Commit graph

357 commits

Author SHA1 Message Date
Alexander Tomokhov 46366702bc use enableACME for all virtualHosts 2023-12-19 17:22:32 +04:00
Alexander Tomokhov 0c4d57c33d Revert "add wildcard ACME certificate"
This reverts commit b37cadff68
(except pleroma virtualHosts).
2023-12-19 17:22:32 +04:00
Alexander Tomokhov 426e6f72c5 gitea: bind mount /var/lib/gitea 2023-12-19 17:22:32 +04:00
Alexander Tomokhov eb59d33e1f nginx: / location with root = "/var/www/root" 2023-12-19 17:22:31 +04:00
Alexander Tomokhov b37cadff68 add wildcard ACME certificate 2023-12-19 01:52:27 +04:00
Inex Code 312077240a fix(acme): add dns propagation check exceptions 2023-12-19 01:19:03 +04:00
Alexander Tomokhov 69f84cdc2b bitwarden: "ConditionPathExists" instead of "after" 2023-12-19 01:19:03 +04:00
Alexander Tomokhov 0ad2ffc30e api module: avoid simultaneous runs 2023-12-19 00:20:18 +04:00
Alexander Tomokhov 83a17063ac explicit dependency between backup-vaultwarden and vaultwarden 2023-12-18 23:40:15 +04:00
Alexander Tomokhov 257b0c08e8 sp-modules: some startup fixes 2023-12-18 22:42:13 +04:00
Alexander Tomokhov da5dac6877 sp-nixos-upgrade: update sp-modules/ own flake.lock 2023-12-18 22:30:24 +04:00
Alexander Tomokhov 3d7aa5e6de fix selfprivacy-api build with new nixpkgs 2023-12-18 21:44:32 +04:00
Alexander Tomokhov 365f027326 move nginx exclusive virtualHosts to SP modules 2023-12-18 19:02:54 +04:00
Alexander Tomokhov d881cc8ce5 upgrade nixpkgs to NixOS 23.11 2023-12-18 18:44:18 +04:00
Alexander Tomokhov b7045a8198 upgrade nixpkgs to NixOS 23.05 2023-12-18 17:56:15 +04:00
Alexander Tomokhov 67c2b12c44 sp-modules: get rid of systemd.tmpfiles
Because it causes troubles when using bind-mounts for /var/lib/*.
2023-12-18 16:30:40 +04:00
Alexander Tomokhov 83e8f6e8a1 get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-18 07:49:27 +04:00
Alexander Tomokhov 7f6c48f978 gitea: RequiresMountsFor and ConditionPathIsMountPoint @ /var/lib/gitea 2023-12-12 20:50:09 +04:00
Alexander Tomokhov a797b856fc flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=dc230e2e898a510bfdc52e57d829996df02f26b5' (2023-12-12)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=2bdb73d348d1a8b85a71aa480ab1c08fafb2c9ba' (2023-12-12)
2023-12-12 16:30:22 +04:00
Alexander Tomokhov d1711ea9c3 selfprivacy-api: sp-nixos-rebuild with sp-modules relocking 2023-12-12 14:15:06 +04:00
Alexander Tomokhov defaca8793 clean configuration; simple-nixos-mailserver is an ordinary SP module 2023-12-12 08:25:10 +04:00
Alexander Tomokhov 25bd151ef3 use lower case for config.selfprivacy.server.provider 2023-12-11 21:58:12 +04:00
Alexander Tomokhov 519ebbcb69 get rid of system argument; do not set nixpkgs.hostPlatform 2023-12-05 07:36:26 +04:00
Alexander Tomokhov 4c4aef5363 get system.stateVersion from "deployment" argument 2023-12-05 04:51:37 +04:00
Alexander Tomokhov 9dde55159b update selfprivacy-api 2023-12-05 01:56:49 +04:00
Alexander Tomokhov 6cd002ae1d remove restic SP module 2023-12-05 01:56:13 +04:00
Alexander Tomokhov c052f9172a move gitea to SP module 2023-12-04 15:59:22 +04:00
Alexander Tomokhov 054d6d9182 move jitsi-meet to SP module 2023-12-04 15:50:00 +04:00
