Drift/pvv-nixos-config
17
6
Fork 1
Code Issues Pull Requests 6 Actions Wiki Activity
1,115 Commits 38 Branches 0 Tags
170fb2a9800a6f5227915ee72a2a8d1906cf86e4
Commit Graph

1115 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
oysteikt 170fb2a980 bicep/synapse: fix dbname option
Build topology graph / evals (push) Successful in 2m21s
Details
Eval nix flake / evals (push) Successful in 6m43s
Details
2026-06-22 18:55:14 +09:00
oysteikt 3e627472e9 flake.{nix,lock}: bump matrix-next 2026-06-22 18:55:13 +09:00
adriangl e05c4ed8ca feat: add initialdeploy hashed password to root
Build topology graph / evals (push) Successful in 2m43s
Details
Eval nix flake / evals (push) Successful in 7m7s
Details
2026-06-21 18:24:01 +02:00
oysteikt 3fee83ec05 ildkule/loki: restrict incoming connections to pvv + ntnu
Build topology graph / evals (push) Successful in 2m21s
Details
Eval nix flake / evals (pull_request) Successful in 7m17s
Details
Eval nix flake / evals (push) Successful in 8m58s
Details
2026-06-22 01:23:16 +09:00
oysteikt a1f02fc39d {ildkule/loki,base/fluentbit}: send data over https 2026-06-22 01:23:16 +09:00
adriangl 6e37635aac ildkule/loki: firewall all endpoints except push API 
Co-authored-by: Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
 2026-06-22 01:23:14 +09:00
oysteikt cdc3ad488b bicep/postgres: add script for updating all collations
Build topology graph / evals (push) Successful in 2m44s
Details
Eval nix flake / evals (push) Successful in 8m54s
Details
2026-06-22 01:12:59 +09:00
oysteikt aa2712005a temmie/nfs-mounts: create by-uid bindmounts
Build topology graph / evals (push) Successful in 2m26s
Details
Eval nix flake / evals (push) Successful in 7m19s
Details
2026-06-17 13:43:19 +09:00
oysteikt 89921b533b temmie/userweb: further harden log-processor
Build topology graph / evals (push) Successful in 2m27s
Details
Eval nix flake / evals (push) Successful in 7m39s
Details
2026-06-17 12:31:02 +09:00
oysteikt 75f87ffab8 temmie/userweb: run passwd sync in different unit
Build topology graph / evals (push) Successful in 2m42s
Details
Eval nix flake / evals (push) Successful in 6m33s
Details
2026-06-17 12:15:23 +09:00
oysteikt b910cf9563 temmie/userweb: suppress erroneous access log for documentRoot
Build topology graph / evals (push) Successful in 2m46s
Details
Eval nix flake / evals (push) Successful in 6m50s
Details
2026-06-17 08:57:55 +09:00
oysteikt d23adbd4c2 temmie/userweb: deny access to documentRoot
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (push) Successful in 8m6s
Details
2026-06-17 08:49:44 +09:00
oysteikt 48c0a4e504 temmie/userweb: fix directory denylist enforcement
Build topology graph / evals (push) Successful in 2m27s
Details
Eval nix flake / evals (push) Successful in 7m46s
Details
2026-06-17 08:23:08 +09:00
oysteikt 374d9b1bc7 flake.nix: passthru machine config, pkgs and config.system.build 
This shortens down the path needed to build both overlayed packages and
all the other machine derivations. Here are some examples:

```
nix build .#machine.etc
nix build '.#machine.units."nginx.service".unit'
nix build .#machine.pkgs.overlayed-package
nix build .#machine.config.services.nginx.package
```
 2026-06-17 08:10:17 +09:00
oysteikt d84cc73819 temmie/userweb: handle more .php\d suffixes
Build topology graph / evals (push) Successful in 3m57s
Details
Eval nix flake / evals (push) Successful in 9m22s
Details
2026-06-16 19:07:58 +09:00
oysteikt b738f08c09 temmie/userweb: render path denylist into Directory/Files directives 2026-06-16 19:07:57 +09:00
oysteikt 8252bba3ad temmie/userweb: enable httpd trace on debugMode 2026-06-16 19:07:57 +09:00
oysteikt a776a5a5fe temmie/userweb: explicitly override mod_perl and mod_userdir 2026-06-16 19:07:57 +09:00
oysteikt ed57744ec3 temmie/userweb: add more patterns to denylist
Build topology graph / evals (push) Successful in 2m26s
Details
Eval nix flake / evals (push) Successful in 8m19s
Details
2026-06-16 16:07:32 +09:00
oysteikt 226db1f46e temmie/userweb: add more DirectoryIndex variants 2026-06-16 16:07:32 +09:00
oysteikt 51e1656177 temmie/userweb: disable ~pvv 2026-06-16 15:53:52 +09:00
oysteikt 47d2dcf9ff temmie/userweb: add bro server to userweb slice
Build topology graph / evals (push) Successful in 4m15s
Details
Eval nix flake / evals (push) Successful in 6m25s
Details
2026-06-16 03:37:28 +09:00
oysteikt 254b1d9b14 temmie/userweb: split into more modules
Build topology graph / evals (push) Successful in 2m49s
Details
Eval nix flake / evals (push) Successful in 8m32s
Details
2026-06-16 03:33:28 +09:00
oysteikt 2301672a21 temmie/userweb: run log processors as separate systemd units
Build topology graph / evals (push) Successful in 2m45s
Details
Eval nix flake / evals (push) Successful in 6m45s
Details 
This lets us divide up some of the logic making httpd itself less
brittle, and also reduces the amount of privileges for httpd.
