[Nosial/FederationServer:main] 3 new commits
[0071c4e] Add Operator management classes and exception handling - netkas
[7c7947b] Add Symfony UID package to PHP include path and project configuration - netkas
[5bf98bc] Added operators.sql (wip) - netkas
[0071c4e] Add Operator management classes and exception handling - netkas
[7c7947b] Add Symfony UID package to PHP include path and project configuration - netkas
[5bf98bc] Added operators.sql (wip) - netkas
[Nosial/FederationServer:main] 4 new commits
[9ee9e59] Add EvidenceRecord class for managing evidence data and serialization - netkas
[bb03557] Add FileAttachmentRecord class for managing file attachment data - netkas
[3bbeb5c] Add FileStorageConfiguration class for file storage settings - netkas
[85e20d3] Add BlacklistType enum and extend configuration for file storage - netkas
[9ee9e59] Add EvidenceRecord class for managing evidence data and serialization - netkas
[bb03557] Add FileAttachmentRecord class for managing file attachment data - netkas
[3bbeb5c] Add FileStorageConfiguration class for file storage settings - netkas
[85e20d3] Add BlacklistType enum and extend configuration for file storage - netkas
[Nosial/FederationServer:main] 1 new commit
[1fa33b2] Add BlacklistRecord class for managing blacklist data and serialization - netkas
[1fa33b2] Add BlacklistRecord class for managing blacklist data and serialization - netkas
[Nosial/FederationServer:main] 2 new commits
[857b1d8] Added AuditLogType and AuditLogRecord - netkas
[3d4a99b] Add EntityRecord class for managing entity data and serialization - netkas
[857b1d8] Added AuditLogType and AuditLogRecord - netkas
[3d4a99b] Add EntityRecord class for managing entity data and serialization - netkas
[Nosial/FederationServer:main] 1 new commit
[75eb635] Add AuditLogManager for managing audit log entries and operations - netkas
[75eb635] Add AuditLogManager for managing audit log entries and operations - netkas
[Nosial/FederationServer:main] 7 new commits
[f72cc63] Add ServerConfiguration for managing server settings and API key - netkas
[877a028] Add BlacklistManager for managing blacklist entries and operations - netkas
[439316d] Refactor EntitiesManager to use local exceptions and improve error handling - netkas
[2b59713] Add EntitiesManager for managing entity records and operations - netkas
[55e4288] Add EvidenceManager for managing evidence records and operations - netkas
[f72cc63] Add ServerConfiguration for managing server settings and API key - netkas
[877a028] Add BlacklistManager for managing blacklist entries and operations - netkas
[439316d] Refactor EntitiesManager to use local exceptions and improve error handling - netkas
[2b59713] Add EntitiesManager for managing entity records and operations - netkas
[55e4288] Add EvidenceManager for managing evidence records and operations - netkas
❤1
[Nosial/FederationServer:main] 6 new commits
[e425058] Add SQL resource files for audit log, blacklist, entities, evidence, and file attachments - netkas
[c20cd2e] Add file_attachments table for storing file attachments related to evidence records - netkas
[c68f1d2] Add evidence table for storing evidence records and related information - netkas
[51b501e] Add entities table for storing known entities and their attributes - netkas
[daf2035] Add blacklist table for managing blacklisted entities and reasons - netkas
[e425058] Add SQL resource files for audit log, blacklist, entities, evidence, and file attachments - netkas
[c20cd2e] Add file_attachments table for storing file attachments related to evidence records - netkas
[c68f1d2] Add evidence table for storing evidence records and related information - netkas
[51b501e] Add entities table for storing known entities and their attributes - netkas
[daf2035] Add blacklist table for managing blacklisted entities and reasons - netkas
[Nosial/FederationServer:main] 1 new commit
[14ed240] Refactor date handling to use DateTime directly and improve PDO usage consistency - netkas
[14ed240] Refactor date handling to use DateTime directly and improve PDO usage consistency - netkas
[Nosial/FederationServer:main] 1 new commit
