[Nosial/FederationServer:main] 1 new commit
[1fa33b2] Add BlacklistRecord class for managing blacklist data and serialization - netkas
[1fa33b2] Add BlacklistRecord class for managing blacklist data and serialization - netkas
[Nosial/FederationServer:main] 2 new commits
[857b1d8] Added AuditLogType and AuditLogRecord - netkas
[3d4a99b] Add EntityRecord class for managing entity data and serialization - netkas
[857b1d8] Added AuditLogType and AuditLogRecord - netkas
[3d4a99b] Add EntityRecord class for managing entity data and serialization - netkas
[Nosial/FederationServer:main] 1 new commit
[75eb635] Add AuditLogManager for managing audit log entries and operations - netkas
[75eb635] Add AuditLogManager for managing audit log entries and operations - netkas
[Nosial/FederationServer:main] 7 new commits
[f72cc63] Add ServerConfiguration for managing server settings and API key - netkas
[877a028] Add BlacklistManager for managing blacklist entries and operations - netkas
[439316d] Refactor EntitiesManager to use local exceptions and improve error handling - netkas
[2b59713] Add EntitiesManager for managing entity records and operations - netkas
[55e4288] Add EvidenceManager for managing evidence records and operations - netkas
[f72cc63] Add ServerConfiguration for managing server settings and API key - netkas
[877a028] Add BlacklistManager for managing blacklist entries and operations - netkas
[439316d] Refactor EntitiesManager to use local exceptions and improve error handling - netkas
[2b59713] Add EntitiesManager for managing entity records and operations - netkas
[55e4288] Add EvidenceManager for managing evidence records and operations - netkas
❤1
[Nosial/FederationServer:main] 6 new commits
[e425058] Add SQL resource files for audit log, blacklist, entities, evidence, and file attachments - netkas
[c20cd2e] Add file_attachments table for storing file attachments related to evidence records - netkas
[c68f1d2] Add evidence table for storing evidence records and related information - netkas
[51b501e] Add entities table for storing known entities and their attributes - netkas
[daf2035] Add blacklist table for managing blacklisted entities and reasons - netkas
[e425058] Add SQL resource files for audit log, blacklist, entities, evidence, and file attachments - netkas
[c20cd2e] Add file_attachments table for storing file attachments related to evidence records - netkas
[c68f1d2] Add evidence table for storing evidence records and related information - netkas
[51b501e] Add entities table for storing known entities and their attributes - netkas
[daf2035] Add blacklist table for managing blacklisted entities and reasons - netkas
[Nosial/FederationServer:main] 1 new commit
[14ed240] Refactor date handling to use DateTime directly and improve PDO usage consistency - netkas
[14ed240] Refactor date handling to use DateTime directly and improve PDO usage consistency - netkas
[Nosial/FederationServer:main] 1 new commit
[f341af7] Implement file upload handling with size and MIME type validation, and add configuration for max upload size and storage path - netkas
[f341af7] Implement file upload handling with size and MIME type validation, and add configuration for max upload size and storage path - netkas
[Nosial/flake:master] 1 new commit
[9e6a8cd] chore: add packages - badPointer
[9e6a8cd] chore: add packages - badPointer
[Nosial/flake:master] 1 new commit
[bc59821] chore: fix Smallstep package - badPointer
[bc59821] chore: fix Smallstep package - badPointer
[Nosial/flake:master] 1 new commit
[71ec892] feat: add rauthy - badPointer
[71ec892] feat: add rauthy - badPointer
[Nosial/flake:master] 1 new commit
[e94e836] feat: kill rauthy with fire - badPointer
[e94e836] feat: kill rauthy with fire - badPointer
[Nosial/flake:master] 1 new commit
[31df382] chore: make Kanidm trust X-Forwarded-For - badPointer
[31df382] chore: make Kanidm trust X-Forwarded-For - badPointer
[Nosial/flake] Issue opened: #1 No containers v. Podman containers v. nixos-containers by glitchkill
No containers:
-
Pros:
- Declarative
- Best performance out of all other options
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Least secure way to run a service (RCE -> it's over)
