teutat3s
c18a9da4e9
keycloak: update docs to use admin-cli client
...
instead of ops user
2024-06-10 20:35:40 +02:00
teutat3s
b687997390
docs: centralize SSH access docs
2024-06-10 20:35:40 +02:00
teutat3s
bc3752683b
keycloak: add docs how to delete unverified accounts
2024-06-10 20:35:36 +02:00
teutat3s
1ae6d9ecfe
Merge pull request 'loki tuning, lock down SSH for tankstelle, tweak nextcloud SMTP settings' ( #205 ) from misc-fixes into main
...
Reviewed-on: pub-solar/infra#205
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-10 10:41:57 +00:00
teutat3s
e2691988bf
nextcloud: use port 465 and TLS/SSL for mail transfer
2024-06-08 23:54:05 +02:00
teutat3s
d3fedd84e9
loki: tune settings, enable cache
2024-06-08 23:53:43 +02:00
teutat3s
d8866860d5
prometheus-node-exporter: use version 1.8.1 to fix
...
error message spamming logs
2024-06-08 23:52:53 +02:00
teutat3s
e127c668f6
metronom, tankstelle: cleanup for SSH only via wireguard
2024-06-08 23:52:08 +02:00
teutat3s
ba76973cc5
Merge pull request 'fix promtail host label' ( #204 ) from fix-promtail-label into main
...
Reviewed-on: pub-solar/infra#204
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-06 17:50:08 +00:00
teutat3s
6ea916603c
networking: set networking.domain in core module
2024-06-06 19:30:11 +02:00
teutat3s
bae41b07a8
promtail: use hostName to set label
2024-06-06 19:29:42 +02:00
teutat3s
3b865a688c
Merge pull request 'Add metronom + tankstelle to grafana + loki' ( #202 ) from monitor-metronom-tankstelle into main
...
Reviewed-on: pub-solar/infra#202
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-06 16:41:22 +00:00
teutat3s
eaed05c834
style: apply treefmt
2024-06-06 12:56:55 +02:00
teutat3s
9707edf2de
docs: add example for wireguard client config
2024-06-06 12:54:31 +02:00
teutat3s
2fdfd3b80e
docs: fix syntax in example
2024-06-06 12:54:14 +02:00
teutat3s
4350cbf7c4
tankstelle: add promtail, prometheus node-exporter
...
for monitoring, configure wireguard between flora-6 and tankstelle
2024-06-06 12:53:49 +02:00
teutat3s
b93608a8fa
metronom: add promtail, prometheus node-exporter
...
configure wireguard to push logs to and scrape metrics from flora-6
open firewall for node-exporter port on wg-ssh interface
2024-06-06 12:52:55 +02:00
teutat3s
6143f56c01
flake: use DNS hostnames for deploy-rs
2024-06-06 12:50:24 +02:00
teutat3s
008e14f2d2
mail: add missing NixOS module to metronom
2024-06-06 12:49:58 +02:00
teutat3s
509a40b829
Merge pull request 'update mastodon, matrix-synapse, nextcloud, php, ruby, and others' ( #201 ) from chore/updates into main
...
Reviewed-on: pub-solar/infra#201
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-06 09:21:12 +00:00
teutat3s
6aa18b0a2c
flake: update inputs
...
• Updated input 'element-themes':
'github:aaronraimist/element-themes/2368b58c16d2c4aabb82a245f036d228cbb6e5f5' (2024-02-12)
→ 'github:aaronraimist/element-themes/6ed3a981191cbd59f03ea530f16e096b9a4c278c' (2024-05-28)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/8dc45382d5206bd292f9c2768b8058a8fd8311d9' (2024-05-16)
→ 'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01)
• Updated input 'flake-parts/nixpkgs-lib':
'50eb7ecf4c
.tar.gz?narHash=sha256-QBx10%2Bk6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94%3D' (2024-05-02)
→ 'eb9ceca17d
.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
• Updated input 'home-manager':
'github:nix-community/home-manager/2c78a57c544dd19b07442350727ced097e1aa6e6' (2024-05-26)
→ 'github:nix-community/home-manager/095ef64aa3b2ab4a4f1bf07f29997e21e3a5576a' (2024-06-04)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/0bea8222f6e83247dd13b055d83e64bce02ee532' (2024-05-24)
→ 'github:lnl7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22)
→ 'github:nixos/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446' (2024-05-31)
• Updated input 'unstable':
'github:nixos/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24)
→ 'github:nixos/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
2024-06-05 02:08:13 +02:00
teutat3s
10ed117dfe
Merge pull request 'loki, prometheus, promtail should connect via wireguard' ( #200 ) from loki-prometheus-via-wireguard into main
...
