Commit graph

249 commits

Author SHA1 Message Date
Alexander Tomokhov 3311c5ff50 readme: small additions 2024-01-11 00:03:01 +04:00
Alexander Tomokhov 6b66513870 readme: how to update inputs of this flake 2024-01-10 07:13:17 +04:00
Alexander Tomokhov 1a677f273b fix nextcloud auth page redirection 2024-01-10 01:49:51 +04:00
Inex Code c0af154421 Update SP API version 2023-12-31 19:22:33 +03:00
Inex Code f287e68f2b fix setuptools version 2023-12-28 22:26:53 +03:00
Inex Code f1e789c7af Update SP API version 2023-12-28 22:25:16 +03:00
Alexander Tomokhov 3d8de64da0 selfprivacy-api git branch: userdata => flakes 2023-12-28 20:52:51 +04:00
Alexander Tomokhov 1e73c88547 uppercase config.selfprivacy.server.provider 2023-12-28 20:05:33 +04:00
Alexander Tomokhov 51f3f12640 system.autoUpgrade: no verbosity of nixos-rebuild 2023-12-28 13:28:46 +04:00
Alexander Tomokhov 013bd9b8e2 sp-nixos: split script into ExecStartPre && ExecStart 2023-12-28 13:20:49 +04:00
Alexander Tomokhov 15f5d6096d sp-modules: refactor options types 2023-12-28 13:19:47 +04:00
Alexander Tomokhov a32613ece4 nixos-upgrade.serviceConfig.ExecCondition on /etc/nixos changes 2023-12-28 13:19:47 +04:00
Alexander Tomokhov 0c895e4015 module: set to false: restartIfChanged and unitConfig.X-StopOnRemoval 2023-12-28 11:07:18 +04:00
Alexander Tomokhov 08aa0b9ffc systemd.services.nixos-upgrade.serviceConfig.WorkingDirectory 2023-12-28 10:57:45 +04:00
Alexander Tomokhov be45d3ed52 systemd.services.nixos-upgrade.serviceConfig.ExecStartPre 2023-12-28 10:42:58 +04:00
Alexander Tomokhov efc703bf0c system services lock path:./sp-modules without flake.lock; cd /etc/nixos 2023-12-28 04:38:24 +04:00
Alexander Tomokhov cc78c2915f remove channel option value from syustem.autoUpgrade 2023-12-28 02:07:46 +04:00
Alexander Tomokhov fe44ba6fd8 fix nextcloud: fail if secrets are missing 2023-12-27 15:05:23 +04:00
Alexander Tomokhov 77619456d7 /etc/nixos#sp-nixos => /etc/nixos#default 2023-12-27 14:02:27 +04:00
Alexander Tomokhov f94d0aef03 flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=400be88738fd6c8d18bcc439a81ee208b49bc749' (2023-12-22)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=7883063dca4d946c0955faafd78642224d4a9be8' (2023-12-27)
2023-12-27 13:37:55 +04:00
Alexander Tomokhov 23332cda46 add TODO about environment.variables.DOMAIN 2023-12-27 12:54:10 +04:00
Alexander Tomokhov 85f85239a3 do not set nix.package 2023-12-27 11:37:59 +04:00
Alexander Tomokhov 33ba5c41ac API systemd service Type is simple 2023-12-22 23:52:03 +04:00
Alexander Tomokhov 5bd15a768a system.stateVersion: default or config.selfprivacy.stateVersion 2023-12-22 23:04:03 +04:00
Alexander Tomokhov a185dd1e3e selfprivacy-api: add debug for nixos-rebuild 2023-12-22 21:18:05 +04:00
Alexander Tomokhov e6496b95a4 useACMEHost for all services 2023-12-22 21:18:05 +04:00
Alexander Tomokhov 5aba990f95 move system.stateVersion back to userdata 2023-12-22 19:33:24 +04:00
Alexander Tomokhov 05fe40ac21 fix ACME for DigitalOcean: add DNS propagation check exceptions 2023-12-22 19:08:53 +04:00
Alexander Tomokhov 19f30daf80 sp-modules: x-systemd.before=... for all mountpoints 2023-12-22 18:07:14 +04:00
Alexander Tomokhov 5f8cc727e0 ACME: CLOUDFLARE_POLLING_INTERVAL=30
As said in https://github.com/go-acme/lego/issues/2068.
2023-12-22 14:06:55 +04:00
Alexander Tomokhov 64fc2ae57e mailserver: localDnsResolver = false 2023-12-21 15:13:21 +04:00
Alexander Tomokhov 66c0184a93 ACME: dnsPropagationCheck = true 2023-12-21 13:38:28 +04:00
Alexander Tomokhov 4c3072ade8 ACME: CLOUDFLARE_POLLING_INTERVAL=10 2023-12-21 13:08:34 +04:00
Alexander Tomokhov 0e62c9292b dnsPropagationCheck = false explicitly for certs.${domain} 2023-12-21 12:15:28 +04:00
Alexander Tomokhov 5760a753af ACME dnsPropagationCheck = false 2023-12-20 18:29:39 +04:00
Alexander Tomokhov f2a951a71e API module: systemd service Type = "oneshot" 2023-12-20 18:21:51 +04:00
Alexander Tomokhov fd6e49a21a ACME: do not disable DNS propagation check 2023-12-20 17:43:47 +04:00
Alexander Tomokhov dcaf96c773 Revert "Revert "Revert "add wildcard ACME certificate"""
This reverts commit 4faf8e7dda.
2023-12-20 17:43:47 +04:00
Alexander Tomokhov 3a66da49e1 do not lib.mkForce acme.certs 2023-12-20 17:43:47 +04:00
Alexander Tomokhov 5cd12848cc nix.channel.enable = false since we're on flakes 2023-12-20 17:43:46 +04:00
Alexander Tomokhov 4faf8e7dda Revert "Revert "add wildcard ACME certificate""
This reverts commit 0c4d57c33d.
2023-12-20 16:59:57 +04:00
Alexander Tomokhov c18f332f5f Revert "use enableACME for all virtualHosts"
This reverts commit 46366702bc.
2023-12-19 23:46:42 +04:00
Alexander Tomokhov 46366702bc use enableACME for all virtualHosts 2023-12-19 17:22:32 +04:00
Alexander Tomokhov 0c4d57c33d Revert "add wildcard ACME certificate"
This reverts commit b37cadff68
(except pleroma virtualHosts).
2023-12-19 17:22:32 +04:00
Alexander Tomokhov 426e6f72c5 gitea: bind mount /var/lib/gitea 2023-12-19 17:22:32 +04:00
Alexander Tomokhov eb59d33e1f nginx: / location with root = "/var/www/root" 2023-12-19 17:22:31 +04:00
Alexander Tomokhov b37cadff68 add wildcard ACME certificate 2023-12-19 01:52:27 +04:00
Inex Code 312077240a fix(acme): add dns propagation check exceptions 2023-12-19 01:19:03 +04:00
Alexander Tomokhov 69f84cdc2b bitwarden: "ConditionPathExists" instead of "after" 2023-12-19 01:19:03 +04:00
Alexander Tomokhov 0ad2ffc30e api module: avoid simultaneous runs 2023-12-19 00:20:18 +04:00