teutat3s
34ce43a5e0
secrets: remove leftover secret files
...
After cleanup:
❯ find ./secrets -type f -name "*.age" | wc -l
64
❯ rg publicKeys secrets/secrets.nix | wc -l
64
2024-11-07 12:22:27 +01:00
teutat3s
da529b023e
Merge pull request 'ci: use treefmt2 with flag --ci
' ( #248 ) from ci-treefmt into main
...
Reviewed-on: pub-solar/infra#248
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:40:03 +00:00
teutat3s
cf39137340
Merge pull request 'docs: more garage CLI usage, avoid leaking secret' ( #246 ) from docs-garage into main
...
Reviewed-on: pub-solar/infra#246
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:39:53 +00:00
teutat3s
18683d383f
Merge pull request 'docs: add examples for cachix usage' ( #230 ) from docs-cachix into main
...
Reviewed-on: pub-solar/infra#230
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:39:44 +00:00
teutat3s
d8a793190d
Merge pull request 'matrix-authentication-service: init, test, migrate synapse' ( #250 ) from mas-init into main
...
Reviewed-on: pub-solar/infra#250
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-10-30 20:02:53 +00:00
teutat3s
3ec5c9f343
style: fix formatting
2024-10-30 20:32:47 +01:00
teutat3s
7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into
...
synapse now, update synapse config to use matrix-authentication-service
2024-10-30 20:31:29 +01:00
b12f
041d311bb2
modules/matrix: rename used config options
2024-10-30 18:37:47 +01:00
teutat3s
9d9bcf9a15
mas: move to module, add secrets for prod
2024-10-30 18:37:46 +01:00
b12f
4434a90136
modules/matrix: rename secrets to not include hostnames
2024-10-30 18:37:46 +01:00
teutat3s
472f9aa68b
dns: list.pub.solar should be A / AAAA records
2024-10-30 18:37:46 +01:00
teutat3s
c9c2d06a98
dns: add CNAME record for mas.pub.solar
2024-10-30 18:37:46 +01:00
teutat3s
8244e605b6
fix: passkey support in pub.solar keycloak theme
2024-10-30 18:37:46 +01:00
teutat3s
9d7d251369
style: fix formatting
2024-10-30 18:37:46 +01:00
teutat3s
7775ad332e
matrix: do not change paths for nachtigall secrets
2024-10-30 18:37:46 +01:00
teutat3s
d6cc9c8164
matrix-authentication-service: init host underground
...
to test mas, related to #242
2024-10-30 18:37:45 +01:00
teutat3s
4c51eda8b6
Merge pull request 'modules/tt-rss: pin on revision' ( #253 ) from update-tt-rss into main
...
Reviewed-on: pub-solar/infra#253
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-10-30 17:37:10 +00:00
b12f
471d7650ff
modules/tt-rss: pin on revision
2024-10-30 18:35:18 +01:00
teutat3s
9cc50ed678
Merge pull request 'maintenance: updates for mastodon, matrix-synapse' ( #249 ) from flake-updates-2024-10-24 into main
...
Reviewed-on: pub-solar/infra#249
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 16:16:06 +00:00
teutat3s
4309cc9cdd
ci: use treefmt2 with flag --ci
...
Update treefmt to version 2.
This adds the following flags for CI usage:
"--no-cache, --fail-on-change and adjusting some other settings best suited to a CI".
See: https://treefmt.com/usage
2024-10-24 15:43:00 +02:00
teutat3s
08f5c5ce67
docs: more garage CLI usage, avoid leaking secret
2024-10-24 15:10:44 +02:00
teutat3s
870e81ee4c
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
→ 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
→ 'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
→ 'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
• Updated input 'unstable':
'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
→ 'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
2024-10-24 14:53:39 +02:00
teutat3s
cef7a561f3
Merge pull request 'garage: fix wildcard DNS cert renewal with wildcard CNAME records' ( #245 ) from fix-dns-cert-renewal into main
...
Reviewed-on: pub-solar/infra#245
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 12:51:41 +00:00
teutat3s
281701b7b6
Merge pull request 'docs: fix IP for keycloak admin API' ( #247 ) from update-docs into main
...
