| Age | Commit message (Expand) | Author |
|---|
| 29 hours | systems: export default label generation to (sovereign systems)•••It is not possible to otherwise construct a nice-looking definition of a system label.
That is because of a restriction by a lexical scope requirement.
The gnu:system:operating-system-default-label funciton is instead called in (sovereign systems) module.
* deployment/systems/aisaka.scm (operating-system): do this.
* deployment/systems/akashi.scm (operating-system): do this.
* deployment/systems/asakura.scm (operating-system): do this.
* deployment/systems/cokolwiek.scm (operating-system): do this.
* deployment/systems/mcdowell.scm (operating-system): do this.
* deployment/systems/rakan.scm (operating-system): do this.
| Marek Paśnikowski |
| 2025-11-22 | implement guix offload in akashi•••* deployment/keys.scm (akashi-guix):
define guix signing key.
* deployment/systems/aisaka.scm (guix-offload-rakan):
add guix signing key of akashi.
* deployment/systems/akashi.scm (offload-hub, guix-offload-targets, offload-extension):
define guix offload configuration.
* deployment/systems/akashi.scm (services):
add guix offload service and clean up the definition.
* deployment/systems/akashi.scm (operating-system*):
clean up the definition.
| Marek Paśnikowski |
| 2025-11-20 | deployment: implement build offloading from aisaka to rakan•••* deployment/keys.scm (aisaka-guix):
define signing key of Guix daemon in aisaka.
* deployment/systems/aisaka.scm (rakan-machine, guix-offload-rakan, offload-rakan):
define the offload target.
* deployment/systems/aisaka.scm (system):
add the offload configuration to the list of services.
* deployment/systems/rakan.scm (guix-offload-authorizations):
change the authorized signing key to aisaka's.
* deployment/users.scm (openssh-configuration):
add the public SSH key of marek@aisaka.
| Marek Paśnikowski |
| 2025-11-16 | gitolite: disable admin-pubkey•••* deployment/systems/aisaka.scm (gitolite):
turn off the declarative entry of admin keys, as it is impossible to add more than one.
| Marek Paśnikowski |
| 2025-11-12 | add marek@mcdowell to gitolite admin keys | Marek Paśnikowski |
| 2025-11-12 | replace admin-pubkey in gitolite | Marek Paśnikowski |
| 2025-07-27 | aisaka: add sejf.marekpasnikowski.pl to certbot | Marek Paśnikowski |
| 2025-07-26 | aisaka: add sejf subdomain | Marek Paśnikowski |
| 2025-07-24 | aisaka: disable Distribution channel in cgitdedistribution | Marek Paśnikowski |
| 2025-07-24 | delete remaining bindings to Distribution channel•••This removal is part of a process to decomission Distribution channel.
---
The ultimate goal is to move useful code from Distribution channel to either Sovereign or Deployment channel.
Everything else will be deleted and ultimately will be removed from network.
---
Module (deployment systems aisaka) has a dangling import of (suweren update).
Module (deployment users id1000) uses update-commands from (suweren update).
Guix-channel file includes dependency on Distribution channel.
---
The dangling import of (suweren update) is deleted from (deployment systems aisaka).
The update-commands binding is replaced with a definition from Sovereign channel.
The dependency on Distribution channel is removed from the list.
---
With this change Deployment channel is completely independent of Distribution, which can be deleted now.
| Marek Paśnikowski |
| 2025-07-23 | [4] systems: delete imports of (suweren system) module•••This removal is part of a process to decomission Distribution channel.
---
The ultimate goal is to move useful code from Distribution channel to either Sovereign or Deployment channels.
Everything else will be deleted and ultimately will be removed from network.
---
The (suweren system) module was imported in aisaka, akashi and ayase systems.
---
All these imports are deleted.
---
After this (suweren system) module can be deleted from Distribution channel.
| Marek Paśnikowski |
| 2025-07-23 | id1000: delete reference to %suweren-home-services from Deployment channel•••This removal is part of a process to decommission Deployment channel.
---
The ultimate goal is to move useful code from Deployment channel to either Sovereign or Deployment channels.
Everything else will be deleted and ultimately the entire channel will be removed from the net.
---
The deleted reference contains in its definition variables from both upstream Guix and another Distribution module.
Record uid1000-home-environment is the only user of the deleted reference.
This definition is in outdated style.
The (suweren home) module, defining the deleted reference, is also still imported by (deployment systems aisaka).
---
The variables listed in the deleted reference are used directly in the modified record.
This record is also restructured to match the current style.
The imports of of (suweren home) module are deleted from all affected modules.
Appropriate imports are added in (deployment users id1000).