[f341af7] Implement file upload handling with size and MIME type validation, and add configuration for max upload size and storage path - netkas
[f341af7] Implement file upload handling with size and MIME type validation, and add configuration for max upload size and storage path - netkas
[Nosial/flake:master] 1 new commit
[9e6a8cd] chore: add packages - badPointer
[9e6a8cd] chore: add packages - badPointer
[Nosial/flake:master] 1 new commit
[bc59821] chore: fix Smallstep package - badPointer
[bc59821] chore: fix Smallstep package - badPointer
[Nosial/flake:master] 1 new commit
[71ec892] feat: add rauthy - badPointer
[71ec892] feat: add rauthy - badPointer
[Nosial/flake:master] 1 new commit
[e94e836] feat: kill rauthy with fire - badPointer
[e94e836] feat: kill rauthy with fire - badPointer
[Nosial/flake:master] 1 new commit
[31df382] chore: make Kanidm trust X-Forwarded-For - badPointer
[31df382] chore: make Kanidm trust X-Forwarded-For - badPointer
[Nosial/flake] Issue opened: #1 No containers v. Podman containers v. nixos-containers by glitchkill
No containers:
-
Pros:
- Declarative
- Best performance out of all other options
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Least secure way to run a service (RCE -> it's over)
Podman containers:
-
Pros:
- Little performance loss
- Sufficient security when running rootless
- Expandable into replication by Kubernetes
Cons:
- Not as declarative as NixOS modules
- Heterogenous (unknown impact)
nixos-containers:
-
Pros:
- Declarative
- Most secure way to run a service (systemd-nspawn sits firmly on the line between a container and a VM)
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Highest performance penalty of all other options
No containers:
-
Pros:
- Declarative
- Best performance out of all other options
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Least secure way to run a service (RCE -> it's over)
Podman containers:
-
Pros:
- Little performance loss
- Sufficient security when running rootless
- Expandable into replication by Kubernetes
Cons:
- Not as declarative as NixOS modules
- Heterogenous (unknown impact)
nixos-containers:
-
Pros:
- Declarative
- Most secure way to run a service (systemd-nspawn sits firmly on the line between a container and a VM)
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Highest performance penalty of all other options
[Nosial/flake] Issue opened: #2 Generation rebuild CI by glitchkill
CI modes:
-
- Skip (skips rebuild on all nodes for commit)
- Switch (rebuilds on all _affected_ nodes for commit, switches to new generation)
- Boot (rebuilds on all _affected_ nodes for commit, sets new generation as default for next boot)
- Force-switch (rebuilds on both affected and unaffected nodes for commit, switches to new generation)
- Force-boot (rebuilds on both affected and unaffected nodes for commit, sets new generation as default for next boot)
Affected node judgment: if any of the modules/files imported by the node are modified, node is marked as affected.
Rebuild process should be a CI pipeline over SSH (ephemeral Tailscale node?)
CI modes:
-
- Skip (skips rebuild on all nodes for commit)
- Switch (rebuilds on all _affected_ nodes for commit, switches to new generation)
- Boot (rebuilds on all _affected_ nodes for commit, sets new generation as default for next boot)
- Force-switch (rebuilds on both affected and unaffected nodes for commit, switches to new generation)
- Force-boot (rebuilds on both affected and unaffected nodes for commit, sets new generation as default for next boot)
Affected node judgment: if any of the modules/files imported by the node are modified, node is marked as affected.
Rebuild process should be a CI pipeline over SSH (ephemeral Tailscale node?)
[Nosial/flake] Issue opened: #3 Switch Podman to rootless by glitchkill
Until #1 is complete, all containers should be switched to rootless.
- Create a user to run the containers
- chown all service directories, restrict access to other users
- Configure user in NixOS config
Until #1 is complete, all containers should be switched to rootless.
- Create a user to run the containers
- chown all service directories, restrict access to other users
- Configure user in NixOS config