Reviewed-on: pub-solar/infra#247
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 12:51:31 +00:00
teutat3s
90bbaad7b7
Merge pull request 'trinkgenossin: fix network in initrd' ( #244 ) from trinkgenossin-remote-luks into main
...
Reviewed-on: pub-solar/infra#244
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 12:51:18 +00:00
teutat3s
6a15c09509
docs: add hint how to get CACHIX_AUTH_TOKEN
2024-10-23 20:59:07 +02:00
teutat3s
94d7db1331
docs: add examples for cachix usage
2024-10-23 20:59:06 +02:00
teutat3s
633f0a4402
docs: fix IP for keycloak admin API
2024-10-23 20:28:55 +02:00
teutat3s
9758aeda5d
garage: fix wildcard DNS cert renewal with wildcard
...
CNAME records
By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
2024-10-23 20:18:57 +02:00
teutat3s
2c29d27ce7
style: remove redundant brackets
2024-10-23 20:18:03 +02:00
teutat3s
31a885926b
trinkgenossin: fix network in initrd, virtio_net
...
kernel module was missing. Also this is a QEMU host, hyperV is not
required.
2024-10-23 20:17:32 +02:00
teutat3s
0ae6bc637b
Merge pull request 'mastodon: host media files on pub.solar garage cluster' ( #239 ) from mastodon-media-on-garage into main
...
Reviewed-on: pub-solar/infra#239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-23 15:24:28 +00:00
teutat3s
5300f381b0
nginx: use safer request_uri variable
...
Fix >> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
2024-10-17 21:15:57 +02:00
teutat3s
8a18ee452b
garage: fix s3_api root_domain
2024-10-17 21:15:57 +02:00
teutat3s
666de2c8f4
mastodon: switch files.pub.solar from storj to garage
...
s3 backend
2024-10-17 21:15:55 +02:00
teutat3s
b1391521b9
Merge pull request 'maintenance: update element-web, keycloak, mastodon, nextcloud' ( #240 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#240
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-17 19:12:37 +00:00
teutat3s
987c0919ca
style: fix formatting
2024-10-17 20:31:47 +02:00
teutat3s
c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable
...
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
2024-10-17 20:31:47 +02:00
teutat3s
3943f34c92
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
→ 'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
→ 'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
→ 'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
• Updated input 'unstable':
'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
→ 'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
2024-10-17 20:31:17 +02:00
b12f
e85807a29b
Merge pull request 'nextcloud: docs how to get debug logs' ( #238 ) from nextcloud-fix-logs into main
...
Reviewed-on: pub-solar/infra#238
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-10-16 15:29:26 +00:00
teutat3s
c53d48384a
nextcloud: document how to get debugging logs
2024-10-16 17:19:49 +02:00
teutat3s
9579f6adde
Merge pull request 'logins: add teutat3s secondary SSH public key' ( #237 ) from teutat3s-add-ssh into main
...
Reviewed-on: pub-solar/infra#237
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-08 22:09:53 +00:00
teutat3s
01ca3b21c2
Merge pull request 'mastodon: actually use opensearch via module option' ( #236 ) from mastodon-full-text-search into main
...
Reviewed-on: pub-solar/infra#236
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-08 21:03:39 +00:00
teutat3s
d085e49925
logins: add teutat3s secondary SSH public key
2024-10-08 19:10:20 +02:00
teutat3s
092a45e3bd
mastodon: actually use opensearch via module option
2024-10-08 19:09:17 +02:00
teutat3s
a8d865bbca
Merge pull request 'maintenance updates for element-web, forgejo, mastodon, matrix-synapse, nextcloud and others' ( #235 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#235
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-10-05 12:30:07 +00:00
teutat3s
df2f0d4442
flake: refactor, bye srid
...
Refactor flake to work without nixos-flake and use native NixOS module
system. This is because of recent changes to nixos-flake, like renaming it
to nixos-unified and changing the API without a changelog or guide how
to update.
2024-10-05 14:03:40 +02:00
teutat3s
8c8a757f8f
garage: update to 1.0.1
...
https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.1
2024-10-05 13:03:40 +02:00
teutat3s
8600fc64c5
wireguard: fix trinkgenossin IPv4 address
2024-10-05 13:03:40 +02:00
teutat3s
37f210c96f
security: add libolm to permittedInsecurePackages
2024-10-05 13:03:40 +02:00