Alexander Tomokhov
|
013bd9b8e2
|
sp-nixos: split script into ExecStartPre && ExecStart
|
2023-12-28 13:20:49 +04:00 |
|
Alexander Tomokhov
|
15f5d6096d
|
sp-modules: refactor options types
|
2023-12-28 13:19:47 +04:00 |
|
Alexander Tomokhov
|
a32613ece4
|
nixos-upgrade.serviceConfig.ExecCondition on /etc/nixos changes
|
2023-12-28 13:19:47 +04:00 |
|
Alexander Tomokhov
|
0c895e4015
|
module: set to false: restartIfChanged and unitConfig.X-StopOnRemoval
|
2023-12-28 11:07:18 +04:00 |
|
Alexander Tomokhov
|
08aa0b9ffc
|
systemd.services.nixos-upgrade.serviceConfig.WorkingDirectory
|
2023-12-28 10:57:45 +04:00 |
|
Alexander Tomokhov
|
be45d3ed52
|
systemd.services.nixos-upgrade.serviceConfig.ExecStartPre
|
2023-12-28 10:42:58 +04:00 |
|
Alexander Tomokhov
|
efc703bf0c
|
system services lock path:./sp-modules without flake.lock; cd /etc/nixos
|
2023-12-28 04:38:24 +04:00 |
|
Alexander Tomokhov
|
cc78c2915f
|
remove channel option value from syustem.autoUpgrade
|
2023-12-28 02:07:46 +04:00 |
|
Alexander Tomokhov
|
fe44ba6fd8
|
fix nextcloud: fail if secrets are missing
|
2023-12-27 15:05:23 +04:00 |
|
Alexander Tomokhov
|
77619456d7
|
/etc/nixos#sp-nixos => /etc/nixos#default
|
2023-12-27 14:02:27 +04:00 |
|
Alexander Tomokhov
|
f94d0aef03
|
flake.lock: Update
Flake lock file updates:
• Updated input 'selfprivacy-api':
'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=400be88738fd6c8d18bcc439a81ee208b49bc749' (2023-12-22)
→ 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=7883063dca4d946c0955faafd78642224d4a9be8' (2023-12-27)
|
2023-12-27 13:37:55 +04:00 |
|
Alexander Tomokhov
|
23332cda46
|
add TODO about environment.variables.DOMAIN
|
2023-12-27 12:54:10 +04:00 |
|
Alexander Tomokhov
|
85f85239a3
|
do not set nix.package
|
2023-12-27 11:37:59 +04:00 |
|
Alexander Tomokhov
|
33ba5c41ac
|
API systemd service Type is simple
|
2023-12-22 23:52:03 +04:00 |
|
Alexander Tomokhov
|
5bd15a768a
|
system.stateVersion: default or config.selfprivacy.stateVersion
|
2023-12-22 23:04:03 +04:00 |
|
Alexander Tomokhov
|
a185dd1e3e
|
selfprivacy-api: add debug for nixos-rebuild
|
2023-12-22 21:18:05 +04:00 |
|
Alexander Tomokhov
|
e6496b95a4
|
useACMEHost for all services
|
2023-12-22 21:18:05 +04:00 |
|
Alexander Tomokhov
|
5aba990f95
|
move system.stateVersion back to userdata
|
2023-12-22 19:33:24 +04:00 |
|
Alexander Tomokhov
|
05fe40ac21
|
fix ACME for DigitalOcean: add DNS propagation check exceptions
|
2023-12-22 19:08:53 +04:00 |
|
Alexander Tomokhov
|
19f30daf80
|
sp-modules: x-systemd.before=... for all mountpoints
|
2023-12-22 18:07:14 +04:00 |
|
Alexander Tomokhov
|
5f8cc727e0
|
ACME: CLOUDFLARE_POLLING_INTERVAL=30
As said in https://github.com/go-acme/lego/issues/2068.
