teutat3s
42b3052091
deploy: remove hard-coded SSH user barkeeper
2024-11-26 17:56:15 +01:00
b12f
eb63779bb6
auth: use all sshPubKeys for disk unlock, fix tests, fix hm config
2024-11-20 16:49:39 +01:00
b12f
acc537decd
hosts: use correct wireguardDevices option
2024-11-20 16:49:39 +01:00
b12f
2b72d9a5a8
style: run nix fmt
2024-11-20 16:49:39 +01:00
b12f
5366d07d44
auth: add user for each administrator
...
After this has been tested successfully, root SSH login can be disabled.
The advantages of having a user for each adminstrator:
* Better security analysis: who issued executed what command, who
touched which file, who used sudo at which time.
* Possibility of granular access, e.g. person X is only allowed to
manage service Y
2024-11-20 16:49:38 +01:00
teutat3s
10f71b1959
Merge pull request 'maintenance: update element-web, forgejo, nextcloud, matrix-synapse and others' ( #269 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#269
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-19 16:10:57 +00:00
teutat3s
8b8833e9c9
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
→ 'github:nix-community/disko/639d1520df9417ca2761536c3072688569e83c80' (2024-11-18)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09)
→ 'github:lnl7/nix-darwin/61cee20168a3ebb71a9efd70a55adebaadfbe4d4' (2024-11-19)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9256f7c71a195ebe7a218043d9f93390d49e6884' (2024-11-10)
→ 'github:nixos/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16)
• Updated input 'unstable':
'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09)
→ 'github:nixos/nixpkgs/5e4fbfb6b3de1aa2872b76d49fafc942626e2add' (2024-11-15)
2024-11-19 16:30:13 +01:00
teutat3s
280dc37aa0
Merge pull request 'matrix-authentication-service: disable changing mail address' ( #271 ) from matrix-mas-disable-email-change into main
...
Reviewed-on: pub-solar/infra#271
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-19 15:29:15 +00:00
teutat3s
3d8fe3cef2
Merge pull request 'prometheus: disable daily e2e notification again' ( #270 ) from alert-disable-e2e into main
...
Reviewed-on: pub-solar/infra#270
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-19 15:29:04 +00:00
teutat3s
213c06ca87
matrix-authentication-service: disable changing mail
...
address. This should be done via auth.pub.solar
2024-11-19 13:57:23 +01:00
teutat3s
a491680165
prometheus: disable daily e2e notification again
2024-11-19 13:56:42 +01:00
b12f
1ae1f68ce2
Merge pull request 'modules/forgejo: allow migrations from local networks' ( #262 ) from forgejo/allow-local-migrations into main
...
Reviewed-on: pub-solar/infra#262
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-11-14 11:10:44 +00:00
b12f
87f9bc92df
modules/forgejo: allow migrations from local networks
2024-11-14 11:10:44 +00:00
teutat3s
3b29b847b0
Merge pull request 'coturn: fix secret path' ( #265 ) from fix-coturn-secret into main
...
Reviewed-on: pub-solar/infra#265
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 20:39:47 +00:00
teutat3s
4923f033f5
coturn: fix secret path
...
this is fallout that was overlooked in #250
2024-11-13 21:25:12 +01:00
teutat3s
2424a3ec8b
Merge pull request 'keycloak: fix registration with pub.solar theme' ( #264 ) from fix-keycloak-theme-for-registration into main
...
Reviewed-on: pub-solar/infra#264
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 19:48:15 +00:00
teutat3s
b41edf0cfb
Merge pull request 'core: add activationScript to show closure diff' ( #260 ) from closure-diffs into main
...
Reviewed-on: pub-solar/infra#260
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 19:47:17 +00:00
teutat3s
0d6da8d678
Merge pull request 'maintenance: updates for element-web, forgejo, matrix-synapse and others' ( #259 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#259
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 19:47:05 +00:00
teutat3s
b87670d07d
keycloak: fix registration with pub.solar theme
...
This pulls in changes from
* pub-solar/keycloak-theme#3
* pub-solar/keycloak-theme#4
2024-11-13 20:34:38 +01:00
teutat3s
73333537a5
Merge pull request 'alertmanager: alert on high load only after 20m' ( #255 ) from alerts-tweak-load into main
...
Reviewed-on: pub-solar/infra#255
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-12 14:47:53 +00:00
teutat3s
45d3b939bf
Merge pull request 'matrix-appservice-irc: reduce logging level to warn' ( #256 ) from irc-reduce-logging into main
...
Reviewed-on: pub-solar/infra#256
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-12 14:47:44 +00:00
teutat3s
904c7ed1e4
Merge pull request 'secrets: remove leftover secret files' ( #257 ) from secrets-cleanup into main
...
Reviewed-on: pub-solar/infra#257
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-12 14:47:35 +00:00
teutat3s
ab85ba751a
alertmanager: enable e2e_dead_man_switch
2024-11-12 13:41:42 +01:00
teutat3s
a9c5edfeb3
alertmanager: don't alert on high memory page faults
...