Alexander Tomokhov 3f573e3dc3 activationScripts: rewrite /etc/nixos with configuration source 2023-12-04 15:25:01 +04:00
Alexander Tomokhov c63b6b808c acme: RestartSec = 15 * 60 2023-12-04 14:33:43 +04:00
Alexander Tomokhov c0aa73ca1b move bitwarden to SP module 2023-12-04 14:33:43 +04:00
Alexander Tomokhov ade4dc08b1 sp-modules: use jq exit status code 2023-12-03 10:37:37 +04:00
Alexander Tomokhov 4716b9bf19 move restic to SP module 2023-12-03 10:05:51 +04:00
Alexander Tomokhov c7419b3255 move pleroma to SP module 2023-12-03 09:46:36 +04:00
Alexander Tomokhov b458458c30 move ocserv to SP module 2023-12-03 09:46:36 +04:00
Alexander Tomokhov 4cbe63ac64 flake: abort on missing configPathsNeeded with message 2023-12-01 08:32:31 +04:00
Alexander Tomokhov 600d8f427d mailserver: set users.groups.acmereceivers.members 2023-11-29 08:28:19 +04:00
Alexander Tomokhov b6cd5846f2 users.groups: acmerecievers => acmereceivers 2023-11-29 08:25:24 +04:00
Alexander Tomokhov 1a5a4be306 nextcloud: fix secrets extraction 2023-11-29 08:19:04 +04:00
Alexander Tomokhov 364a5c8076 mailserver: adapt to deprecated and new types of certificateScheme 2023-11-26 09:39:47 +04:00
Alexander Tomokhov a224731dcf nextcloud: write passwords using install 2023-11-26 09:39:47 +04:00
Alexander Tomokhov e814157437 fix config attributes contrain for function imports 2023-11-26 08:56:48 +04:00
Alexander Tomokhov 0db1c4a6ce downgrade simple-nixos-mailserver to 6d0d9fb9 2023-11-26 04:28:36 +04:00
Alexander Tomokhov a98dafc98c fix nextcloud (case when enabled)
Previously, second mkIf for cleanup case took precedence when merge with
`//`. Now it's 2 modules: one for selfprivacy.modules.nextcloud.enable
== true, another for selfprivacy.modules.nextcloud.enable == false.
2023-11-26 03:11:29 +04:00
Alexander Tomokhov 3138260605 flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=8791462f87c4a134f5ccb7099a814892c110d43b' (2023-11-23)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=75f4e8d40eff59debcd5eb96e64e2e7c3db75e7f' (2023-11-23)
2023-11-23 21:33:35 +04:00
Alexander Tomokhov 1bf7190388 flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=8ccec537401b51583d89f59790953ad32534563a' (2023-11-23)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=8791462f87c4a134f5ccb7099a814892c110d43b' (2023-11-23)
2023-11-23 21:20:35 +04:00
Alexander Tomokhov cc26a5e150 flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=9c18ab285cd2221a50950c796456929019f5fb2a' (2023-11-22)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=8ccec537401b51583d89f59790953ad32534563a' (2023-11-23)
2023-11-23 11:36:20 +04:00
Alexander Tomokhov 6ebcc35882 systemd.enableEmergencyMode = false; systemd.coredump.enable = false; 2023-11-23 11:09:49 +04:00
Alexander Tomokhov 985aff90d3 disable ssh passwordAuthentication by default 2023-11-23 11:08:59 +04:00
Alexander Tomokhov bd6b8a5e75 flake.lock: Update
Flake lock file updates:

• Updated input 'selfprivacy-api':
    'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=2bbc2be6b57f05a159db1f175e8fa84d67eac8da' (2023-11-22)
  → 'git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=userdata&rev=9c18ab285cd2221a50950c796456929019f5fb2a' (2023-11-22)
2023-11-23 03:00:25 +04:00