b12f
acc537decd
hosts: use correct wireguardDevices option
2024-11-20 16:49:39 +01:00
teutat3s
7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into
...
synapse now, update synapse config to use matrix-authentication-service
2024-10-30 20:31:29 +01:00
b12f
041d311bb2
modules/matrix: rename used config options
2024-10-30 18:37:47 +01:00
teutat3s
9d9bcf9a15
mas: move to module, add secrets for prod
2024-10-30 18:37:46 +01:00
b12f
4434a90136
modules/matrix: rename secrets to not include hostnames
2024-10-30 18:37:46 +01:00
teutat3s
9d7d251369
style: fix formatting
2024-10-30 18:37:46 +01:00
teutat3s
7775ad332e
matrix: do not change paths for nachtigall secrets
2024-10-30 18:37:46 +01:00
teutat3s
d6cc9c8164
matrix-authentication-service: init host underground
...
to test mas, related to #242
2024-10-30 18:37:45 +01:00
teutat3s
987c0919ca
style: fix formatting
2024-10-17 20:31:47 +02:00
teutat3s
c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable
...
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
2024-10-17 20:31:47 +02:00
teutat3s
8600fc64c5
wireguard: fix trinkgenossin IPv4 address
2024-10-05 13:03:40 +02:00
b12f
1ec5bafa30
flora-6: remove
...
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
...
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s
4626fd85c0
mediawiki: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
teutat3s
88b76beb5c
keycloak: use backups module
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:09:07 +02:00
teutat3s
a0b52d51e5
nachtigall: make postgres wait for zfs mount
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
teutat3s
af5abfc712
nachtigall: enable ZFS auto scrub once per month
2024-06-23 15:14:30 +02:00
teutat3s
6ea916603c
networking: set networking.domain in core module
2024-06-06 19:30:11 +02:00
teutat3s
941eff6d87
tankstelle: configure wireguard
2024-05-30 19:17:21 +02:00
teutat3s
0cb89a9fe8
fix: nachtigall wants keycloak
2024-05-15 19:20:06 +02:00
teutat3s
2ca0bd7c3e
style: run treefmt
2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf
ef94681e11
refactor: Move all apps into modules
2024-04-28 18:07:28 +02:00
Hendrik Sokolowski
10c86c6b20
nachtigall: obs-portal: remove tiles mount
2024-04-28 01:07:49 +02:00
Hendrik Sokolowski
1d6c5003e8
nachtigall: obs-portal: fix dependencies of docker network unit and portal
2024-04-28 01:05:43 +02:00
Benjamin Yule Bädorf
d280b29394
obs-portal: init obs-portal on nachtigall
...
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md
Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.
The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-27 22:45:07 +02:00
teutat3s
2fa3ccf28e
Revert "matrix-appservice-irc: remove unneeded syscall override"
...
This reverts commit a11255b433
.
2024-04-27 01:44:20 +02:00
teutat3s
a11255b433
matrix-appservice-irc: remove unneeded syscall override
...
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
2024-04-25 12:37:58 +02:00
Hendrik Sokolowski
a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3
2024-04-22 20:06:49 +02:00
teutat3s
c768203bed
nginx: set worker_processes to number of CPU cores
...
and set worker_connections to 1024
https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
2024-04-14 17:39:56 +02:00
teutat3s
b6a54efd9a
fix: add comment with hostnames to wireguard peers
2024-04-12 22:36:17 +02:00
Benjamin Yule Bädorf
7e145040cc
wireguard: use IP addresses for wireguard endpoints
...
Otherwise the hostnames written to the /etc/hosts file are already
pointing at the wireguard IP-addresses, so they can never connect.
2024-04-12 22:31:28 +02:00
Benjamin Yule Bädorf
316ba9ef53
forgejo: also reroute ssh traffic for ipv6
2024-04-12 19:38:15 +00:00
teutat3s
afca75441c
Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' ( #142 ) from feat/forgejo-enable-search into main
...
Reviewed-on: pub-solar/infra#142
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:42 +00:00
teutat3s
9698c47530
Merge pull request 'mastodon: clean media older than 7 days' ( #143 ) from mastodon/auto-clean-7-days into main
...
Reviewed-on: pub-solar/infra#143
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:34 +00:00
teutat3s
41e4d3427c
mastodon: clean media older than 7 days
...
Currently we keep everything for 30 days, which is about 180GB
2024-04-05 23:50:04 +02:00
teutat3s
c5159dd66d
forgejo: enable repo search (indexer), save login
...
cookie for 365 days instead of default 7 days.
Caveat for the repo indexer is that repository size on disk will grow
by factor of 6. Forgejo repositories currently use 4.7GB on disk, with
3.3GB being a nixpkgs fork.
2024-04-05 23:29:49 +02:00
Benjamin Yule Bädorf
16c6aa3b61
forgejo: make SSH keys declarative
2024-04-05 19:35:55 +00:00
teutat3s
315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' ( #135 ) from chore/nextcloud-config-maintenance-window into main
...
Reviewed-on: pub-solar/infra#135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 18:41:17 +00:00
Hendrik Sokolowski
b6b8d69852
nachtigall: forgejo: update firewall settings
2024-04-05 18:39:43 +02:00
Benjamin Yule Bädorf
e618b9f9c2
forgejo: use iptables routing instead of ssh patch
2024-04-05 17:00:28 +02:00
Benjamin Yule Bädorf
d7c9333ff4
forgejo: allow multiple host addresses for SSH
2024-04-05 14:26:56 +00:00
teutat3s
18a62b8d35
fix(nextcloud): define a maintenance window for
...
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html
> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
2024-04-05 16:23:16 +02:00
Benjamin Yule Bädorf
f7eaef0d18
wireguard: fix flora-6 address and private key
...
Reviewed-on: pub-solar/infra#129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
2024-04-05 11:26:38 +00:00
Benjamin Yule Bädorf
621e9336ed
wireguard: add basic keys
2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
eacf60974c
wireguard: initial commit
2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
9433a8aea7
mediawiki: update to v1.41.1
2024-03-30 00:10:09 +01:00
b12f
6aea728583
Merge branch 'main' into feat/security-txt
2024-03-25 15:38:30 +00:00
Benjamin Yule Bädorf
b9cffad02a
matrix: set forgotten_room_retention_period to 7d
...
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.
The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf
2bb2247716
website: add security.txt
...
Ref: pub-solar/legal#11
2024-03-23 11:07:04 +01:00
teutat3s
c49ffb2d5b
fix: nginx duplicate default server
...
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
2024-02-25 23:02:00 +01:00