Commit graph

201 commits

Author SHA1 Message Date
Benjamin Yule Bädorf 2bb2247716
website: add security.txt
Ref: pub-solar/legal#11
2024-03-23 11:07:04 +01:00
teutat3s 45e91d7ef1
fix: drone port should bind to localhost 2024-03-21 10:44:40 +01:00
teutat3s c49ffb2d5b
fix: nginx duplicate default server
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
2024-02-25 23:02:00 +01:00
Benjamin Yule Bädorf de04556191
nginx/miom: disable logging 2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 0e89b7f210
nginx/miom: init miom.space website
This adds an nginx configuration for https://miom.space/. MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.

This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.

On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 24b77b6de5
nginx/pub.solar: disable logging for homepage 2024-02-25 18:51:24 +01:00
teutat3s 842ec945f4
forgejo: appName option has been renamed
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
2024-02-07 19:02:04 +01:00
teutat3s d67190d175
feat: init tmate-ssh-server
https://tmate.io
2024-02-07 19:01:36 +01:00
teutat3s f43ba01ee6
feat: use forgejo NixOS module with gitea user
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
2024-02-06 12:19:45 +01:00
teutat3s 4ce188edec
metrics(matrix-synapse): enable internal MAU metrics
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#mau_stats_only
2024-02-01 15:51:55 +01:00
teutat3s 62c248348a
Merge pull request 'feat(grafana): add synapse dashboard' (#106) from feat/grafana-synapse-dashboard into main
Reviewed-on: pub-solar/infra#106
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-01 10:31:43 +00:00
teutat3s 031bab4a4e
fix(nextcloud): interned_strings_buffer should be
powers of 2
2024-02-01 11:21:10 +01:00
teutat3s 33d80dc558
feat(grafana): add synapse dashboard
Source:
https://github.com/element-hq/synapse/blob/master/contrib/grafana/synapse.json
2024-01-30 20:00:41 +01:00
teutat3s 576ceb6875
fix(matrix-synapse): mail hostname, missing tls
setting on metrics listener
2024-01-30 19:42:48 +01:00
teutat3s 69b976607f
fix(matrix-synapse): make sure to find element in
list of config.services.matrix-synapse.settings.listeners that sets
type = "metrics" instead of just using the first element in the list
2024-01-29 00:44:53 +01:00
teutat3s 62429bca08
fix(matrix-synapse): make sure to find element in
list of config.services.matrix-synapse.settings.listeners.*.resources
that sets names = "client" instead of just using the first element in the list of listeners
2024-01-29 00:44:53 +01:00
teutat3s 3cfdd9d20a
refactor(matrix-synapse): get first listener port 2024-01-29 00:44:52 +01:00
teutat3s 2f75ae7e62
feat(matrix-synapse): enable metrics
Following:
https://github.com/matrix-org/synapse/blob/develop/docs/metrics-howto.md
2024-01-29 00:44:13 +01:00
teutat3s 815033c764
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s b3b3725c9f
feat: php opcache tuning for nextcloud
https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#:~:text=opcache.jit%20%3D%201255%20opcache.jit_buffer_size%20%3D%20128m
2024-01-25 20:19:32 +01:00
teutat3s be668fbb17
fix: nextcloud likes interned strings buffer > 8
7cf6f51516 made a wrong assumption
2024-01-23 22:18:58 +01:00
teutat3s ffdf55993f
fix(nginx): [warn] could not build optimal proxy_headers_hash
nginx: [warn] could not build optimal proxy_headers_hash, you should
increase either proxy_headers_hash_max_size: 2048 or
proxy_headers_hash_bucket_size: 64; ignoring
proxy_headers_hash_bucket_size
2024-01-17 15:16:06 +01:00
teutat3s 94ae6c9302
fix(mastodon): use working unix sockets for streaming api
The streaming API is currently unusable because we still pass traffic
to the old unix socket path.
Since c82195d9e8 (diff-157b1ef68573bbec951d6e551513a555e2d1ca7a161a68f1978b11d39a0bef1eR789-R803)
there are multiple unix sockets involved.
2024-01-17 10:32:03 +01:00
teutat3s 5590b5b1b3
fix: remove QuickInstantCommons extension
Docker image updated in 529554b4d1

Seems currently broken:
https://wiki.pub.solar/index.php/Special:RecentChanges with the
extension enabled throws:

