7230de5aa9
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/a9eedea7232f5d00f0aca7267efb69a54da1b8a1' (2023-01-03)
→ 'github:nixos/nixpkgs/0874168639713f547c05947c76124f78441ea46c' (2023-01-01)
• Updated input 'nvfetcher':
'github:berberman/nvfetcher/294826951113dcd3aa9abbcacfb1aa5b95a19116' (2022-11-05)
→ 'github:berberman/nvfetcher/0a9ac5fd07b52467d81163b1f8c94c12e5c9aff9' (2023-01-06)
• Updated input 'nvfetcher/flake-compat':
'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
→ 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'nvfetcher/flake-utils':
'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29)
→ 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/b35586cc5abacd4eba9ead138b53e2a60920f781' (2023-01-01)
→ 'github:Mic92/sops-nix/2253120d2a6147e57bafb5c689e086221df8032f' (2023-01-08)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/feda52be1d59f13b9aa02f064b4f14784b9a06c8' (2022-12-31)
→ 'github:NixOS/nixpkgs/9f11a2df77cb945c115ae2a65f53f38121597d73' (2023-01-07)
2023-01-11 02:09:58 +00:00
c355b1746e
config: Make changes suggested post 22.11 update
2023-01-11 02:00:33 +00:00
64444a106d
firewall: Open Minecraft ports for port forwarding
2023-01-11 02:00:13 +00:00
4905a492af
gitea: Update configuration for 22.11
2023-01-11 01:59:54 +00:00
1053dc93d2
flake.nix: Build the VM using nix build
2023-01-11 01:59:45 +00:00
421ace39f0
keys/staging: Add a few missing keys that made the vm break
2023-01-11 01:59:04 +00:00
194cfbc5e4
matrix-conduit: Stop using the version from unstable
2023-01-11 01:58:56 +00:00
784d186567
WIP: nextcloud: Update the service and apps for 22.11
2023-01-11 01:57:24 +00:00
fbc412b8a6
flake.lock: Update
...
Flake lock file updates:
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/41f15759dd8b638e7b4f299730d94d5aa46ab7eb' (2022-08-05)
→ 'github:serokell/deploy-rs/a5619f5660a00f58c2b7c16d89058e92327ac9b8' (2022-12-29)
• Updated input 'deploy-rs/flake-compat':
'github:edolstra/flake-compat/64a525ee38886ab9028e6f61790de0832aa3ef03' (2022-03-25)
→ 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'deploy-rs/nixpkgs':
'github:NixOS/nixpkgs/30d3d79b7d3607d56546dd2a6b49e156ba0ec634' (2022-03-25)
→ 'github:NixOS/nixpkgs/bb31220cca6d044baa6dc2715b07497a2a7c4bc7' (2022-12-19)
• Updated input 'deploy-rs/utils':
'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26)
→ 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/1404483f4531560aad73bdebae4096881c910ac0' (2022-11-04)
→ 'github:nixos/nixpkgs/a9eedea7232f5d00f0aca7267efb69a54da1b8a1' (2023-01-03)
• Updated input 'nixpkgs-unstable':
'github:NixOS/nixpkgs/1dd8696f96db47156e1424a49578fe7dd4ce99a4' (2022-11-05)
→ 'github:NixOS/nixpkgs/298add347c2bbce14020fcb54051f517c391196b' (2023-01-03)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/486b4455da16272c1ed31bc82adcdbe7af829465' (2022-11-02)
→ 'github:Mic92/sops-nix/b35586cc5abacd4eba9ead138b53e2a60920f781' (2023-01-01)
• Removed input 'sops-nix/nixpkgs-22_05'
• Added input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/feda52be1d59f13b9aa02f064b4f14784b9a06c8' (2022-12-31)
• Updated input 'tlaternet-webserver':
'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=master&rev=5d037f9122e68aaa5db62d04810bf0c5e1e4325e ' (2022-10-14)
→ 'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=b2894e4fefbdc1c9964ab47c931497a417562d8a ' (2023-01-05)
• Updated input 'tlaternet-webserver/dream2nix':
'github:nix-community/dream2nix/25be741ec92c77b8308ca6a7ab89593fe37b6542' (2022-09-16)
→ 'github:nix-community/dream2nix/9f6911c78dcb0832f7fcc955e847db1a5a9ce29a' (2023-01-02)
