9de21390c6
WIP: matrix: Add heisenbridge
2023-02-26 05:59:56 +00:00
33ec32a8da
conduit: Update to 0.5.0
2023-02-26 05:59:54 +00:00
bb397841ee
refactoring: Use flake-inputs instead of awkwardly passing through
2023-02-26 05:59:09 +00:00
b7feffc52f
hardware-configuration: Update to new auto-generated settings
2023-01-11 02:38:58 +00:00
b7726af1c4
config: Make changes suggested post 22.11 update
2023-01-11 02:38:56 +00:00
957ab110c5
firewall: Open Minecraft ports for port forwarding
2023-01-11 02:38:53 +00:00
f6e39e09a5
gitea: Update configuration for 22.11
2023-01-11 02:38:50 +00:00
77ddb15f22
flake.nix: Build the VM using nix build
2023-01-11 02:38:47 +00:00
544bd0a721
keys/staging: Add a few missing keys that made the vm break
2023-01-11 02:38:45 +00:00
b798efb2c0
nextcloud: Update the service and apps for 22.11
2023-01-11 02:38:42 +00:00
411e075ef1
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/a9eedea7232f5d00f0aca7267efb69a54da1b8a1' (2023-01-03)
→ 'github:nixos/nixpkgs/54644f409ab471e87014bb305eac8c50190bcf48' (2023-01-10)
• Updated input 'nvfetcher':
'github:berberman/nvfetcher/294826951113dcd3aa9abbcacfb1aa5b95a19116' (2022-11-05)
→ 'github:berberman/nvfetcher/0a9ac5fd07b52467d81163b1f8c94c12e5c9aff9' (2023-01-06)
• Updated input 'nvfetcher/flake-compat':
'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
→ 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'nvfetcher/flake-utils':
'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29)
→ 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/b35586cc5abacd4eba9ead138b53e2a60920f781' (2023-01-01)
→ 'github:Mic92/sops-nix/2253120d2a6147e57bafb5c689e086221df8032f' (2023-01-08)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/feda52be1d59f13b9aa02f064b4f14784b9a06c8' (2022-12-31)
→ 'github:NixOS/nixpkgs/9f11a2df77cb945c115ae2a65f53f38121597d73' (2023-01-07)
2023-01-11 02:38:39 +00:00
19576ffb1e
matrix-conduit: Stop using the version from unstable
2023-01-11 02:21:39 +00:00
Tristan Daniël Maat
7a2b862235
keys: Remove obsolete key file
2022-11-05 22:27:31 +00:00
Tristan Daniël Maat
a28d385b17
conduit: Enable TURNS with a ZeroSSL-provided certificate
2022-11-05 22:26:52 +00:00
Tristan Daniël Maat
997707021b
config: Enable authorization through ssh agent
...
This enables sudo-via-yubikey and therefore makes `-t` obsolete, in
turn fixing a whole sleuth of issues with deploy-rs.
*And* seems more secure and convenient at the same time.
2022-11-05 18:01:07 +00:00
Tristan Daniël Maat
0528f73187
nginx: Remove mitigation for openssl CVE
...
This has been fixed, instead we just update to the latest openssl.
2022-11-05 17:33:28 +00:00
Tristan Daniël Maat
4d5eaf34be
Update inputs
2022-11-05 17:31:58 +00:00
Tristan Daniël Maat
85a989d3c8
nvfetcher: Don't allow fetching rc versions of nextcloud cookbook
2022-11-05 17:31:24 +00:00
Tristan Daniël Maat
598c439002
conduit: Disable turns, remove the user limits and add all relay IPs
2022-11-05 17:10:39 +00:00
Tristan Daniël Maat
ea06138a9b
flake.nix: Add packages for utility scripts to enable nix build
2022-11-05 16:00:50 +00:00
Tristan Daniël Maat
2304711359
config: Mitigate upcoming SSL CVE
...
See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
As 1.1 is unaffected, this override should be sufficient to evade this
problem.
