Drift/pvv-nixos-config
17
6
Fork 1
Code Issues Pull Requests 7 Actions Wiki Activity

Compare commits

merge into: Drift/pvv-nixos-config:userweb-sendmail-proxy
Branches Tags
Drift/pvv-nixos-config:main Drift/pvv-nixos-config:mediawiki-secrets-permissions Drift/pvv-nixos-config:ildkule-uptime-kuma-fix Drift/pvv-nixos-config:userweb-sendmail-proxy Drift/pvv-nixos-config:nixos-2605 Drift/pvv-nixos-config:ildkule-sops Drift/pvv-nixos-config:hashed-initial-deploy-root-password Drift/pvv-nixos-config:bicep-garage-test-deployment Drift/pvv-nixos-config:bicep-revival Drift/pvv-nixos-config:drumknotty Drift/pvv-nixos-config:fmt Drift/pvv-nixos-config:errorpages Drift/pvv-nixos-config:PVVtheme2026 Drift/pvv-nixos-config:dagali-heimdal-openldap-sasl-stack Drift/pvv-nixos-config:skrot-new-thing Drift/pvv-nixos-config:loginpage Drift/pvv-nixos-config:temmie-userweb Drift/pvv-nixos-config:gitea-robots-txt Drift/pvv-nixos-config:kommode-disko Drift/pvv-nixos-config:skrott-cross-compile Drift/pvv-nixos-config:nettsiden-postgresql Drift/pvv-nixos-config:gitea-vaskepersonalet Drift/pvv-nixos-config:create-flake-input-exporter Drift/pvv-nixos-config:gitea-runners-secrets Drift/pvv-nixos-config:nom Drift/pvv-nixos-config:add-skrott Drift/pvv-nixos-config:pvvvvv Drift/pvv-nixos-config:gitea-show-license-in-list-view Drift/pvv-nixos-config:backup-databases Drift/pvv-nixos-config:openwebui Drift/pvv-nixos-config:setup-openvpn-tunnel Drift/pvv-nixos-config:gitea-gpg-signing Drift/pvv-nixos-config:sleipner-authorised-keys Drift/pvv-nixos-config:openstack-image-builder Drift/pvv-nixos-config:elysium Drift/pvv-nixos-config:smartd-notifs Drift/pvv-nixos-config:systemd-journald-remote Drift/pvv-nixos-config:skrot Drift/pvv-nixos-config:deploy-doorbell Drift/pvv-nixos-config:misc-gitea-fixes Drift/pvv-nixos-config:spotifyd Drift/pvv-nixos-config:remote Drift/pvv-nixos-config:setup-bikkje-login Drift/pvv-nixos-config:ozai-prod Drift/pvv-nixos-config:add-bluemap Drift/pvv-nixos-config:ozai Drift/pvv-nixos-config:setup-postfix-for-service-machines Drift/pvv-nixos-config:fix-gitea-ci-runner-network-issues Drift/pvv-nixos-config:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift/pvv-nixos-config:gitea-metrics Drift/pvv-nixos-config:misc1 Drift/pvv-nixos-config:add-simple-saml-theme Drift/pvv-nixos-config:misc-extra-gitea-setup Drift/pvv-nixos-config:setup-kerberos Drift/pvv-nixos-config:setup-home-areas Drift/pvv-nixos-config:shark-kanidm Drift/pvv-nixos-config:prometheusexim
...
pull from: Drift/pvv-nixos-config:mediawiki-secrets-permissions
Branches Tags
Drift/pvv-nixos-config:main Drift/pvv-nixos-config:mediawiki-secrets-permissions Drift/pvv-nixos-config:ildkule-uptime-kuma-fix Drift/pvv-nixos-config:userweb-sendmail-proxy Drift/pvv-nixos-config:nixos-2605 Drift/pvv-nixos-config:ildkule-sops Drift/pvv-nixos-config:hashed-initial-deploy-root-password Drift/pvv-nixos-config:bicep-garage-test-deployment Drift/pvv-nixos-config:bicep-revival Drift/pvv-nixos-config:drumknotty Drift/pvv-nixos-config:fmt Drift/pvv-nixos-config:errorpages Drift/pvv-nixos-config:PVVtheme2026 Drift/pvv-nixos-config:dagali-heimdal-openldap-sasl-stack Drift/pvv-nixos-config:skrot-new-thing Drift/pvv-nixos-config:loginpage Drift/pvv-nixos-config:temmie-userweb Drift/pvv-nixos-config:gitea-robots-txt Drift/pvv-nixos-config:kommode-disko Drift/pvv-nixos-config:skrott-cross-compile Drift/pvv-nixos-config:nettsiden-postgresql Drift/pvv-nixos-config:gitea-vaskepersonalet Drift/pvv-nixos-config:create-flake-input-exporter Drift/pvv-nixos-config:gitea-runners-secrets Drift/pvv-nixos-config:nom Drift/pvv-nixos-config:add-skrott Drift/pvv-nixos-config:pvvvvv Drift/pvv-nixos-config:gitea-show-license-in-list-view Drift/pvv-nixos-config:backup-databases Drift/pvv-nixos-config:openwebui Drift/pvv-nixos-config:setup-openvpn-tunnel Drift/pvv-nixos-config:gitea-gpg-signing Drift/pvv-nixos-config:sleipner-authorised-keys Drift/pvv-nixos-config:openstack-image-builder Drift/pvv-nixos-config:elysium Drift/pvv-nixos-config:smartd-notifs Drift/pvv-nixos-config:systemd-journald-remote Drift/pvv-nixos-config:skrot Drift/pvv-nixos-config:deploy-doorbell Drift/pvv-nixos-config:misc-gitea-fixes Drift/pvv-nixos-config:spotifyd Drift/pvv-nixos-config:remote Drift/pvv-nixos-config:setup-bikkje-login Drift/pvv-nixos-config:ozai-prod Drift/pvv-nixos-config:add-bluemap Drift/pvv-nixos-config:ozai Drift/pvv-nixos-config:setup-postfix-for-service-machines Drift/pvv-nixos-config:fix-gitea-ci-runner-network-issues Drift/pvv-nixos-config:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift/pvv-nixos-config:gitea-metrics Drift/pvv-nixos-config:misc1 Drift/pvv-nixos-config:add-simple-saml-theme Drift/pvv-nixos-config:misc-extra-gitea-setup Drift/pvv-nixos-config:setup-kerberos Drift/pvv-nixos-config:setup-home-areas Drift/pvv-nixos-config:shark-kanidm Drift/pvv-nixos-config:prometheusexim