• Added input 'tlaternet-webserver/dream2nix/all-cabal-json':
'github:nix-community/all-cabal-json/d7c0434eebffb305071404edcf9d5cd99703878e' (2022-10-12)
• Updated input 'tlaternet-webserver/dream2nix/crane':
'github:ipetkov/crane/d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24' (2022-08-30)
→ 'github:ipetkov/crane/59b31b41a589c0a65e4a1f86b0e5eac68081468b' (2022-12-13)
• Updated input 'tlaternet-webserver/dream2nix/devshell':
'github:numtide/devshell/fc7a3e3adde9bbcab68af6d1e3c6eb738e296a92' (2022-05-30)
→ 'github:numtide/devshell/e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66' (2022-09-17)
• Added input 'tlaternet-webserver/dream2nix/flake-parts':
'github:hercules-ci/flake-parts/d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa' (2022-11-14)
• Added input 'tlaternet-webserver/dream2nix/flake-parts/nixpkgs-lib':
'github:NixOS/nixpkgs/34c5293a71ffdb2fe054eb5288adc1882c1eb0b1?dir=lib' (2022-10-09)
• Added input 'tlaternet-webserver/dream2nix/ghc-utils':
'git+https://gitlab.haskell.org/bgamari/ghc-utils?ref=refs%2fheads%2fmaster&rev=bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea ' (2022-09-10)
• Added input 'tlaternet-webserver/dream2nix/nix-pypi-fetcher':
'github:DavHau/nix-pypi-fetcher/a9885ac6a091576b5195d547ac743d45a2a615ac' (2022-11-21)
• Updated input 'tlaternet-webserver/dream2nix/nixpkgs':
'github:NixOS/nixpkgs/d80993b5f885515254746ba6d1917276ee386149' (2022-07-12)
→ 'github:NixOS/nixpkgs/f634d427b0224a5f531ea5aa10c3960ba6ec5f0f' (2022-10-12)
• Updated input 'tlaternet-webserver/dream2nix/poetry2nix':
'github:nix-community/poetry2nix/aee8f04296c39d88155e05d25cfc59dfdd41cc77' (2021-09-30)
→ 'github:nix-community/poetry2nix/289efb187123656a116b915206e66852f038720e' (2022-10-28)
• Updated input 'tlaternet-webserver/fenix':
'github:nix-community/fenix/263cd7f991c07a9592a6e825bfc37b23b00eb244' (2022-09-17)
→ 'github:nix-community/fenix/eb6583fcd626051c4d284f2fb51cd2659a43e7f6' (2023-01-04)
• Updated input 'tlaternet-webserver/fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/2e9f1204ca01c3e20898d4a67c8b84899d394a88' (2022-09-11)
→ 'github:rust-lang/rust-analyzer/a97c71f92d574cb5104e3e1246eb9038d1a214a2' (2023-01-03)
2023-01-05 02:20:26 +00:00
Tristan Daniël Maat
7a2b862235
keys: Remove obsolete key file
2022-11-05 22:27:31 +00:00
Tristan Daniël Maat
a28d385b17
conduit: Enable TURNS with a ZeroSSL-provided certificate
2022-11-05 22:26:52 +00:00
Tristan Daniël Maat
997707021b
config: Enable authorization through ssh agent
...
This enables sudo-via-yubikey and therefore makes `-t` obsolete, in
turn fixing a whole sleuth of issues with deploy-rs.
*And* seems more secure and convenient at the same time.
2022-11-05 18:01:07 +00:00
Tristan Daniël Maat
0528f73187
nginx: Remove mitigation for openssl CVE
...
This has been fixed, instead we just update to the latest openssl.
2022-11-05 17:33:28 +00:00
Tristan Daniël Maat
4d5eaf34be
Update inputs
2022-11-05 17:31:58 +00:00
Tristan Daniël Maat
85a989d3c8
nvfetcher: Don't allow fetching rc versions of nextcloud cookbook
2022-11-05 17:31:24 +00:00
Tristan Daniël Maat
598c439002
conduit: Disable turns, remove the user limits and add all relay IPs
2022-11-05 17:10:39 +00:00
Tristan Daniël Maat
ea06138a9b
flake.nix: Add packages for utility scripts to enable nix build
2022-11-05 16:00:50 +00:00
Tristan Daniël Maat
2304711359
config: Mitigate upcoming SSL CVE
...
See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
As 1.1 is unaffected, this override should be sufficient to evade this
problem.
2022-10-31 16:07:41 +00:00
Tristan Daniël Maat
73023b817d
conduit: Use dependencies from stable
...
