- Aug 10, 2021
-
-
Florian Sesser authored -
Florian Sesser authored
-
Florian Sesser authored
... so it can be used in the nginx config instead of duplicating the number
-
- Aug 09, 2021
-
-
Florian Sesser authored
As per @jcalderone and @florian videoconf on 2021-08-06. - Remove custom handling of Let's Encrypt certs, use NixOs' ACME integration instead. - Use NGINX for TLS termination.
-
- Aug 05, 2021
-
-
Florian Sesser authored
-
Florian Sesser authored
Tryfix. Can't run this locally ATM.
-
Florian Sesser authored
System tests do currently not include testing our monitoringvpn wireguard setup, so let's just add the required IP by an alias to the lo interface.
-
- Aug 04, 2021
-
-
Florian Sesser authored
This should fail currently, since metrics are still public. Also, I couldn't test this code locally, since I currently run VirtualBox VMs on my dev box. I'll just see what CI says to this code.
-
- Aug 03, 2021
-
-
Florian Sesser authored
-
- Jul 29, 2021
-
-
Jean-Paul Calderone authored
This causes NixOS to generate the systemd timer unit for us and saves us having to explain a lot of subtle systemd features. It does pin execution to midnight on Monday but scaling to handle load spikes is Let's Encrypt's problem, I guess.
-
- Jul 28, 2021
-
-
Jean-Paul Calderone authored
-
- Jul 19, 2021
-
-
Jean-Paul Calderone authored
-
Jean-Paul Calderone authored
We can't point it at a Nix expression that evaluates to our desired version of nixpkgs because certain consumers want it to be a filesystem path instead.
-
Jean-Paul Calderone authored
This is what we wanted and much more directly. It also avoids the gradual lengthening of the path by always setting the path to nixpkgs-2105 instead of some derivative of whatever the path was last time.
-
- Jul 17, 2021
-
-
Florian Sesser authored
-
Florian Sesser authored
This commit does not change the semantics, only the looks.
-
- Jul 16, 2021
-
-
Jean-Paul Calderone authored
At least it's easy to turn on
-
Jean-Paul Calderone authored
This is used in constructing the Google OAuth2 login callback URL and has to match what's configured in Google - also helps if it is actually the address of the server.
-
Jean-Paul Calderone authored
-
Jean-Paul Calderone authored
-
Jean-Paul Calderone authored
-
Florian Sesser authored
-
Florian Sesser authored
-
- Jul 15, 2021
-
-
Jean-Paul Calderone authored
The old version of nixpkgs let us get away with setting neither isNormalUser nor isSystemUser but setting all of the things a normal user would get directly. The new version of nixpkgs demands one of these flags be set. So, set it, and remove all of the redundant settings that it implies.
-
- Jul 14, 2021
-
-
Jean-Paul Calderone authored
I hope I'm almost done with this branch.
-
Jean-Paul Calderone authored
-
Florian Sesser authored
-
Florian Sesser authored
-
Florian Sesser authored
-
Florian Sesser authored
-
- Jul 13, 2021
-
-
Florian Sesser authored
-
- Jul 08, 2021
-
-
Florian Sesser authored
-
Florian Sesser authored
-
Florian Sesser authored
-
Florian Sesser authored
-
Florian Sesser authored
Fewer lines almost always better. Also, we don't want to spread these out unless we have to.
-
Florian Sesser authored
-
- Jul 07, 2021
-
-
-
Jean-Paul Calderone authored
-
Jean-Paul Calderone authored
-
