snix/ops/modules
Vincent Ambo b8267c261c fix(ops/irccat): Avoid permissions issue with LoadCredentials=
The DynamicUser + Group configuration does not work as planned, thus
the systemd LoadCredentials feature is used instead which makes the
file (which itself is only readable by root) available in a
memory-backed location only readable by the service.

The secret is only available to `ExecStart` commands, so units using
this feature can not be used with pre/post units and the like if those
commands need secrets.

To accommodate this, the merge of configuration files has been moved
into the service launch script, which is now the ExecStart= process.

For details take a look at https://www.freedesktop.org/software/systemd/man/systemd.exec.html#LoadCredential=ID:PATH

Change-Id: I693fe5677cc0d63c7aa485c2c7472457c5262166
2021-12-10 15:09:09 +00:00
..
tvl-slapd chore(nixpkgs): Bump channels to 2021-05-25 2021-05-25 17:09:28 +00:00
tvl-sso fix(tvl-sso): set memory limit to 512M 2021-08-24 16:28:14 +00:00
www fix(ops/www): Redirect tvl.fyi/blog -> tvl.fyi 2021-12-01 23:41:23 +03:00
.skip-subtree refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00
atward.nix refactor(atward): Configure listen address 2021-05-05 09:02:58 +00:00
automatic-gc.nix fix(automatic-gc): Fix garbage collection script 2021-04-18 09:44:04 +00:00
clbot.nix refactor(ops): Move clbot secret into agenix 2021-12-10 10:32:14 +03:00
default.nix refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00
gerrit-queue.nix feat(ops/modules): Add module for running gerrit-queue 2021-12-10 10:32:14 +03:00
git-serving.nix chore(ops/git-serving): Remove josh state from whitby backups 2021-09-24 16:14:30 +00:00
irccat.nix fix(ops/irccat): Avoid permissions issue with LoadCredentials= 2021-12-10 15:09:09 +00:00
monorepo-gerrit.nix fix(ops): Correctly pass command name to besadii invocations 2021-12-07 18:27:44 +00:00
nixery.nix fix(ops/nixery): Temporarily stop serving depot packages in Nixery 2021-12-02 09:16:52 +03:00
owothia.nix refactor(ops): Move owothia secret into agenix 2021-12-10 10:32:14 +03:00
panettone.nix refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00
paroxysm.nix refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00
prometheus-fail2ban-exporter.nix refactor(ops): Break out prometheus-fail2ban-exporter module 2021-06-12 15:51:49 +00:00
quassel.nix chore(nixpkgs): Bump channels to 2021-05-25 2021-05-25 17:09:28 +00:00
README.md refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00
restic.nix fix(ops/restic): Move whitby's backup to GleSYS object storage 2021-11-21 12:01:26 +00:00
smtprelay.nix refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00
sourcegraph.nix feat(sourcegraph): Upgrade 3.30.4 -> 3.31.2 2021-09-11 14:11:52 +00:00
tvl-buildkite.nix fix(tvl-buildkite): Explicitly set runtimePackages 2021-12-10 15:06:08 +00:00
v4l2loopback.nix refactor(ops): Split //ops/nixos into different locations 2021-04-11 22:18:22 +00:00

NixOS modules

This folder contains various NixOS modules shared by our NixOS configurations.

It is not read by readTree.