Internal error LogicException: Backend with name 'wikimediacommons-backend' already registered.
2024-01-08 21:53:14 +01:00
teutat3s 8d06c61d2f
fix: remove duplicate wgLogo setting 2024-01-08 17:56:48 +01:00
teutat3s 1d018ade9b
feat: enable InstantCommons
https://www.mediawiki.org/wiki/InstantCommons
https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#InstantCommons
2024-01-08 17:56:33 +01:00
teutat3s 05f7dbe262
feat: enable wgUseInstantCommons
https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#InstantCommons
2024-01-08 17:42:57 +01:00
teutat3s a7f98c2d45
fix: ensure mediawiki logo survives updates 2024-01-08 14:35:43 +01:00
teutat3s a59e9cb6ea
feat: update mediawiki to 1.41.0, enable extension
TemplateStyles

https://gerrit.wikimedia.org/g/mediawiki/core/%2B/REL1_41/RELEASE-NOTES-1.41
2024-01-08 14:14:34 +01:00
teutat3s f2217a1409
feat: shutdown freenode IRC bridge, use shorter
IRC aliases, use nixos matrix-synapse service config for homeserver port
2024-01-07 20:15:16 +01:00
Hendrik Sokolowski 0fe02a9f73
fix uploads path eventually (#92)
yeah yeah

Reviewed-on: pub-solar/infra#92
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de>
Co-committed-by: Hendrik Sokolowski <hensoko@gssws.de>
2024-01-07 16:18:43 +00:00
Hendrik Sokolowski b37ad608a4
update mediawiki config (#91)
* disable logging to /dev/stderr
* fix upload path

Reviewed-on: pub-solar/infra#91
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de>
Co-committed-by: Hendrik Sokolowski <hensoko@gssws.de>
2024-01-07 15:44:21 +00:00
teutat3s 7e8f3c8cf5
fix: update forgejo-actions-runner token, use
docker image from https://git.pub.solar/pub-solar/actions-base-image
2023-12-29 19:26:43 +01:00
teutat3s afca5c3735
chore: bump Nextcloud to version 28 2023-12-28 17:38:41 +01:00
teutat3s a310b414f7
fix: update well-known for sliding-sync 2023-12-16 14:57:36 +01:00
teutat3s 768d4c78bc
fix: use nginx locations recommended by upstream
https://github.com/matrix-org/sliding-sync#same-hostname
2023-12-16 14:48:08 +01:00
teutat3s 14fa3fdec2
feat(matrix): enable sliding-sync
Sliding Sync is an implementation of MSC3575 and a prerequisite for
running the new (still beta) Element X clients (Element X iOS and
Element X Android).

https://github.com/matrix-org/sliding-sync
https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md
2023-12-16 13:53:34 +01:00
teutat3s d734adce58
fix: new Greenbaum mail server is mail.greenbaum.zone 2023-12-13 20:45:35 +01:00
teutat3s e3d4f61a42
feat(nachtigall): send logs to loki, https+basic auth
Use caddy as reverse proxy for loki on flora-6, add basic auth

Add promtail to nachtigall, push logs to flora-6
2023-12-13 19:18:56 +01:00
teutat3s 10bb3295de
fix: grafana editor role is unused for now 2023-12-13 17:52:01 +01:00
teutat3s e8cf4dceb0
fix(flora-6): allow traffic from br-+ interfaces 2023-12-13 17:51:34 +01:00
teutat3s 1b9a6bb0c2
fix: don't ignore interfaces that can change 2023-12-13 02:12:12 +01:00
teutat3s 219b67df20
fix: add 4 logs retention for loki 2023-12-13 02:12:12 +01:00
teutat3s 6c1fa290e8
feat(prometheus): add job to scrape nachtigall.pub.solar 2023-12-13 02:12:12 +01:00
teutat3s d5b59ea18a
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
2023-12-13 02:12:11 +01:00
teutat3s fdda65eea9
feat: init loki 2023-12-13 02:12:11 +01:00
teutat3s 0e290f080e
feat(grafana): provision node-exporter dashboard 2023-12-13 02:12:11 +01:00
teutat3s 6b15d72d85
fix: systemd-networkd-wait-online timing out 2023-12-13 02:12:11 +01:00
teutat3s 2f7eccc970
fix: grafana root_url needs https://, role mapping 2023-12-13 02:12:11 +01:00
teutat3s 8dc908aabd
feat(flora-6): init grafana + prometheus on
grafana.pub.solar
2023-12-13 02:12:10 +01:00