|
2023-12-22 14:06:55 +04:00 |
|
Alexander Tomokhov
|
64fc2ae57e
|
mailserver: localDnsResolver = false
|
2023-12-21 15:13:21 +04:00 |
|
Alexander Tomokhov
|
66c0184a93
|
ACME: dnsPropagationCheck = true
|
2023-12-21 13:38:28 +04:00 |
|
Alexander Tomokhov
|
4c3072ade8
|
ACME: CLOUDFLARE_POLLING_INTERVAL=10
|
2023-12-21 13:08:34 +04:00 |
|
Alexander Tomokhov
|
0e62c9292b
|
dnsPropagationCheck = false explicitly for certs.${domain}
|
2023-12-21 12:15:28 +04:00 |
|
Alexander Tomokhov
|
5760a753af
|
ACME dnsPropagationCheck = false
|
2023-12-20 18:29:39 +04:00 |
|
Alexander Tomokhov
|
f2a951a71e
|
API module: systemd service Type = "oneshot"
|
2023-12-20 18:21:51 +04:00 |
|
Alexander Tomokhov
|
fd6e49a21a
|
ACME: do not disable DNS propagation check
|
2023-12-20 17:43:47 +04:00 |
|
Alexander Tomokhov
|
dcaf96c773
|
Revert "Revert "Revert "add wildcard ACME certificate"""
This reverts commit 4faf8e7dda .
|
2023-12-20 17:43:47 +04:00 |
|
Alexander Tomokhov
|
3a66da49e1
|
do not lib.mkForce acme.certs
|
2023-12-20 17:43:47 +04:00 |
|
Alexander Tomokhov
|
5cd12848cc
|
nix.channel.enable = false since we're on flakes
|
2023-12-20 17:43:46 +04:00 |
|
Alexander Tomokhov
|
4faf8e7dda
|
Revert "Revert "add wildcard ACME certificate""
This reverts commit 0c4d57c33d .
|
2023-12-20 16:59:57 +04:00 |
|
Alexander Tomokhov
|
c18f332f5f
|
Revert "use enableACME for all virtualHosts"
This reverts commit 46366702bc .
|
2023-12-19 23:46:42 +04:00 |
|
Alexander Tomokhov
|
46366702bc
|
use enableACME for all virtualHosts
|
2023-12-19 17:22:32 +04:00 |
|
Alexander Tomokhov
|
0c4d57c33d
|
Revert "add wildcard ACME certificate"
This reverts commit b37cadff68
(except pleroma virtualHosts).
|
2023-12-19 17:22:32 +04:00 |
|
Alexander Tomokhov
|
426e6f72c5
|
gitea: bind mount /var/lib/gitea
|
2023-12-19 17:22:32 +04:00 |
|
Alexander Tomokhov
|
eb59d33e1f
|
nginx: / location with root = "/var/www/root"
|
2023-12-19 17:22:31 +04:00 |
|
Alexander Tomokhov
|
b37cadff68
|
add wildcard ACME certificate
|
2023-12-19 01:52:27 +04:00 |
|
Inex Code
|
312077240a
|
fix(acme): add dns propagation check exceptions
|
2023-12-19 01:19:03 +04:00 |
|
Alexander Tomokhov
|
69f84cdc2b
|
bitwarden: "ConditionPathExists" instead of "after"
|
2023-12-19 01:19:03 +04:00 |
|
Alexander Tomokhov
|
0ad2ffc30e
|
api module: avoid simultaneous runs
|
2023-12-19 00:20:18 +04:00 |
|
Alexander Tomokhov
|
83a17063ac
|
explicit dependency between backup-vaultwarden and vaultwarden
|
2023-12-18 23:40:15 +04:00 |
|
Alexander Tomokhov
|
257b0c08e8
|
sp-modules: some startup fixes
|
2023-12-18 22:42:13 +04:00 |
|
Alexander Tomokhov
|
da5dac6877
|
sp-nixos-upgrade: update sp-modules/ own flake.lock
|
2023-12-18 22:30:24 +04:00 |
|
Alexander Tomokhov
|
3d7aa5e6de
|
fix selfprivacy-api build with new nixpkgs
|
2023-12-18 21:44:32 +04:00 |
|
Alexander Tomokhov
|
365f027326
|
move nginx exclusive virtualHosts to SP modules
|
2023-12-18 19:02:54 +04:00 |
|
Alexander Tomokhov
|
d881cc8ce5
|
upgrade nixpkgs to NixOS 23.11
|
2023-12-18 18:44:18 +04:00 |
|
Alexander Tomokhov
|
b7045a8198
|
upgrade nixpkgs to NixOS 23.05
|
2023-12-18 17:56:15 +04:00 |
|
Alexander Tomokhov
|
67c2b12c44
|
sp-modules: get rid of systemd.tmpfiles
Because it causes troubles when using bind-mounts for /var/lib/*.
|
2023-12-18 16:30:40 +04:00 |
|
Alexander Tomokhov
|
83e8f6e8a1
|
get rid of files.nix; ACME/credentialsFile and other cleanup
|
2023-12-18 07:49:27 +04:00 |
|