3 Commits
userweb-sendmail-proxy ... mediawiki-secrets-permissions

Author SHA1 Message Date
vegardbm 6cca1db3b3 bekkalokk: fix permissions for mediawiki secrets
Eval nix flake / evals (pull_request) Successful in 3m51s
Details
Build topology graph / evals (push) Successful in 2m29s
Details
Eval nix flake / evals (push) Successful in 4m21s
Details
2026-05-22 20:21:24 +02:00
vegardbm bfd83c4c64 uptime-kuma: wants to use /var/lib/private for state
Build topology graph / evals (push) Successful in 2m32s
Details
Eval nix flake / evals (push) Successful in 3m49s
Details
2026-05-22 17:58:00 +02:00
oysteikt 9a6fdecb03 kommode/gitea/dump: only keep a single dump at a time
Eval nix flake / evals (push) Successful in 3m54s
Details
Build topology graph / evals (push) Successful in 3m59s
Details
2026-05-22 18:27:57 +09:00
3 changed files with 7 additions and 14 deletions
Expand all files Collapse all files
hosts/bekkalokk/services/mediawiki/default.nix
+2 -4
View File
@@ -210,6 +210,8 @@ in {
# EXT:WikiEditor
$wgWikiEditorRealtimePreview = true;
$wgSecretKey = file_get_contents("${config.sops.secrets."mediawiki/secret-key".path}");
'';
};
@@ -273,8 +275,6 @@ in {
systemd.services.mediawiki-init = lib.mkIf cfg.enable {
after = [ "sops-install-secrets.service" ];
serviceConfig = {
BindReadOnlyPaths = [ "/run/credentials/mediawiki-init.service/secret-key:/var/lib/mediawiki/secret.key" ];
LoadCredential = [ "secret-key:${config.sops.secrets."mediawiki/secret-key".path}" ];
UMask = lib.mkForce "0007";
};
};
@@ -282,8 +282,6 @@ in {
systemd.services.phpfpm-mediawiki = lib.mkIf cfg.enable {
after = [ "sops-install-secrets.service" ];
serviceConfig = {
BindReadOnlyPaths = [ "/run/credentials/phpfpm-mediawiki.service/secret-key:/var/lib/mediawiki/secret.key" ];
LoadCredential = [ "secret-key:${config.sops.secrets."mediawiki/secret-key".path}" ];
UMask = lib.mkForce "0007";
};
};
hosts/ildkule/services/monitoring/uptime-kuma.nix
+1 -1
View File
@@ -19,7 +19,7 @@ in {
locations."/".proxyPass = "http://${cfg.settings.HOST}:${cfg.settings.PORT}";
};
fileSystems."/var/lib/uptime-kuma" = {
fileSystems."/var/lib/private/uptime-kuma" = {
device = stateDir;
fsType = "bind";
options = [ "bind" ];
hosts/kommode/services/gitea/default.nix
+4 -9
View File
@@ -228,14 +228,9 @@ in {
};
in lib.mkForce "${lib.getExe cfg.package} dump ${args}";
# Only keep n backup files at a time
postStop = let
cu = prog: "'${lib.getExe' pkgs.coreutils prog}'";
backupCount = 3;
in ''
for file in $(${cu "ls"} -t1 '${cfg.dump.backupDir}' | ${cu "sort"} --reverse | ${cu "tail"} -n+${toString (backupCount + 1)}); do
${cu "rm"} "$file"
done
'';
# Only keep a single backup file at a time.
postStop = ''
${lib.getExe' pkgs.coreutils "mv"} '${cfg.dump.backupDir}'/gitea-dump-*.tar.gz gitea-dump.tar.gz
'';
};
}