felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-06-16 17:49:13 +02:00
Code Issues Projects Releases Wiki Activity
1,101 Commits 43 Branches 0 Tags
d84cc738196df4e0effa0e76870e158b4ab0e084
Commit Graph

585 Commits

Author SHA1 Message Date
h7x4 d84cc73819 temmie/userweb: handle more .php\d suffixes 2026-06-16 19:07:58 +09:00
h7x4 b738f08c09 temmie/userweb: render path denylist into Directory/Files directives 2026-06-16 19:07:57 +09:00
h7x4 8252bba3ad temmie/userweb: enable httpd trace on debugMode 2026-06-16 19:07:57 +09:00
h7x4 a776a5a5fe temmie/userweb: explicitly override mod_perl and mod_userdir 2026-06-16 19:07:57 +09:00
h7x4 ed57744ec3 temmie/userweb: add more patterns to denylist 2026-06-16 16:07:32 +09:00
h7x4 226db1f46e temmie/userweb: add more DirectoryIndex variants 2026-06-16 16:07:32 +09:00
h7x4 51e1656177 temmie/userweb: disable ~pvv 2026-06-16 15:53:52 +09:00
h7x4 47d2dcf9ff temmie/userweb: add bro server to userweb slice 2026-06-16 03:37:28 +09:00
h7x4 254b1d9b14 temmie/userweb: split into more modules 2026-06-16 03:33:28 +09:00
h7x4 2301672a21 temmie/userweb: run log processors as separate systemd units 
This lets us divide up some of the logic making httpd itself less
brittle, and also reduces the amount of privileges for httpd.
 2026-06-16 02:56:28 +09:00
h7x4 526b55c49a {ildkule/prometheus,base}: send stats over HTTPS through nginx 2026-06-13 02:54:28 +09:00
h7x4 e80189c6eb temmie/userweb: stop cating passwd on startup 2026-06-13 01:41:05 +09:00
h7x4 56a51e4c6f temmie/userweb: mount homedirs under /amd 2026-06-13 01:39:20 +09:00
h7x4 f54109f6f3 temmie/userweb: set handlers for php and perl scripts 2026-06-13 01:26:27 +09:00
h7x4 b848e0f1cc temmie/userweb: add log processor for apache 2026-06-07 06:03:18 +09:00
h7x4 c671329b93 temmie/userweb: inject users from passwd into httpd sandbox 2026-06-07 05:28:24 +09:00
h7x4 2d6b09cb32 bikkje: label ports in firewall port list 2026-06-06 04:08:16 +09:00
h7x4 88892115b5 base: enable autoScrub for all btrfs machine by default 2026-06-06 04:05:26 +09:00
h7x4 8a290d30e7 modules/drumknotty: split into several parts 
This also fixes a few issues, such as enabling `createLocalDatabase` for
multiple programs, and wraps all the screen logic within a screenrc
file. Some assertions were also added to avoid some easy-to-make
mistakes.
 2026-06-05 14:21:35 +02:00
Vegard Bieker Matthey 009d89f959 set default settings for worblehat and dibbler 2026-06-05 14:09:06 +02:00
Vegard Bieker Matthey 7e754ade71 drumknotty: init 2026-06-05 14:08:58 +02:00
h7x4 966081ebfc bicep/mysql: enable userstat 2026-06-03 15:31:27 +09:00
h7x4 39d313579c bicep/mysql: rotate slow query logs 2026-06-03 15:21:18 +09:00
h7x4 3386153b8b ildkule/prometheus/exim: make scheme explicit 2026-06-03 13:35:13 +09:00
h7x4 56906241f6 bekkalokk/roundcube: temporary fix for webmail redirects 2026-06-01 03:52:09 +09:00
h7x4 3fe71d21f6 bekkalokk/roundcube: webdir moved to public_html within package 2026-06-01 02:57:43 +09:00
h7x4 1ce3372683 lupine/binfmt: enable 2026-06-01 01:00:50 +09:00
Adrian G L 5f14c15679 feat: add radicale to bekkalokk 2026-06-01 00:59:54 +09:00
h7x4 64843087be kommode/gitea: only allow webhooks to external hosts 
We don't have any servers with intranet IPs, and we want webhooks that
hook back to kommode to pass through its firewall.
 2026-05-29 12:58:26 +09:00
h7x4 0c45345050 bicep/matrix-ooye harden 2026-05-28 16:07:36 +09:00
h7x4 788f23bf04 bicep/matrix-hookshot: harden 2026-05-28 15:58:04 +09:00
h7x4 8416014aeb bicep/mjolnir: harden 2026-05-28 15:58:04 +09:00
h7x4 5bf0de1d0d bekkalokk/website/fetch-gallery: use proper shellscript builder 2026-05-28 03:58:08 +09:00
h7x4 a550bbf1e0 bekkalokk/roundcube: use specialized builder for nginx root dir 2026-05-28 03:46:59 +09:00
h7x4 6d9bd8256f kommode/gitea/install-customization: disable networking 2026-05-28 03:15:47 +09:00
h7x4 5c859d9809 kommode/gitea/install-customization: remove ExecStart bash wrapper 2026-05-28 03:15:06 +09:00
h7x4 dfbed75cd9 kommode/gitea/gpg: remove ExecStart bash wrapper 2026-05-28 03:06:07 +09:00
h7x4 6237a0a0e7 bicep/minecraft-heatmap: remove ExecStartPre bash wrapper 2026-05-28 03:03:38 +09:00
h7x4 bd2263a0a9 kommode/gitea/import-users: remove ExecStartPre bash wrapper 2026-05-28 03:02:59 +09:00
h7x4 532e8b0eee bekkalokk/mediawiki: install PdfHandler extension 2026-05-28 01:22:13 +09:00
h7x4 eef3f8fe8b bekkalokk/mediawiki: cleanup executable path config 2026-05-28 01:22:13 +09:00
h7x4 b0f81c9379 lupine/smartd: reenable 2026-05-27 23:41:54 +09:00
h7x4 2c819776f8 treewide/nginx: enable kTLS for a bunch more virtualHosts 2026-05-27 23:36:18 +09:00
h7x4 2b4817b75a ildkule/scrutiny: init 2026-05-27 23:33:45 +09:00
h7x4 47a744f68f ildkule/uptime-kuma: set up rsync pull target for principal 2026-05-26 13:37:29 +09:00
Vegard Bieker Matthey da505d4fe2 kommode: sign merge commits and sign crud actions 2026-05-25 20:21:23 +02:00
h7x4 18ab1ef982 temmie/userweb: set -i and -t in sendmail wrapper 2026-05-25 18:49:57 +09:00
h7x4 5023edeb13 temmie/userweb: install mod_perl with custom env 2026-05-25 18:24:23 +09:00
h7x4 0d8c26c548 temmie/userweb: send propagatedBuildInputs through perl env wrapper 2026-05-25 17:05:02 +09:00
h7x4 bd244e7797 temmie/userweb: add www2 server alias 2026-05-25 16:24:35 +09:00