| commit | 82e0942cc52d29c98bbd2c56f2c82b9984798429 | [log] [tgz] |
|---|---|---|
| author | Skyler Grey <minion@clicks.codes> | Sun Mar 10 14:11:44 2024 +0000 |
| committer | Samuel Shuert <coded@clicks.codes> | Sun Mar 10 17:47:56 2024 +0000 |
| tree | 16f437f8a788972f9eb8df49012b27f5fb8671d7 | |
| parent | 8720ed13c29358c3e8010aa027ea4fd26d185b0d [diff] |
Replace problematic aliases with redirects Ordinarily an alias is alright, however some sites (for example vaultwarden which authenticates with security keys, or nextcloud where share links may end up leading to different sites) should be standardized to a single canonical domain. The statement "an alias is alright" is not intended to imply that a redirect cannot be preferred in other cases, we're only removing bad aliases here rather than taking a stance on aliases as a whole. Change-Id: I9d51acffccd14a6142313925d3029a48b2698abf Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/537 Reviewed-by: Samuel Shuert <coded@clicks.codes> Tested-by: Skyler Grey <minion@clicks.codes>
To deploy these files to our server we use deploy-rs. If you've got a flakes-enabled nix installed on your system you can run
nix run github:serokell/deploy-rs
You can also install deploy-rs to your profile, at which point you'll be able to run
deploy
Secrets are stored in SOPS and deployed using scalpel.
If you have a service which needs to store secrets in its config file, please set systemd reloadTriggers and restartTriggers to automatically reload/restart the service whenever the configuration changes.
It's notable that changing the secrets will not trigger a reload/restart of the service. If you want to update the secrets without updating the rest of the configuration you currently need to manually restart the service. It's possible that this could be solved by using systemd paths to watch the files (see https://superuser.com/questions/1171751/restart-systemd-service-automatically-whenever-a-directory-changes-any-file-ins) but this is not a priority