teutat3s
998cf4c63d
website: force HTTPS
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:03:43 +02:00
teutat3s
a0b52d51e5
nachtigall: make postgres wait for zfs mount
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
teutat3s
701c62dd69
tests: create keycloak test, add working test for website
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 09:55:25 +02:00
teutat3s
b6be95d032
Merge pull request 'Maintenance + security updates for element, forgejo, mastodon, matrix-synapse' ( #221 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#221
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-08-24 01:11:41 +00:00
teutat3s
99308bfe24
Merge pull request 'secrets: ensure no final newline in editorconfig' ( #220 ) from no-newline-for-secrets into main
...
Reviewed-on: pub-solar/infra#220
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-08-22 13:13:45 +00:00
teutat3s
50eb1d4f32
flake.lock: Update
...
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/3f1dae074a12feb7327b4bf43cbac0d124488bb7' (2024-07-30)
→ 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/91010a5613ffd7ee23ee9263213157a1c422b705' (2024-08-06)
→ 'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b' (2024-08-05)
→ 'github:nixos/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21)
• Updated input 'unstable':
'github:nixos/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04)
→ 'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
2024-08-22 11:59:47 +02:00
teutat3s
c0fcf2352f
secrets: ensure no final newline
2024-08-21 16:39:14 +02:00
teutat3s
3708d77d9b
Merge pull request 'Update docker, forgejo, systemd and others' ( #219 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#219
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-07 11:55:29 +00:00
teutat3s
7f2bfd923f
loki: move data dir to /data disk with more room
2024-08-07 10:19:53 +02:00
teutat3s
30d18c725a
revert: overlay for element-web and matrix-synapse
...
both packages now have the desired version available in nixos-24.05
2024-08-07 10:09:37 +02:00
teutat3s
387d97a2ea
flake.lock: Update
...
Flake lock file updates:
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
→ 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
• Updated input 'flake-parts/nixpkgs-lib':
'5daf051448
.tar.gz?narHash=sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI%3D' (2024-07-01)
→ 'a5d394176e
.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/0413754b3cdb879ba14f6e96915e5fdf06c6aab6' (2024-07-27)
→ 'github:lnl7/nix-darwin/91010a5613ffd7ee23ee9263213157a1c422b705' (2024-08-06)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/12bf09802d77264e441f48e25459c10c93eada2e' (2024-07-29)
→ 'github:nixos/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b' (2024-08-05)
• Updated input 'unstable':
'github:nixos/nixpkgs/52ec9ac3b12395ad677e8b62106f0b98c1f8569d' (2024-07-28)
→ 'github:nixos/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04)
2024-08-06 21:17:23 +02:00
teutat3s
6f2eeeb99e
Merge pull request 'Update element-web, matrix-synapse, nextcloud and misc packages' ( #218 ) from flake-input-updates into main
...
Reviewed-on: pub-solar/infra#218
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-07-31 11:33:33 +00:00
teutat3s
21a28e1212
element-web, matrix-synapse: pull in updates early
...
element-web 1.11.72 fixes support for Firefox ESR. Also get the latest
matrix-synapse version 1.112.0 while we're at it.
2024-07-31 11:45:58 +02:00
teutat3s
c3bf5df1d8
flake.lock: Update
...
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09)
→ 'github:ryantm/agenix/3f1dae074a12feb7327b4bf43cbac0d124488bb7' (2024-07-30)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/cf297a8d248db6a455b60133f6c0029c04ebe50e' (2024-07-10)
→ 'github:lnl7/nix-darwin/0413754b3cdb879ba14f6e96915e5fdf06c6aab6' (2024-07-27)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/cab6539d198792f94fbac029e5a63523604fd172' (2024-07-06)
→ 'github:srid/nixos-flake/5734c1d9a5fe0bc8e8beaf389ad6227392ca0108' (2024-07-16)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/a046c1202e11b62cbede5385ba64908feb7bfac4' (2024-07-11)
→ 'github:nixos/nixpkgs/12bf09802d77264e441f48e25459c10c93eada2e' (2024-07-29)
• Updated input 'unstable':
'github:nixos/nixpkgs/feb2849fdeb70028c70d73b848214b00d324a497' (2024-07-09)
→ 'github:nixos/nixpkgs/52ec9ac3b12395ad677e8b62106f0b98c1f8569d' (2024-07-28)
2024-07-31 11:43:47 +02:00
b12f
563aa9ef46
Merge pull request 'RSS reader' ( #217 ) from feat/tt-rss into main
...
Reviewed-on: pub-solar/infra#217
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-07-18 16:52:54 +00:00
teutat3s
8bf1e1d1a3
tt-rss: remove newlines from secrets
...
using :set noeol nofixeol in neovim
2024-07-18 17:55:45 +02:00
teutat3s
79679720ff
tt-rss: lint with treefmt
2024-07-18 17:49:29 +02:00
teutat3s
2b1a5d6f7f
secrets: revert rekey of non-related secrets
2024-07-18 17:43:10 +02:00
teutat3s
5a84628e42
tt-rss: remove newlines from secrets
...
using :set noeol nofixeol in neovim
2024-07-18 17:36:12 +02:00
teutat3s
0fc0c6d595
tt-rss: use git.tt-rss.org instead of gitlab
...
gitlab repo was throwing HTTP 500 errors
2024-07-18 17:35:05 +02:00
Benjamin Yule Bädorf
13c381ff3d
rss: fix auth build, fix nginx group rights, log to stdout
2024-07-17 18:50:06 +02:00
Benjamin Yule Bädorf
c59fac512e
secrets: rekey for nachtigalls tt-rss secrets
2024-07-17 18:49:36 +02:00
Benjamin Yule Bädorf
68be6b9303
tt-rss: fix secret paths, add plugin sha
2024-07-17 15:22:59 +02:00
Benjamin Yule Bädorf
8ce50bb73b
tt-rss: add pub.solar specific configuration
2024-07-17 15:22:58 +02:00
Benjamin Yule Bädorf
cf830a9770
tt-rss: module init
2024-07-17 15:22:57 +02:00
teutat3s
0685d16d33
Merge pull request 'mediawiki: update to 1.42.1' ( #216 ) from mediawiki-update into main
...
