Commit graph

486 commits

Author SHA1 Message Date
b12f 37ebcb3669
Merge pull request 'website: add security.txt' (#122) from feat/security-txt into main
Reviewed-on: pub-solar/infra#122
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-03-25 16:26:17 +00:00
b12f 6aea728583
Merge branch 'main' into feat/security-txt 2024-03-25 15:38:30 +00:00
b12f a5e72f9cc7
Merge pull request 'matrix: set forgotten_room_retention_period to 7d' (#124) from matrix/room-retention-period into main
Reviewed-on: pub-solar/infra#124
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-03-25 15:38:24 +00:00
Benjamin Yule Bädorf b9cffad02a
matrix: set forgotten_room_retention_period to 7d
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.

The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf 2bb2247716
website: add security.txt
Ref: pub-solar/legal#11
2024-03-23 11:07:04 +01:00
teutat3s ef943f02e3
Merge pull request 'Update element-web, matrix-synapse' (#121) from chore/flake-updates into main
Reviewed-on: pub-solar/infra#121
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-03-21 10:24:34 +00:00
teutat3s 45e91d7ef1
fix: drone port should bind to localhost 2024-03-21 10:44:40 +01:00
teutat3s e33529ad4b
chore: bump flake inputs 2024-03-21 10:44:16 +01:00
b12f 1f8e53053b
Merge pull request 'public-keys: update b12f ssh keys with new yubikeys' (#120) from b12f/public-keys-update into main
Reviewed-on: pub-solar/infra#120
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-03-20 10:51:41 +00:00
Benjamin Yule Bädorf c8c10269c4
public-keys: update b12f ssh keys with new yubikeys 2024-03-20 11:27:23 +01:00
teutat3s 27116f053a
Merge pull request 'chore: updates for element-web, forgejo, mastodon, nextcloud' (#119) from chore/updates into main
Reviewed-on: pub-solar/infra#119
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-03-05 22:38:52 +00:00
teutat3s b76b7821a7
chore: update flake inputs
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/1776009f1f3fb2b5d236b84d9815f2edee463a9b' (2024-01-10)
  → 'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
  → 'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd' (2024-02-12)
  → 'github:lnl7/nix-darwin/daa03606dfb5296a22e842acb02b46c1c4e9f5e7' (2024-03-04)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/3891b2030114f8661402991eac9be0ed59f786ae' (2024-02-09)
  → 'github:srid/nixos-flake/50203d68b305abff2f29e555992eb55ddeffbcd5' (2024-02-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/617579a787259b9a6419492eaac670a5f7663917' (2024-03-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
  → 'github:nixos/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
• Removed input 'nixpkgs-head'
2024-03-05 21:39:19 +01:00
teutat3s 14e689486b
Merge pull request 'fix: nginx duplicate default server' (#118) from fix/nginx-duplicate-default-server into main
Reviewed-on: pub-solar/infra#118
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-25 22:07:52 +00:00
teutat3s c49ffb2d5b
fix: nginx duplicate default server
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
2024-02-25 23:02:00 +01:00
b12f aa607396e4
Merge pull request 'nginx/miom: init miom.space website' (#116) from feat/miom.space into main
Reviewed-on: pub-solar/infra#116
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-02-25 21:42:03 +00:00
Benjamin Yule Bädorf de04556191
nginx/miom: disable logging 2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 0e89b7f210
nginx/miom: init miom.space website
This adds an nginx configuration for https://miom.space/. MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.

This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.

On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
2024-02-25 21:41:06 +00:00
b12f 1878595af2
Merge pull request 'nginx/pub.solar: disable logging for homepage' (#117) from privacy/website-no-logging into main
Reviewed-on: pub-solar/infra#117
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-02-25 18:10:30 +00:00
Benjamin Yule Bädorf 24b77b6de5
nginx/pub.solar: disable logging for homepage 2024-02-25 18:51:24 +01:00
Akshay Mankar 50fa98eebb
Merge pull request 'security: Upgrade mastodon to 4.2.7' (#114) from mastodon-4.2.7 into main
Reviewed-on: pub-solar/infra#114
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-16 13:47:58 +00:00
Akshay Mankar f7d7964299
security: Upgrade mastodon to 4.2.7 2024-02-16 13:22:39 +01:00
Akshay Mankar afcfb4fe0f
Merge pull request 'chore: nix flake update' (#113) from flake-update-16-02 into main
Reviewed-on: pub-solar/infra#113
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-16 09:23:32 +00:00
Akshay Mankar bbc01be474
chore: nix flake update 2024-02-16 10:13:32 +01:00
teutat3s 0bf113e3a9
Merge pull request 'feat: init tmate-ssh-server' (#112) from feat/tmate into main
Reviewed-on: pub-solar/infra#112
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-02-14 20:32:14 +00:00
teutat3s 842ec945f4
forgejo: appName option has been renamed
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
2024-02-07 19:02:04 +01:00
teutat3s d67190d175
feat: init tmate-ssh-server
https://tmate.io
2024-02-07 19:01:36 +01:00
teutat3s 840a250278
Merge pull request 'chore: update element-web, keycloak, matrix-synapse, nextcloud, misc' (#110) from chore/bump-flake-inputs into main
Reviewed-on: pub-solar/infra#110
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-07 16:46:11 +00:00
teutat3s b54ff7d6bf
Merge pull request 'feat: use forgejo NixOS module with gitea user' (#111) from feat/forgejo-module into main
Reviewed-on: pub-solar/infra#111
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-07 16:46:02 +00:00
teutat3s 700173a874
Merge pull request 'dns: add DKIM record to pub.solar domain' (#109) from feat/dkim into main
Reviewed-on: pub-solar/infra#109
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-07 16:45:26 +00:00
teutat3s f43ba01ee6
feat: use forgejo NixOS module with gitea user
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
2024-02-06 12:19:45 +01:00
teutat3s fcc74784ea
fix: remove mastodon version 4.2.5 overlay
It's now included in nixos-23.11
2024-02-06 10:57:28 +01:00
teutat3s bf0ab84979
chore: bump flake inputs
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/07f6395285469419cf9d078f59b5b49993198c00' (2024-01-11)
  → 'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9?dir=lib' (2023-12-30)
  → 'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19)
  → 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/00538eecf2d1a8f98a53a71c9c84f913003ec5e8' (2024-01-29)
  → 'github:lnl7/nix-darwin/bdbae6ecff8fcc322bf6b9053c0b984912378af7' (2024-02-02)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27)
  → 'github:nixos/nixpkgs/9f2ee8c91ac42da3ae6c6a1d21555f283458247e' (2024-02-05)
• Updated input 'unstable':
    'github:nixos/nixpkgs/ae5c332cbb5827f6b1f02572496b141021de335f' (2024-01-25)
  → 'github:nixos/nixpkgs/faf912b086576fd1a15fca610166c98d47bc667e' (2024-02-05)
2024-02-06 10:56:56 +01:00
teutat3s 4f558e8a9b
dns: add DKIM record 2024-02-05 22:27:34 +01:00
teutat3s 0deb8eb6be
Merge pull request 'security: update mastodon to 4.2.5' (#108) from security/mastodon-4.2.5 into main
Reviewed-on: pub-solar/infra#108
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-01 17:11:05 +00:00
teutat3s e007b034ed
security: update mastodon to 4.2.5
https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