Partially to circumvent the upcoming openssl CVE, partially to reduce
the number of dependencies.
2022-10-31 16:06:31 +00:00
Tristan Daniël Maat
b3e8b0e85c
default.nix: Turn on minimal profile
2022-10-30 18:26:45 +00:00
Tristan Daniël Maat
5c89aa5b83
Update
2022-10-30 17:13:15 +00:00
Tristan Daniël Maat
c72953e1ef
matrix: Add coturn support for calls
2022-10-29 01:39:09 +01:00
7fb5aac33e
nextcloud: Fix nextcloud app download links
2022-10-23 23:45:44 +01:00
c56de6cf7e
conduit: Add new conduit service
2022-10-22 21:22:55 +01:00
3e13b575b0
flake.nix: Clean up devshell
2022-10-22 20:01:56 +01:00
bec05bafb1
README.md: Update to new and improved flake mechanisms
2022-10-17 14:29:56 +01:00
59a44261b8
flake.nix: Move vm out of nixosConfigurations so that checks work
2022-10-17 14:23:52 +01:00
61d3008bc3
nextcloud: Fetch apps using nvfetcher
2022-10-17 11:00:02 +01:00
c4fa991b62
treewide: Add fail2ban
2022-10-14 06:27:11 +01:00
325e8a0ea1
flake.nix: Add deploy-rs for deployment management
2022-10-14 05:59:59 +01:00
1ddf23bd01
nextcloud: Update nextcloud version
2022-10-14 05:58:18 +01:00
78ecfd63a1
starbound: Fix post-update issues
2022-10-14 05:58:15 +01:00
e8b16459d9
treewide: Refactor in order to clean up flake.nix
2022-10-14 05:58:13 +01:00
068e6d5d77
webserver: Use a hardened systemd unit instead of a container
2022-10-14 05:58:11 +01:00
b6594cea54
gitea: Use a hardened systemd unit instead of a container
2022-10-14 05:58:08 +01:00
3cedb9f978
nextcloud: Use a hardened systemd unit instead of a container
2022-10-14 05:58:05 +01:00
6a81ce4c1d
sops: Improve secrets provisioning to split out staging
2022-10-12 23:22:50 +01:00
ab3aa19481
treewide: Perform another nitpicking sweep
2022-10-12 23:22:42 +01:00
dea9032530
flake.nix: Add app to start VM through nix run
2022-10-12 13:16:46 +01:00
e512e73b5e
flake.nix: Clean up and refactor
2022-10-12 13:12:28 +01:00
7095ab2631
treewide: Remove minecraft server
...
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.
Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
046a88905d
treewide: Reformat project with alejandra
2022-10-10 13:03:18 +01:00
58e52dd119
ssh: Allow proxy connections with gatewayPorts
2022-10-10 13:01:26 +01:00
ed74cfa576
starbound: Fix permissions for a syscall steamcmd needs
2022-04-23 09:31:21 +01:00
cd92ec64c2
Add starbound server
2022-04-23 08:47:13 +01:00
e7102adec1
Add sops-nix
2022-04-23 08:47:07 +01:00
73988df2a6
flake.lock: Update
...
Flake lock file changes:
• Updated input 'flake-utils':
'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07)
→ 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/9886a06e4745edb31587d0e9481ad82d35f0d593' (2022-02-04)
→ 'github:nixos/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/521e4d7d13b09bc0a21976b9d19abd197d4e3b1e' (2022-02-07)
→ 'github:nixos/nixpkgs/9887f024766aa27704d1f89f623efd1d063da92a' (2022-04-21)
2022-04-21 18:21:53 +01:00
34235a2041
flake: Fix python language server version
2022-04-21 18:20:06 +01:00
1721785d1c
Update forge server sha
2022-02-10 22:54:30 +00:00
4ef17ed1a2
flake.lock: Update
...
Flake lock file changes:
• Updated input 'flake-utils':
'github:numtide/flake-utils/74f7e4319258e287b0f9cb95426c9853b282730b' (2021-11-28)
→ 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/2a7063461c3751d83869a2a0a8ebc59e34bec5b2' (2021-12-11)
→ 'github:nixos/nixos-hardware/9886a06e4745edb31587d0e9481ad82d35f0d593' (2022-02-04)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/573095944e7c1d58d30fc679c81af63668b54056' (2021-12-10)
→ 'github:nixos/nixpkgs/521e4d7d13b09bc0a21976b9d19abd197d4e3b1e' (2022-02-07)
2022-02-10 22:17:37 +00:00
