Commit graph

25 commits

Author SHA1 Message Date
teutat3s 67b9b84e01
backups: reduce chances for lock race
Start one backup per hour each night
2024-05-15 21:00:41 +02:00
teutat3s e52324209f
alertmanager: fix SMTP secret 2024-05-15 17:15:46 +02:00
teutat3s bd4241e71d
caddy: use alerts.pub.solar domain for vhost 2024-05-15 16:17:54 +02:00
teutat3s d1a68a7c13
secrets: fix too open permissions 2024-05-15 16:01:44 +02:00
teutat3s 9245fa6797
alertmanager: finalize init 2024-05-15 16:01:44 +02:00
teutat3s a8a8155114
style: treefmt with nixfmt-rfc-style 2024-05-15 16:01:44 +02:00
Pablo Ovelleiro Corral 11f5557a7a
Add reverseproxy for alerts.pub.solar
Co-authored-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-15 16:01:43 +02:00
Pablo Ovelleiro Corral 7e2bcfc5cf
Add alertmanager config 2024-05-15 16:01:42 +02:00
teutat3s 2ca0bd7c3e
style: run treefmt 2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf 68278ad983
refactor: use options for config parts
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00
teutat3s ff9703e542
matrix: init stickerpicker 2024-05-07 17:47:55 +02:00
teutat3s c738f2d41f
modules: remove leftover apps dir 2024-04-30 00:57:46 +02:00
Pablo Ovelleiro Corral 512ab12de1
Put modules into uniform folders 2024-04-28 19:17:09 +02:00
Benjamin Yule Bädorf ef94681e11
refactor: Move all apps into modules 2024-04-28 18:07:28 +02:00
teutat3s 8743ea7b0c
networking: add wireguard hosts to /etc/hosts
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 19:54:09 +00:00
Benjamin Yule Bädorf b1519c8f22
ssh: only allow ssh on wireguard interface 2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
teutat3s 815033c764
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s 38a6e5e084
fix: add nix registry setting to speed up ad-hoc flake
usage, e.g. via nix shell nixpkgs#<flake-name>
2023-11-16 22:05:04 +01:00
b12f f5185e5c15
feat: add mediawiki
Co-authored-by: @teutat3s <teutates@mailbox.org>
2023-11-15 21:40:29 +01:00
teutat3s d5922ff2b8
fix: disable DNSSEC for now because of an issue in
systemd https://github.com/systemd/systemd/issues/10579

Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone

❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone

; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A

;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82

;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE  rcvd: 121
2023-11-15 18:54:32 +00:00
teutat3s 9c1d19d49f
nachtigall: move SSH private key from user to host 2023-11-15 18:54:32 +00:00
teutat3s 7be3567e6d
flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
Benjamin Bädorf 20fbcbb571
fix: two typos 2023-11-06 21:07:24 +00:00
Benjamin Bädorf e8ad662631
refactor: change file structure to use modules dir
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00