This alert is non actionable, we still monitor high memory usage.
2024-11-12 13:40:46 +01:00
teutat3s
7067d93ee2
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
→ 'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
→ 'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90' (2024-11-01)
• Updated input 'flake-parts/nixpkgs-lib':
'fb192fec7c
.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
→ 'cc2f280002
.tar.gz?narHash=sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s%3D' (2024-11-01)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
→ 'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
→ 'github:nixos/nixpkgs/9256f7c71a195ebe7a218043d9f93390d49e6884' (2024-11-10)
• Updated input 'unstable':
'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
→ 'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09)
2024-11-11 20:05:12 +01:00
teutat3s
e48fe612e2
core: add activationScript to show closure diff
...
This is useful when updating a host, by doing a dry-run with deploy-rs
we get a list of changed package versions.
2024-11-11 18:02:47 +01:00
teutat3s
34ce43a5e0
secrets: remove leftover secret files
...
After cleanup:
❯ find ./secrets -type f -name "*.age" | wc -l
64
❯ rg publicKeys secrets/secrets.nix | wc -l
64
2024-11-07 12:22:27 +01:00
teutat3s
43b0c8d489
matrix-appservice-irc: reduce logging level to warn
2024-11-06 21:29:27 +01:00
teutat3s
afe52ca6af
alertmanager: alert on high load only after 20m
2024-11-06 21:28:28 +01:00
teutat3s
da529b023e
Merge pull request 'ci: use treefmt2 with flag --ci
' ( #248 ) from ci-treefmt into main
...
Reviewed-on: pub-solar/infra#248
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:40:03 +00:00
teutat3s
cf39137340
Merge pull request 'docs: more garage CLI usage, avoid leaking secret' ( #246 ) from docs-garage into main
...
Reviewed-on: pub-solar/infra#246
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:39:53 +00:00
teutat3s
18683d383f
Merge pull request 'docs: add examples for cachix usage' ( #230 ) from docs-cachix into main
...
Reviewed-on: pub-solar/infra#230
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:39:44 +00:00
teutat3s
d8a793190d
Merge pull request 'matrix-authentication-service: init, test, migrate synapse' ( #250 ) from mas-init into main
...
Reviewed-on: pub-solar/infra#250
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-10-30 20:02:53 +00:00
teutat3s
3ec5c9f343
style: fix formatting
2024-10-30 20:32:47 +01:00
teutat3s
7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into
...
synapse now, update synapse config to use matrix-authentication-service
2024-10-30 20:31:29 +01:00
b12f
041d311bb2
modules/matrix: rename used config options
2024-10-30 18:37:47 +01:00
teutat3s
9d9bcf9a15
mas: move to module, add secrets for prod
2024-10-30 18:37:46 +01:00
b12f
4434a90136
modules/matrix: rename secrets to not include hostnames
2024-10-30 18:37:46 +01:00
teutat3s
472f9aa68b
dns: list.pub.solar should be A / AAAA records
2024-10-30 18:37:46 +01:00
teutat3s
c9c2d06a98
dns: add CNAME record for mas.pub.solar
2024-10-30 18:37:46 +01:00
teutat3s
8244e605b6
fix: passkey support in pub.solar keycloak theme
2024-10-30 18:37:46 +01:00
teutat3s
9d7d251369
style: fix formatting
2024-10-30 18:37:46 +01:00
teutat3s
7775ad332e
matrix: do not change paths for nachtigall secrets
2024-10-30 18:37:46 +01:00
teutat3s
d6cc9c8164
matrix-authentication-service: init host underground
...
to test mas, related to #242
2024-10-30 18:37:45 +01:00
teutat3s
4c51eda8b6
Merge pull request 'modules/tt-rss: pin on revision' ( #253 ) from update-tt-rss into main
...
Reviewed-on: pub-solar/infra#253
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-10-30 17:37:10 +00:00
b12f
471d7650ff
modules/tt-rss: pin on revision
2024-10-30 18:35:18 +01:00
teutat3s
9cc50ed678
Merge pull request 'maintenance: updates for mastodon, matrix-synapse' ( #249 ) from flake-updates-2024-10-24 into main
...
Reviewed-on: pub-solar/infra#249
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 16:16:06 +00:00
teutat3s
4309cc9cdd
ci: use treefmt2 with flag --ci
...
Update treefmt to version 2.
This adds the following flags for CI usage:
"--no-cache, --fail-on-change and adjusting some other settings best suited to a CI".
See: https://treefmt.com/usage
2024-10-24 15:43:00 +02:00
teutat3s
08f5c5ce67
docs: more garage CLI usage, avoid leaking secret
2024-10-24 15:10:44 +02:00
teutat3s
870e81ee4c
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
→ 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
→ 'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
→ 'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
• Updated input 'unstable':
'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
→ 'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
2024-10-24 14:53:39 +02:00