 2026-06-16 02:56:28 +09:00
felixalb 7145abadf3 flake: update input pvv-nettsiden
Build topology graph / evals (push) Successful in 4m2s
Details
Eval nix flake / evals (push) Successful in 7m8s
Details
2026-06-13 16:59:50 +02:00
oysteikt b533b09c8f base/various: add to slice system-monitoring
Build topology graph / evals (push) Successful in 4m9s
Details
Eval nix flake / evals (push) Successful in 9m20s
Details
2026-06-13 04:45:39 +09:00
oysteikt 526b55c49a {ildkule/prometheus,base}: send stats over HTTPS through nginx
Build topology graph / evals (push) Successful in 2m42s
Details
Eval nix flake / evals (push) Successful in 6m36s
Details
2026-06-13 02:54:28 +09:00
oysteikt e80189c6eb temmie/userweb: stop cating passwd on startup
Build topology graph / evals (push) Successful in 2m47s
Details
Eval nix flake / evals (push) Successful in 9m7s
Details
2026-06-13 01:41:05 +09:00
oysteikt 56a51e4c6f temmie/userweb: mount homedirs under /amd
Build topology graph / evals (push) Successful in 2m25s
Details
Eval nix flake / evals (push) Successful in 6m20s
Details
2026-06-13 01:39:20 +09:00
oysteikt f54109f6f3 temmie/userweb: set handlers for php and perl scripts
Build topology graph / evals (push) Successful in 4m9s
Details
Eval nix flake / evals (push) Successful in 8m58s
Details
2026-06-13 01:26:27 +09:00
vegardbm 5763a76136 user/vegardbm: change shell to zsh and add ssh key
Build topology graph / evals (push) Successful in 2m27s
Details
Eval nix flake / evals (push) Successful in 8m31s
Details
2026-06-08 11:35:44 +02:00
oysteikt b57a935b4c base/rsyslogd: init
Build topology graph / evals (push) Successful in 2m42s
Details
Eval nix flake / evals (push) Successful in 6m50s
Details
2026-06-08 12:58:37 +09:00
oysteikt b4582a160f skrot/dibbler: rotate database password
Build topology graph / evals (push) Successful in 2m44s
Details
Eval nix flake / evals (push) Successful in 9m13s
Details
2026-06-07 17:58:33 +09:00
oysteikt ac094d350d base/timesyncd: specify ntp servers
Build topology graph / evals (push) Successful in 2m31s
Details
Eval nix flake / evals (push) Successful in 6m45s
Details
2026-06-07 17:52:54 +09:00
oysteikt b848e0f1cc temmie/userweb: add log processor for apache
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (push) Successful in 8m48s
Details
2026-06-07 06:03:18 +09:00
oysteikt c671329b93 temmie/userweb: inject users from passwd into httpd sandbox
Build topology graph / evals (push) Successful in 3m46s
Details
Eval nix flake / evals (push) Successful in 8m30s
Details
2026-06-07 05:28:24 +09:00
vegardbm e6a3d43493 modules/drumknotty: use correct screen window name for dibbler
Build topology graph / evals (push) Successful in 2m26s
Details
Eval nix flake / evals (push) Successful in 8m52s
Details
2026-06-05 22:14:02 +02:00
oysteikt cafc95db8f bicep/mjolnir: use nodejs v22
Build topology graph / evals (push) Successful in 2m23s
Details
Eval nix flake / evals (push) Successful in 9m14s
Details
2026-06-06 04:43:58 +09:00
oysteikt 2d6b09cb32 bikkje: label ports in firewall port list 2026-06-06 04:08:16 +09:00
oysteikt ce0af2f6e4 flake.nix: add app for building gitea workflows locally 2026-06-06 04:05:26 +09:00
oysteikt 88892115b5 base: enable autoScrub for all btrfs machine by default 2026-06-06 04:05:26 +09:00
oysteikt 8a290d30e7 modules/drumknotty: split into several parts
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (pull_request) Successful in 9m31s
Details
Eval nix flake / evals (push) Successful in 6m50s
Details 
This also fixes a few issues, such as enabling `createLocalDatabase` for
multiple programs, and wraps all the screen logic within a screenrc
file. Some assertions were also added to avoid some easy-to-make
mistakes.
 2026-06-05 14:21:35 +02:00
vegardbm 3197c6a5e3 attach with dibbler window selected 2026-06-05 14:21:35 +02:00
vegardbm f8dcaddefb use main branch for worblehat after merge 2026-06-05 14:21:28 +02:00
vegardbm 009d89f959 set default settings for worblehat and dibbler 2026-06-05 14:09:06 +02:00
vegardbm 21bba3ec7e add worblehat daemons 2026-06-05 14:09:06 +02:00
vegardbm 9552351776 add database password for worblehat 2026-06-05 14:09:06 +02:00
vegardbm 7e754ade71 drumknotty: init 2026-06-05 14:08:58 +02:00
oysteikt fcd81aed00 packages/ooye: 3.5.1 -> 3.6.0
Build topology graph / evals (push) Successful in 3m42s
Details
Eval nix flake / evals (push) Successful in 6m37s
Details
2026-06-04 19:17:29 +09:00
oysteikt 966081ebfc bicep/mysql: enable userstat
Build topology graph / evals (push) Successful in 2m45s
Details
Eval nix flake / evals (push) Successful in 7m58s
Details
2026-06-03 15:31:27 +09:00