Drift/pvv-nixos-config
17
6
Fork 1
Code Issues Pull Requests 6 Actions Wiki Activity
1,115 Commits 38 Branches 0 Tags
170fb2a9800a6f5227915ee72a2a8d1906cf86e4
Commit Graph

596 Commits

Author SHA1 Message Date
oysteikt 170fb2a980 bicep/synapse: fix dbname option
Build topology graph / evals (push) Successful in 2m21s
Details
Eval nix flake / evals (push) Successful in 6m43s
Details
2026-06-22 18:55:14 +09:00
oysteikt 3fee83ec05 ildkule/loki: restrict incoming connections to pvv + ntnu
Build topology graph / evals (push) Successful in 2m21s
Details
Eval nix flake / evals (pull_request) Successful in 7m17s
Details
Eval nix flake / evals (push) Successful in 8m58s
Details
2026-06-22 01:23:16 +09:00
oysteikt a1f02fc39d {ildkule/loki,base/fluentbit}: send data over https 2026-06-22 01:23:16 +09:00
adriangl 6e37635aac ildkule/loki: firewall all endpoints except push API 
Co-authored-by: Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
 2026-06-22 01:23:14 +09:00
oysteikt cdc3ad488b bicep/postgres: add script for updating all collations
Build topology graph / evals (push) Successful in 2m44s
Details
Eval nix flake / evals (push) Successful in 8m54s
Details
2026-06-22 01:12:59 +09:00
oysteikt aa2712005a temmie/nfs-mounts: create by-uid bindmounts
Build topology graph / evals (push) Successful in 2m26s
Details
Eval nix flake / evals (push) Successful in 7m19s
Details
2026-06-17 13:43:19 +09:00
oysteikt 89921b533b temmie/userweb: further harden log-processor
Build topology graph / evals (push) Successful in 2m27s
Details
Eval nix flake / evals (push) Successful in 7m39s
Details
2026-06-17 12:31:02 +09:00
oysteikt 75f87ffab8 temmie/userweb: run passwd sync in different unit
Build topology graph / evals (push) Successful in 2m42s
Details
Eval nix flake / evals (push) Successful in 6m33s
Details
2026-06-17 12:15:23 +09:00
oysteikt b910cf9563 temmie/userweb: suppress erroneous access log for documentRoot
Build topology graph / evals (push) Successful in 2m46s
Details
Eval nix flake / evals (push) Successful in 6m50s
Details
2026-06-17 08:57:55 +09:00
oysteikt d23adbd4c2 temmie/userweb: deny access to documentRoot
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (push) Successful in 8m6s
Details
2026-06-17 08:49:44 +09:00
oysteikt 48c0a4e504 temmie/userweb: fix directory denylist enforcement
Build topology graph / evals (push) Successful in 2m27s
Details
Eval nix flake / evals (push) Successful in 7m46s
Details
2026-06-17 08:23:08 +09:00
oysteikt d84cc73819 temmie/userweb: handle more .php\d suffixes
Build topology graph / evals (push) Successful in 3m57s
Details
Eval nix flake / evals (push) Successful in 9m22s
Details
2026-06-16 19:07:58 +09:00
oysteikt b738f08c09 temmie/userweb: render path denylist into Directory/Files directives 2026-06-16 19:07:57 +09:00
oysteikt 8252bba3ad temmie/userweb: enable httpd trace on debugMode 2026-06-16 19:07:57 +09:00
oysteikt a776a5a5fe temmie/userweb: explicitly override mod_perl and mod_userdir 2026-06-16 19:07:57 +09:00
oysteikt ed57744ec3 temmie/userweb: add more patterns to denylist
Build topology graph / evals (push) Successful in 2m26s
Details
Eval nix flake / evals (push) Successful in 8m19s
Details
2026-06-16 16:07:32 +09:00
oysteikt 226db1f46e temmie/userweb: add more DirectoryIndex variants 2026-06-16 16:07:32 +09:00
oysteikt 51e1656177 temmie/userweb: disable ~pvv 2026-06-16 15:53:52 +09:00
oysteikt 47d2dcf9ff temmie/userweb: add bro server to userweb slice
Build topology graph / evals (push) Successful in 4m15s
Details
Eval nix flake / evals (push) Successful in 6m25s
Details
2026-06-16 03:37:28 +09:00
oysteikt 254b1d9b14 temmie/userweb: split into more modules
Build topology graph / evals (push) Successful in 2m49s
Details
Eval nix flake / evals (push) Successful in 8m32s
Details
2026-06-16 03:33:28 +09:00
oysteikt 2301672a21 temmie/userweb: run log processors as separate systemd units
Build topology graph / evals (push) Successful in 2m45s
Details
Eval nix flake / evals (push) Successful in 6m45s
Details 
This lets us divide up some of the logic making httpd itself less
brittle, and also reduces the amount of privileges for httpd.
