jonmro/pvv-nixos-config
1
0
Fork 0
forked from Drift/pvv-nixos-config
Code Pull Requests Activity
1,120 Commits 17 Branches 0 Tags
f4b1f090e4bbd2f05165ff6d39b416c13e896d59
Commit Graph

1120 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
oysteikt f4b1f090e4 flake.lock: bump various 2026-06-30 04:15:37 +09:00
oysteikt 7c684e42f0 treewide: fix rsync <-> rrsync communication 2026-06-30 02:41:40 +09:00
oysteikt 90bfda9066 kommode/gitea: bump AVATAR_MAX_ORIGIN_SIZE from 2MB to 4MB 2026-06-24 14:33:20 +09:00
oysteikt 522d8f18cb flake.{nix,lock}: bump roowho2 2026-06-24 13:38:03 +09:00
oysteikt 5e613a03fc treewide: set relatime for most root mounts 2026-06-23 01:12:16 +09:00
oysteikt 170fb2a980 bicep/synapse: fix dbname option 2026-06-22 18:55:14 +09:00
oysteikt 3e627472e9 flake.{nix,lock}: bump matrix-next 2026-06-22 18:55:13 +09:00
adriangl e05c4ed8ca feat: add initialdeploy hashed password to root 2026-06-21 18:24:01 +02:00
oysteikt 3fee83ec05 ildkule/loki: restrict incoming connections to pvv + ntnu 2026-06-22 01:23:16 +09:00
oysteikt a1f02fc39d {ildkule/loki,base/fluentbit}: send data over https 2026-06-22 01:23:16 +09:00
adriangl 6e37635aac ildkule/loki: firewall all endpoints except push API 
Co-authored-by: Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
 2026-06-22 01:23:14 +09:00
oysteikt cdc3ad488b bicep/postgres: add script for updating all collations 2026-06-22 01:12:59 +09:00
oysteikt aa2712005a temmie/nfs-mounts: create by-uid bindmounts 2026-06-17 13:43:19 +09:00
oysteikt 89921b533b temmie/userweb: further harden log-processor 2026-06-17 12:31:02 +09:00
oysteikt 75f87ffab8 temmie/userweb: run passwd sync in different unit 2026-06-17 12:15:23 +09:00
oysteikt b910cf9563 temmie/userweb: suppress erroneous access log for documentRoot 2026-06-17 08:57:55 +09:00
oysteikt d23adbd4c2 temmie/userweb: deny access to documentRoot 2026-06-17 08:49:44 +09:00
oysteikt 48c0a4e504 temmie/userweb: fix directory denylist enforcement 2026-06-17 08:23:08 +09:00
oysteikt 374d9b1bc7 flake.nix: passthru machine config, pkgs and config.system.build 
This shortens down the path needed to build both overlayed packages and
all the other machine derivations. Here are some examples:

```
nix build .#machine.etc
nix build '.#machine.units."nginx.service".unit'
nix build .#machine.pkgs.overlayed-package
nix build .#machine.config.services.nginx.package
```
 2026-06-17 08:10:17 +09:00
oysteikt d84cc73819 temmie/userweb: handle more .php\d suffixes 2026-06-16 19:07:58 +09:00
oysteikt b738f08c09 temmie/userweb: render path denylist into Directory/Files directives 2026-06-16 19:07:57 +09:00
oysteikt 8252bba3ad temmie/userweb: enable httpd trace on debugMode 2026-06-16 19:07:57 +09:00
oysteikt a776a5a5fe temmie/userweb: explicitly override mod_perl and mod_userdir 2026-06-16 19:07:57 +09:00
oysteikt ed57744ec3 temmie/userweb: add more patterns to denylist 2026-06-16 16:07:32 +09:00
oysteikt 226db1f46e temmie/userweb: add more DirectoryIndex variants 2026-06-16 16:07:32 +09:00
oysteikt 51e1656177 temmie/userweb: disable ~pvv 2026-06-16 15:53:52 +09:00
oysteikt 47d2dcf9ff temmie/userweb: add bro server to userweb slice 2026-06-16 03:37:28 +09:00
oysteikt 254b1d9b14 temmie/userweb: split into more modules 2026-06-16 03:33:28 +09:00
oysteikt 2301672a21 temmie/userweb: run log processors as separate systemd units 
This lets us divide up some of the logic making httpd itself less
brittle, and also reduces the amount of privileges for httpd.
 2026-06-16 02:56:28 +09:00
felixalb 7145abadf3 flake: update input pvv-nettsiden 2026-06-13 16:59:50 +02:00
oysteikt b533b09c8f base/various: add to slice system-monitoring 2026-06-13 04:45:39 +09:00
oysteikt 526b55c49a {ildkule/prometheus,base}: send stats over HTTPS through nginx 2026-06-13 02:54:28 +09:00
oysteikt e80189c6eb temmie/userweb: stop cating passwd on startup 2026-06-13 01:41:05 +09:00
oysteikt 56a51e4c6f temmie/userweb: mount homedirs under /amd 2026-06-13 01:39:20 +09:00
oysteikt f54109f6f3 temmie/userweb: set handlers for php and perl scripts 2026-06-13 01:26:27 +09:00
vegardbm 5763a76136 user/vegardbm: change shell to zsh and add ssh key 2026-06-08 11:35:44 +02:00
oysteikt b57a935b4c base/rsyslogd: init 2026-06-08 12:58:37 +09:00
oysteikt b4582a160f skrot/dibbler: rotate database password 2026-06-07 17:58:33 +09:00
oysteikt ac094d350d base/timesyncd: specify ntp servers 2026-06-07 17:52:54 +09:00
oysteikt b848e0f1cc temmie/userweb: add log processor for apache 2026-06-07 06:03:18 +09:00
oysteikt c671329b93 temmie/userweb: inject users from passwd into httpd sandbox 2026-06-07 05:28:24 +09:00
vegardbm e6a3d43493 modules/drumknotty: use correct screen window name for dibbler 2026-06-05 22:14:02 +02:00
oysteikt cafc95db8f bicep/mjolnir: use nodejs v22 2026-06-06 04:43:58 +09:00
oysteikt 2d6b09cb32 bikkje: label ports in firewall port list 2026-06-06 04:08:16 +09:00
oysteikt ce0af2f6e4 flake.nix: add app for building gitea workflows locally 2026-06-06 04:05:26 +09:00
oysteikt 88892115b5 base: enable autoScrub for all btrfs machine by default 2026-06-06 04:05:26 +09:00
oysteikt 8a290d30e7 modules/drumknotty: split into several parts 
This also fixes a few issues, such as enabling `createLocalDatabase` for
multiple programs, and wraps all the screen logic within a screenrc
file. Some assertions were also added to avoid some easy-to-make
mistakes.
 2026-06-05 14:21:35 +02:00
vegardbm 3197c6a5e3 attach with dibbler window selected 2026-06-05 14:21:35 +02:00
vegardbm f8dcaddefb use main branch for worblehat after merge 2026-06-05 14:21:28 +02:00
vegardbm 009d89f959 set default settings for worblehat and dibbler 2026-06-05 14:09:06 +02:00