Reviewed-on: pub-solar/infra#200
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-05 00:04:40 +00:00
teutat3s
e93a56e594
nginx: use square brackets for IPv6 address
2024-06-05 01:59:54 +02:00
teutat3s
27c239b985
loki: allow port 3100 in firewall for wg-ssh interface
2024-06-05 01:59:44 +02:00
teutat3s
61ea0ad7c2
networking: add internal IPv6 wireguard IPs to /etc/hosts
2024-06-03 12:33:51 +02:00
teutat3s
8f1b932fdc
docs: update unlocking ZFS pool
2024-06-03 12:30:08 +02:00
teutat3s
56f692740e
networking: use *.wg.pub.solar in /etc/hosts
...
instead of overriding IPs for existing DNS records, to reduce suprises
when DNS records are different depending on the host.
Add metronom + tankstelle internal wireguard IPs, too.
2024-06-03 12:28:33 +02:00
teutat3s
0286719dce
dns: add internal *.wg.pub.solar VPN records
2024-06-01 16:51:49 +02:00
teutat3s
20ebf92f1f
loki, promtail, prometheus: remove basic auth, use
...
wireguard to secure connections
2024-06-01 16:51:14 +02:00
teutat3s
a10027ed21
Merge pull request 'Init mail.pub.solar' ( #196 ) from feat/mail into main
...
Reviewed-on: pub-solar/infra#196
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-31 15:22:28 +00:00
teutat3s
8f46e22636
docs: updates for metronom / mail
2024-05-31 16:52:04 +02:00
teutat3s
0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH
...
port access to wireguard only
2024-05-31 16:52:04 +02:00
teutat3s
9a9dccf5bb
mail: move NixOS module to modules
2024-05-31 16:52:04 +02:00
teutat3s
fcd9af314e
mail: update teutat3s password
2024-05-31 16:52:04 +02:00
teutat3s
c5dfb472f8
style: treefmt
2024-05-31 16:52:04 +02:00
teutat3s
9d8026a31a
mail(treewide): update mail.greenbaum.zone -> mail.pub.solar
2024-05-31 16:52:04 +02:00
teutat3s
1ca1168d7a
mail: switch to mail.pub.solar
2024-05-31 16:52:04 +02:00
teutat3s
a3f7afd7a0
docs: add metronom to deploy docs, style: format
2024-05-31 16:52:03 +02:00
teutat3s
a424152f94
dns: add test mail records for metronom.pub.solar
...
DKIM, DMARC, SPF, MX
2024-05-31 16:52:03 +02:00
teutat3s
b6f64a1e04
mail: add more @pub.solar mail accounts
2024-05-31 16:52:03 +02:00
teutat3s
9635367c82
dns: add metronom.pub.solar
2024-05-31 16:52:03 +02:00
Benjamin Yule Bädorf
3bcdd33b5a
deploy: use system from host configuration
2024-05-31 16:52:03 +02:00
Hendrik Sokolowski
af233793fb
initial work on mail
2024-05-31 16:52:01 +02:00
teutat3s
6d8d34123f
Merge pull request 'ci: add self-hosted runner tankstelle' ( #198 ) from feat/add-tankstelle into main
...
Reviewed-on: pub-solar/infra#198
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-31 14:49:20 +00:00
teutat3s
2b873f8d3e
Merge pull request 'alerts: alert for uptime after 90 days instead of 30 days' ( #199 ) from alerts-tweak-uptime into main
...
Reviewed-on: pub-solar/infra#199
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-31 14:48:12 +00:00
teutat3s
941eff6d87
tankstelle: configure wireguard
2024-05-30 19:17:21 +02:00
teutat3s
b039dec111
ci: update results path to prevent garbage collection
2024-05-30 19:04:40 +02:00
teutat3s
5aa1276e85
ci: add nix to PATH
2024-05-30 19:04:40 +02:00
teutat3s
cc70a740a1
ci: run actions runner as normal user
2024-05-30 19:04:40 +02:00
teutat3s
866785ef47
style: format using treefmt
2024-05-30 19:04:40 +02:00