 2026-06-16 02:56:28 +09:00
oysteikt 526b55c49a {ildkule/prometheus,base}: send stats over HTTPS through nginx
Build topology graph / evals (push) Successful in 2m42s
Details
Eval nix flake / evals (push) Successful in 6m36s
Details
2026-06-13 02:54:28 +09:00
oysteikt e80189c6eb temmie/userweb: stop cating passwd on startup
Build topology graph / evals (push) Successful in 2m47s
Details
Eval nix flake / evals (push) Successful in 9m7s
Details
2026-06-13 01:41:05 +09:00
oysteikt 56a51e4c6f temmie/userweb: mount homedirs under /amd
Build topology graph / evals (push) Successful in 2m25s
Details
Eval nix flake / evals (push) Successful in 6m20s
Details
2026-06-13 01:39:20 +09:00
oysteikt f54109f6f3 temmie/userweb: set handlers for php and perl scripts
Build topology graph / evals (push) Successful in 4m9s
Details
Eval nix flake / evals (push) Successful in 8m58s
Details
2026-06-13 01:26:27 +09:00
oysteikt b848e0f1cc temmie/userweb: add log processor for apache
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (push) Successful in 8m48s
Details
2026-06-07 06:03:18 +09:00
oysteikt c671329b93 temmie/userweb: inject users from passwd into httpd sandbox
Build topology graph / evals (push) Successful in 3m46s
Details
Eval nix flake / evals (push) Successful in 8m30s
Details
2026-06-07 05:28:24 +09:00
oysteikt 2d6b09cb32 bikkje: label ports in firewall port list 2026-06-06 04:08:16 +09:00
oysteikt 88892115b5 base: enable autoScrub for all btrfs machine by default 2026-06-06 04:05:26 +09:00
oysteikt 8a290d30e7 modules/drumknotty: split into several parts
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (pull_request) Successful in 9m31s
Details
Eval nix flake / evals (push) Successful in 6m50s
Details 
This also fixes a few issues, such as enabling `createLocalDatabase` for
multiple programs, and wraps all the screen logic within a screenrc
file. Some assertions were also added to avoid some easy-to-make
mistakes.
 2026-06-05 14:21:35 +02:00
vegardbm 009d89f959 set default settings for worblehat and dibbler 2026-06-05 14:09:06 +02:00
vegardbm 7e754ade71 drumknotty: init 2026-06-05 14:08:58 +02:00
oysteikt 966081ebfc bicep/mysql: enable userstat
Build topology graph / evals (push) Successful in 2m45s
Details
Eval nix flake / evals (push) Successful in 7m58s
Details
2026-06-03 15:31:27 +09:00
oysteikt 39d313579c bicep/mysql: rotate slow query logs
Build topology graph / evals (push) Successful in 2m26s
Details
Eval nix flake / evals (push) Successful in 6m23s
Details
2026-06-03 15:21:18 +09:00
oysteikt 3386153b8b ildkule/prometheus/exim: make scheme explicit
Build topology graph / evals (push) Successful in 2m48s
Details
Eval nix flake / evals (push) Successful in 7m3s
Details
2026-06-03 13:35:13 +09:00
oysteikt 56906241f6 bekkalokk/roundcube: temporary fix for webmail redirects
Build topology graph / evals (push) Successful in 2m24s
Details
Eval nix flake / evals (push) Successful in 6m28s
Details
2026-06-01 03:52:09 +09:00
oysteikt 3fe71d21f6 bekkalokk/roundcube: webdir moved to public_html within package
Build topology graph / evals (push) Successful in 2m21s
Details
Eval nix flake / evals (push) Successful in 8m55s
Details
2026-06-01 02:57:43 +09:00
oysteikt 1ce3372683 lupine/binfmt: enable 2026-06-01 01:00:50 +09:00
adriangl 5f14c15679 feat: add radicale to bekkalokk
Build topology graph / evals (push) Successful in 2m43s
Details
Eval nix flake / evals (push) Successful in 4m12s
Details
2026-06-01 00:59:54 +09:00
oysteikt 64843087be kommode/gitea: only allow webhooks to external hosts
Build topology graph / evals (push) Successful in 2m30s
Details
Eval nix flake / evals (push) Successful in 10m7s
Details 
We don't have any servers with intranet IPs, and we want webhooks that
hook back to kommode to pass through its firewall.
 2026-05-29 12:58:26 +09:00
oysteikt 0c45345050 bicep/matrix-ooye harden
Build topology graph / evals (push) Successful in 2m42s
Details
Eval nix flake / evals (push) Successful in 4m48s
Details
2026-05-28 16:07:36 +09:00
oysteikt 788f23bf04 bicep/matrix-hookshot: harden
Build topology graph / evals (push) Successful in 2m23s
Details
Eval nix flake / evals (push) Successful in 4m43s
Details
2026-05-28 15:58:04 +09:00
oysteikt 8416014aeb bicep/mjolnir: harden 2026-05-28 15:58:04 +09:00
oysteikt 5bf0de1d0d bekkalokk/website/fetch-gallery: use proper shellscript builder 2026-05-28 03:58:08 +09:00
oysteikt a550bbf1e0 bekkalokk/roundcube: use specialized builder for nginx root dir 2026-05-28 03:46:59 +09:00
oysteikt 6d9bd8256f kommode/gitea/install-customization: disable networking
Build topology graph / evals (push) Successful in 3m27s
Details
Eval nix flake / evals (push) Successful in 4m9s
Details
2026-05-28 03:15:47 +09:00
oysteikt 5c859d9809 kommode/gitea/install-customization: remove ExecStart bash wrapper 2026-05-28 03:15:06 +09:00
oysteikt dfbed75cd9 kommode/gitea/gpg: remove ExecStart bash wrapper 2026-05-28 03:06:07 +09:00
oysteikt 6237a0a0e7 bicep/minecraft-heatmap: remove ExecStartPre bash wrapper 2026-05-28 03:03:38 +09:00
oysteikt bd2263a0a9 kommode/gitea/import-users: remove ExecStartPre bash wrapper 2026-05-28 03:02:59 +09:00