Pull in the patch early while NixOS channels are catching to build and
cache https://github.com/NixOS/nixpkgs/pull/285565

https://nixpk.gs/pr-tracker.html?pr=285565
2024-02-01 17:59:32 +01:00
teutat3s 4eb78dd94f
Merge pull request 'metrics(matrix-synapse): enable internal MAU metrics' (#107) from metrics/synapse-mau into main
Reviewed-on: pub-solar/infra#107
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-01 15:09:58 +00:00
teutat3s 4ce188edec
metrics(matrix-synapse): enable internal MAU metrics
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#mau_stats_only
2024-02-01 15:51:55 +01:00
teutat3s 62c248348a
Merge pull request 'feat(grafana): add synapse dashboard' (#106) from feat/grafana-synapse-dashboard into main
Reviewed-on: pub-solar/infra#106
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-01 10:31:43 +00:00
teutat3s 27c0cbabf4
Merge pull request 'fix(matrix-synapse): mail hostname, missing tls setting on metrics listener' (#105) from fix/synapse-mail-and-tls into main
Reviewed-on: pub-solar/infra#105
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-01 10:31:34 +00:00
teutat3s 031bab4a4e
fix(nextcloud): interned_strings_buffer should be
powers of 2
2024-02-01 11:21:10 +01:00
teutat3s 33d80dc558
feat(grafana): add synapse dashboard
Source:
https://github.com/element-hq/synapse/blob/master/contrib/grafana/synapse.json
2024-01-30 20:00:41 +01:00
teutat3s 576ceb6875
fix(matrix-synapse): mail hostname, missing tls
setting on metrics listener
2024-01-30 19:42:48 +01:00
teutat3s 101cc3a9d2
Merge pull request 'chore: update mastodon: 4.2.3 -> 4.2.4, element-web: 1.11.54 -> 1.11.55' (#104) from chore/bump-flake-inputs into main
Reviewed-on: pub-solar/infra#104
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-01-30 16:47:31 +00:00
teutat3s 507c088316
chore: bump flake inputs
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/1e706ef323de76236eb183d7784f3bd57255ec0b' (2024-01-22)
  → 'github:lnl7/nix-darwin/00538eecf2d1a8f98a53a71c9c84f913003ec5e8' (2024-01-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d7f206b723e42edb09d9d753020a84b3061a79d8' (2024-01-22)
  → 'github:nixos/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27)
• Updated input 'unstable':
    'github:nixos/nixpkgs/612f97239e2cc474c13c9dafa0df378058c5ad8d' (2024-01-21)
  → 'github:nixos/nixpkgs/ae5c332cbb5827f6b1f02572496b141021de335f' (2024-01-25)
2024-01-29 09:57:38 +01:00
teutat3s b2e845876a
Merge pull request 'feat(matrix-synapse): enable metrics' (#100) from feat/synapse-metrics into main
Reviewed-on: pub-solar/infra#100
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-01-28 23:56:42 +00:00
teutat3s 69b976607f
fix(matrix-synapse): make sure to find element in
list of config.services.matrix-synapse.settings.listeners that sets
type = "metrics" instead of just using the first element in the list
2024-01-29 00:44:53 +01:00
teutat3s 62429bca08
fix(matrix-synapse): make sure to find element in
list of config.services.matrix-synapse.settings.listeners.*.resources
that sets names = "client" instead of just using the first element in the list of listeners
2024-01-29 00:44:53 +01:00
teutat3s 3cfdd9d20a
refactor(matrix-synapse): get first listener port 2024-01-29 00:44:52 +01:00
teutat3s 2f75ae7e62
feat(matrix-synapse): enable metrics
Following:
https://github.com/matrix-org/synapse/blob/develop/docs/metrics-howto.md
2024-01-29 00:44:13 +01:00
teutat3s 750d73a22b
Merge pull request 'fix: greenbaum manta URL for terraform remote state' (#102) from fix/manta-url into main
Reviewed-on: pub-solar/infra#102
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-01-28 23:19:35 +00:00