Commit graph

340 commits

Author SHA1 Message Date
Alexander Tomokhov 013bd9b8e2 sp-nixos: split script into ExecStartPre && ExecStart 2023-12-28 13:20:49 +04:00
Alexander Tomokhov 15f5d6096d sp-modules: refactor options types 2023-12-28 13:19:47 +04:00
Alexander Tomokhov a32613ece4 nixos-upgrade.serviceConfig.ExecCondition on /etc/nixos changes 2023-12-28 13:19:47 +04:00
Alexander Tomokhov 0c895e4015 module: set to false: restartIfChanged and unitConfig.X-StopOnRemoval 2023-12-28 11:07:18 +04:00
Alexander Tomokhov 08aa0b9ffc systemd.services.nixos-upgrade.serviceConfig.WorkingDirectory 2023-12-28 10:57:45 +04:00
Alexander Tomokhov be45d3ed52 systemd.services.nixos-upgrade.serviceConfig.ExecStartPre 2023-12-28 10:42:58 +04:00
Alexander Tomokhov efc703bf0c system services lock path:./sp-modules without flake.lock; cd /etc/nixos 2023-12-28 04:38:24 +04:00
Alexander Tomokhov cc78c2915f remove channel option value from syustem.autoUpgrade 2023-12-28 02:07:46 +04:00
Alexander Tomokhov fe44ba6fd8 fix nextcloud: fail if secrets are missing 2023-12-27 15:05:23 +04:00
Alexander Tomokhov 77619456d7 /etc/nixos#sp-nixos => /etc/nixos#default 2023-12-27 14:02:27 +04:00
Alexander Tomokhov f94d0aef03 flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=400be88738fd6c8d18bcc439a81ee208b49bc749' (2023-12-22)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=7883063dca4d946c0955faafd78642224d4a9be8' (2023-12-27)
2023-12-27 13:37:55 +04:00
Alexander Tomokhov 23332cda46 add TODO about environment.variables.DOMAIN 2023-12-27 12:54:10 +04:00
Alexander Tomokhov 85f85239a3 do not set nix.package 2023-12-27 11:37:59 +04:00
Alexander Tomokhov 33ba5c41ac API systemd service Type is simple 2023-12-22 23:52:03 +04:00
Alexander Tomokhov 5bd15a768a system.stateVersion: default or config.selfprivacy.stateVersion 2023-12-22 23:04:03 +04:00
Alexander Tomokhov a185dd1e3e selfprivacy-api: add debug for nixos-rebuild 2023-12-22 21:18:05 +04:00
Alexander Tomokhov e6496b95a4 useACMEHost for all services 2023-12-22 21:18:05 +04:00
Alexander Tomokhov 5aba990f95 move system.stateVersion back to userdata 2023-12-22 19:33:24 +04:00
Alexander Tomokhov 05fe40ac21 fix ACME for DigitalOcean: add DNS propagation check exceptions 2023-12-22 19:08:53 +04:00
Alexander Tomokhov 19f30daf80 sp-modules: x-systemd.before=... for all mountpoints 2023-12-22 18:07:14 +04:00
Alexander Tomokhov 5f8cc727e0 ACME: CLOUDFLARE_POLLING_INTERVAL=30
As said in https://github.com/go-acme/lego/issues/2068.
2023-12-22 14:06:55 +04:00
Alexander Tomokhov 64fc2ae57e mailserver: localDnsResolver = false 2023-12-21 15:13:21 +04:00
Alexander Tomokhov 66c0184a93 ACME: dnsPropagationCheck = true 2023-12-21 13:38:28 +04:00
Alexander Tomokhov 4c3072ade8 ACME: CLOUDFLARE_POLLING_INTERVAL=10 2023-12-21 13:08:34 +04:00
Alexander Tomokhov 0e62c9292b dnsPropagationCheck = false explicitly for certs.${domain} 2023-12-21 12:15:28 +04:00
Alexander Tomokhov 5760a753af ACME dnsPropagationCheck = false 2023-12-20 18:29:39 +04:00
Alexander Tomokhov f2a951a71e API module: systemd service Type = "oneshot" 2023-12-20 18:21:51 +04:00
Alexander Tomokhov fd6e49a21a ACME: do not disable DNS propagation check 2023-12-20 17:43:47 +04:00
Alexander Tomokhov dcaf96c773 Revert "Revert "Revert "add wildcard ACME certificate"""
This reverts commit 4faf8e7dda.
2023-12-20 17:43:47 +04:00
Alexander Tomokhov 3a66da49e1 do not lib.mkForce acme.certs 2023-12-20 17:43:47 +04:00
Alexander Tomokhov 5cd12848cc nix.channel.enable = false since we're on flakes 2023-12-20 17:43:46 +04:00
Alexander Tomokhov 4faf8e7dda Revert "Revert "add wildcard ACME certificate""
This reverts commit 0c4d57c33d.
2023-12-20 16:59:57 +04:00
Alexander Tomokhov c18f332f5f Revert "use enableACME for all virtualHosts"
This reverts commit 46366702bc.
2023-12-19 23:46:42 +04:00
Alexander Tomokhov 46366702bc use enableACME for all virtualHosts 2023-12-19 17:22:32 +04:00
Alexander Tomokhov 0c4d57c33d Revert "add wildcard ACME certificate"
This reverts commit b37cadff68
(except pleroma virtualHosts).
2023-12-19 17:22:32 +04:00
Alexander Tomokhov 426e6f72c5 gitea: bind mount /var/lib/gitea 2023-12-19 17:22:32 +04:00
Alexander Tomokhov eb59d33e1f nginx: / location with root = "/var/www/root" 2023-12-19 17:22:31 +04:00
Alexander Tomokhov b37cadff68 add wildcard ACME certificate 2023-12-19 01:52:27 +04:00
Inex Code 312077240a fix(acme): add dns propagation check exceptions 2023-12-19 01:19:03 +04:00
Alexander Tomokhov 69f84cdc2b bitwarden: "ConditionPathExists" instead of "after" 2023-12-19 01:19:03 +04:00
Alexander Tomokhov 0ad2ffc30e api module: avoid simultaneous runs 2023-12-19 00:20:18 +04:00
Alexander Tomokhov 83a17063ac explicit dependency between backup-vaultwarden and vaultwarden 2023-12-18 23:40:15 +04:00
Alexander Tomokhov 257b0c08e8 sp-modules: some startup fixes 2023-12-18 22:42:13 +04:00
Alexander Tomokhov da5dac6877 sp-nixos-upgrade: update sp-modules/ own flake.lock 2023-12-18 22:30:24 +04:00
Alexander Tomokhov 3d7aa5e6de fix selfprivacy-api build with new nixpkgs 2023-12-18 21:44:32 +04:00
Alexander Tomokhov 365f027326 move nginx exclusive virtualHosts to SP modules 2023-12-18 19:02:54 +04:00
Alexander Tomokhov d881cc8ce5 upgrade nixpkgs to NixOS 23.11 2023-12-18 18:44:18 +04:00
Alexander Tomokhov b7045a8198 upgrade nixpkgs to NixOS 23.05 2023-12-18 17:56:15 +04:00
Alexander Tomokhov 67c2b12c44 sp-modules: get rid of systemd.tmpfiles
Because it causes troubles when using bind-mounts for /var/lib/*.
2023-12-18 16:30:40 +04:00
Alexander Tomokhov 83e8f6e8a1 get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-18 07:49:27 +04:00