2022-10-31 16:07:41 +00:00
Tristan Daniël Maat
73023b817d
conduit: Use dependencies from stable
...
Partially to circumvent the upcoming openssl CVE, partially to reduce
the number of dependencies.
2022-10-31 16:06:31 +00:00
Tristan Daniël Maat
b3e8b0e85c
default.nix: Turn on minimal profile
2022-10-30 18:26:45 +00:00
Tristan Daniël Maat
5c89aa5b83
Update
2022-10-30 17:13:15 +00:00
Tristan Daniël Maat
c72953e1ef
matrix: Add coturn support for calls
2022-10-29 01:39:09 +01:00
7fb5aac33e
nextcloud: Fix nextcloud app download links
2022-10-23 23:45:44 +01:00
c56de6cf7e
conduit: Add new conduit service
2022-10-22 21:22:55 +01:00
3e13b575b0
flake.nix: Clean up devshell
2022-10-22 20:01:56 +01:00
bec05bafb1
README.md: Update to new and improved flake mechanisms
2022-10-17 14:29:56 +01:00
59a44261b8
flake.nix: Move vm out of nixosConfigurations so that checks work
2022-10-17 14:23:52 +01:00
61d3008bc3
nextcloud: Fetch apps using nvfetcher
2022-10-17 11:00:02 +01:00
c4fa991b62
treewide: Add fail2ban
2022-10-14 06:27:11 +01:00
325e8a0ea1
flake.nix: Add deploy-rs for deployment management
2022-10-14 05:59:59 +01:00
1ddf23bd01
nextcloud: Update nextcloud version
2022-10-14 05:58:18 +01:00
78ecfd63a1
starbound: Fix post-update issues
2022-10-14 05:58:15 +01:00
e8b16459d9
treewide: Refactor in order to clean up flake.nix
2022-10-14 05:58:13 +01:00
068e6d5d77
webserver: Use a hardened systemd unit instead of a container
2022-10-14 05:58:11 +01:00
b6594cea54
gitea: Use a hardened systemd unit instead of a container
2022-10-14 05:58:08 +01:00
3cedb9f978
nextcloud: Use a hardened systemd unit instead of a container
2022-10-14 05:58:05 +01:00
6a81ce4c1d
sops: Improve secrets provisioning to split out staging
2022-10-12 23:22:50 +01:00
ab3aa19481
treewide: Perform another nitpicking sweep
2022-10-12 23:22:42 +01:00
dea9032530
flake.nix: Add app to start VM through nix run
2022-10-12 13:16:46 +01:00
e512e73b5e
flake.nix: Clean up and refactor
2022-10-12 13:12:28 +01:00
7095ab2631
treewide: Remove minecraft server
...
This has fallen into disuse since the big Java vulnerability, and I
have ideas for better ways of doing this. Meanwhile it's making
maintenance and refactoring more difficult.
Hence I'll remove the server completely for the time being.
2022-10-12 13:12:04 +01:00
046a88905d
treewide: Reformat project with alejandra
2022-10-10 13:03:18 +01:00
58e52dd119
ssh: Allow proxy connections with gatewayPorts
2022-10-10 13:01:26 +01:00
ed74cfa576
starbound: Fix permissions for a syscall steamcmd needs
2022-04-23 09:31:21 +01:00
cd92ec64c2
Add starbound server
2022-04-23 08:47:13 +01:00
e7102adec1
Add sops-nix
2022-04-23 08:47:07 +01:00
73988df2a6
flake.lock: Update
...
Flake lock file changes:
• Updated input 'flake-utils':
'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07)
→ 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/9886a06e4745edb31587d0e9481ad82d35f0d593' (2022-02-04)
→ 'github:nixos/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/521e4d7d13b09bc0a21976b9d19abd197d4e3b1e' (2022-02-07)
→ 'github:nixos/nixpkgs/9887f024766aa27704d1f89f623efd1d063da92a' (2022-04-21)
2022-04-21 18:21:53 +01:00