Podman containers:
-
Pros:
- Little performance loss
- Sufficient security when running rootless
- Expandable into replication by Kubernetes
Cons:
- Not as declarative as NixOS modules
- Heterogenous (unknown impact)
nixos-containers:
-
Pros:
- Declarative
- Most secure way to run a service (systemd-nspawn sits firmly on the line between a container and a VM)
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Highest performance penalty of all other options
No containers:
-
Pros:
- Declarative
- Best performance out of all other options
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Least secure way to run a service (RCE -> it's over)
Podman containers:
-
Pros:
- Little performance loss
- Sufficient security when running rootless
- Expandable into replication by Kubernetes
Cons:
- Not as declarative as NixOS modules
- Heterogenous (unknown impact)
nixos-containers:
-
Pros:
- Declarative
- Most secure way to run a service (systemd-nspawn sits firmly on the line between a container and a VM)
- Next-to-none abstractions
Cons:
- No way to run software without a Nix module
- Highest performance penalty of all other options
[Nosial/flake] Issue opened: #2 Generation rebuild CI by glitchkill
CI modes:
-
- Skip (skips rebuild on all nodes for commit)
- Switch (rebuilds on all _affected_ nodes for commit, switches to new generation)
- Boot (rebuilds on all _affected_ nodes for commit, sets new generation as default for next boot)
- Force-switch (rebuilds on both affected and unaffected nodes for commit, switches to new generation)
- Force-boot (rebuilds on both affected and unaffected nodes for commit, sets new generation as default for next boot)
Affected node judgment: if any of the modules/files imported by the node are modified, node is marked as affected.
Rebuild process should be a CI pipeline over SSH (ephemeral Tailscale node?)
CI modes:
-
- Skip (skips rebuild on all nodes for commit)
- Switch (rebuilds on all _affected_ nodes for commit, switches to new generation)
- Boot (rebuilds on all _affected_ nodes for commit, sets new generation as default for next boot)
- Force-switch (rebuilds on both affected and unaffected nodes for commit, switches to new generation)
- Force-boot (rebuilds on both affected and unaffected nodes for commit, sets new generation as default for next boot)
Affected node judgment: if any of the modules/files imported by the node are modified, node is marked as affected.
Rebuild process should be a CI pipeline over SSH (ephemeral Tailscale node?)
[Nosial/flake] Issue opened: #3 Switch Podman to rootless by glitchkill
Until #1 is complete, all containers should be switched to rootless.
- Create a user to run the containers
- chown all service directories, restrict access to other users
- Configure user in NixOS config
Until #1 is complete, all containers should be switched to rootless.
- Create a user to run the containers
- chown all service directories, restrict access to other users
- Configure user in NixOS config
[Nosial/flake] Issue opened: #4 Gatus as uptime service by glitchkill
Blocker: https://github.com/TwiN/gatus/issues/720
Deploy alerts for bot and public uptime page.
Blocker: https://github.com/TwiN/gatus/issues/720
Deploy alerts for bot and public uptime page.
[Nosial/flake] Issue opened: #5 Revamp service configuration and data by glitchkill
Current config-data storage leaves much to be desired. Proposed solution:
- Configure all services exclusively through environment variables set through system configuration.
- Split all auxiliary services (e.g. `data/forgejo-main, data/forgejo-postgres` instead of `data/forgejo/data`).
- Move all volumes to top-level (e.g. `data/forgejo-main` instead of `data/forgejo-main/data`).
Current config-data storage leaves much to be desired. Proposed solution:
- Configure all services exclusively through environment variables set through system configuration.
- Split all auxiliary services (e.g. `data/forgejo-main, data/forgejo-postgres` instead of `data/forgejo/data`).
- Move all volumes to top-level (e.g. `data/forgejo-main` instead of `data/forgejo-main/data`).