers will still refuse to access it at all, if they have the 'https-only' mode activated.
2023-10-17feat(system/services/taskserver): Add a way to connect users togetherSoispha
2023-10-17fix(system/services/taskserver): Disable debugSoispha
2023-10-16fix(system/services/taskserver): Activate debugSoispha
2023-10-16fix(system/services/taskserver): Use correct key name (`key.pem`)Soispha
2023-10-16fix(system/services/taskserver): Switch to strings instead of pathsSoispha
2023-10-16fix(system/services/taskserver): Store the self-signed ca key in agenixSoispha
2023-10-16feat(system/services/taskserver): Integrate Let's Encrypt certificatesSoispha
The current setup now runs the `taskserver.vhack.eu` domain with a Let's Encrypt certificate and additionally uses a self-signed CA certificate to validate clients. The shell scripts used to generate the CA certificate and the derived client certificate (and keys) are taken nearly unmodified from the upstream repository [1]. [1]: https://github.com/GothenburgBitFactory/taskserver/tree/9794cff61e56bdfb193c6aa4cebb57970ac68aef/pki
2023-10-16fix(system/services/taskserver): declare certs/keys in pki.manualsils
2023-10-16feat(system/services/taskserver): change ca to letsencryptsils
2023-10-16fix(system/services/taskserver): Hide organisationsSoispha
2023-10-14refactor(system/services/redirects): Move under the nginx directorySoispha
2023-10-14fix(system/services/redirects): disable sslsils
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 23:34:05 +0000