---
Nothing else depends on the deleted reference, so its definition can be safely deleted from Distribution channel.
As it is the last definition in the module, the entire file can be deleted from the channel.
| Marek Paśnikowski |
| 2025-07-07 | systems: standardise label creation•••All operating-system records are configured to prepend default labels with respective host names.
-----
Some minor adaptations had to performed.
| Marek Paśnikowski |
| 2025-06-30 | aisaka: point the test subdomain to the schron subdomain••• The purpose of the test subdomain is to try out changes in nginx configuration.
As such, directories should not be created for the sake of the test subdomain.
Instead, the test subdomain should point to a subdomain currently needing testing.
| Marek Paśnikowski |
| 2025-06-29 | aisaka: correct target of the schron subdomain | Marek Paśnikowski |
| 2025-06-27 | aisaka: apply the new client certificate to schronca | Marek Paśnikowski |
| 2025-06-27 | aisaka: test a new client certificate | Marek Paśnikowski |
| 2025-06-27 | systems/aisaka: install openssl••• The root user need access to openssl command in order to manipulate ca secrets.
| Marek Paśnikowski |
| 2025-06-26 | aisaka: improve layout of system•••No functional changes are introduced.
This is purely visual improvement.
| Marek Paśnikowski |
| 2025-06-20 | aisaka: ultimately fix the efi-directory target | Marek Paśnikowski |
| 2025-06-20 | aisaka: use the standard home-environment-service of uid1000•••The current system configuration of aisaka uses an old custom home environment from before a unified one was developed.
As it is no longer useful, the (home-services) procedure definition is removed from the module.
| Marek Paśnikowski |
| 2025-06-18 | aisaka: fix grub-efi target | Marek Paśnikowski |
| 2025-06-18 | systems: fix mount points for efi partition | Marek Paśnikowski |
| 2025-06-18 | systems: stop importing dead modules | Marek Paśnikowski |
| 2025-06-16 | systems: fix the EFI partition mount point | Marek Paśnikowski |
| 2025-06-02 | aisaka: point the schron subdomain to the test directory | Marek Paśnikowski |
| 2025-06-02 | aisaka: certify the schron subdomain | Marek Paśnikowski |
| 2025-06-01 | aisaka: update dns serial number | Marek Paśnikowski |
| 2025-06-01 | aisaka: set up the schron subdomain | Marek Paśnikowski |
| 2025-05-29 | aisaka: use a Let’s Encrypt certificate for the test subdomain•••The prototype of the client certificate authentication is suboptimal.
The use of a private certificate authority for server authentication causes unnecessary security warnings when loading the subdomain with an unauthenticated browser.
Any browser in its default configuration has no right to understand the private certificate authority used for the client and server certificates.
It is possible to mix Let’s Encrypt certificates with a private certificate authority to implement the authentication.
None of the previously found client authentication guides mentioned that server authentication can use an authority chain different to client authentication.
This change takes advantage of this separation of concerns by using a Let’s Encrypt certificate for the test subdomain server, while keeping the private certificate for client authentication.
| Marek Paśnikowski |
| 2025-05-17 | aisaka: expose nonguix repository | Marek Paśnikowski |
| 2025-05-13 | aisaka: limit the publicly visible repositories to only Guix channels | Marek Paśnikowski |
| 2025-05-12 | Revert "aisaka: uninstall cgit and simplify gitolite"•••This reverts commit ba64ebfe587f05c734f24ace507d22629d350cd8.
| Marek Paśnikowski |
| 2025-05-12 | aisaka: redefine operating-system* | Marek Paśnikowski |
| 2025-05-12 | aisaka: fix gitolite-service-type import | Marek Paśnikowski |
| 2025-05-12 | aisaka: uninstall cgit and simplify gitolite | Marek Paśnikowski |
| 2025-05-11 | aisaka: iterate client authentication | Marek Paśnikowski |
| 2025-05-11 | aisaka: add proxy_set_headers for test.marekpasnikowski.pl | Marek Paśnikowski |
| 2025-05-11 | aisaka: configure NGINX client authentication according to DataCadamia | Marek Paśnikowski |
| 2025-05-03 | aisaka: configure client certificate check on test subdomain | Marek Paśnikowski |
| 2025-03-15 | systems: use the nonguix definition of initrd•••The indirect bindings force the Sovereign channel to unnecessarily depend on Nonguix.
| Marek Paśnikowski |
| 2025-03-15 | systems: use the nonguix definition of kernel directly•••The indirect bindings force the Sovereign channel to unnecessarily depend on Nonguix.
| Marek Paśnikowski |
| 2025-03-14 | import systems to deployment channel | Marek Paśnikowski |