Reviewed-on: pub-solar/infra#216
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-07-17 13:09:03 +00:00
teutat3s
e1e0faa592
docs: updates for mediawiki maintenances
2024-07-15 18:51:15 +02:00
teutat3s
26e96dfac5
mediawiki: update to v1.42.1
2024-07-15 18:51:10 +02:00
teutat3s
730c6ccb61
Merge pull request 'Update element-web, php and misc' ( #214 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#214
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-07-12 12:32:24 +00:00
teutat3s
35c554bbc3
flake.lock: Update
...
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
→ 'github:ryantm/agenix/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6' (2024-07-09)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/0f89b73f41eaa1dde67b291452c181d9a75f10dd' (2024-07-07)
→ 'github:lnl7/nix-darwin/cf297a8d248db6a455b60133f6c0029c04ebe50e' (2024-07-10)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07)
→ 'github:nixos/nixpkgs/a046c1202e11b62cbede5385ba64908feb7bfac4' (2024-07-11)
• Updated input 'unstable':
'github:nixos/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03)
→ 'github:nixos/nixpkgs/feb2849fdeb70028c70d73b848214b00d324a497' (2024-07-09)
2024-07-12 09:47:57 +02:00
teutat3s
5e6784f21a
Merge pull request 'Maintenance updates forgejo, matrix-synapse, nextcloud' ( #213 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#213
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-07-09 07:54:46 +00:00
teutat3s
dfb523133e
mastodon: remove overlay for security update, new
...
version landed in NixOS 24.05
2024-07-08 18:36:48 +02:00
teutat3s
70ae84272c
flake.lock: Update
...
Flake lock file updates:
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01)
→ 'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
• Updated input 'flake-parts/nixpkgs-lib':
'eb9ceca17d
.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
→ '5daf051448
.tar.gz?narHash=sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI%3D' (2024-07-01)
• Updated input 'home-manager':
'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
→ 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/50581970f37f06a4719001735828519925ef8310' (2024-06-23)
→ 'github:lnl7/nix-darwin/0f89b73f41eaa1dde67b291452c181d9a75f10dd' (2024-07-07)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/8cefa1e7af06d366f5d3fd7c97e9edbf4d38c476' (2024-06-26)
→ 'github:srid/nixos-flake/cab6539d198792f94fbac029e5a63523604fd172' (2024-07-06)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/89c49874fb15f4124bf71ca5f42a04f2ee5825fd' (2024-06-26)
→ 'github:nixos/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07)
• Updated input 'nixpkgs-head':
'github:nixos/nixpkgs/f2a40608e6b55661cac28e473e28b6208da53c01' (2024-07-04)
→ 'github:nixos/nixpkgs/acbecbb607c70bddfc5938b61cedbff3cfb1fc39' (2024-07-08)
• Updated input 'unstable':
'github:nixos/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24)
→ 'github:nixos/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03)
2024-07-08 18:35:30 +02:00
teutat3s
9e2d9a06b3
Merge pull request 'security: update mastodon to 4.2.10' ( #212 ) from mastodon-4.2.10 into main
...
Reviewed-on: pub-solar/infra#212
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-07-05 10:16:39 +00:00
teutat3s
f8f67b8908
security: update mastodon to 4.2.10
...
https://github.com/mastodon/mastodon/releases/tag/v4.2.10
* Fix incorrect permission checking on multiple API endpoints (GHSA-58x8-3qxw-6hm7)
* Fix incorrect authorship checking when processing some activities (CVE-2024-37903, GHSA-xjvf-fm67-4qc3)
* Fix ongoing streaming sessions not being invalidated when application tokens get revoked (GHSA-vp5r-5pgw-jwqx)
2024-07-05 12:03:14 +02:00
teutat3s
57a5ace727
Merge pull request 'flake updates, update grafana dashboard' ( #211 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#211
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-07-04 11:07:27 +00:00
teutat3s
7ce66f38fc
grafana: update dashboard json, select nachtigall by default
2024-07-02 19:04:52 +02:00
teutat3s
b4dd570b2d
docs: use IPv4 for ZFS remote unlocking
2024-06-27 18:39:27 +02:00
teutat3s
bdd4290e8d
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixos-flake':
'github:srid/nixos-flake/6335b2f05f007b95ac2438b0a55498f9f20e73f7' (2024-06-22)
→ 'github:srid/nixos-flake/8cefa1e7af06d366f5d3fd7c97e9edbf4d38c476' (2024-06-26)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/dd457de7e08c6d06789b1f5b88fc9327f4d96309' (2024-06-19)
→ 'github:nixos/nixpkgs/89c49874fb15f4124bf71ca5f42a04f2ee5825fd' (2024-06-26)
• Updated input 'simple-nixos-mailserver/flake-compat':
'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
→ 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'simple-nixos-mailserver/utils':
'github:numtide/flake-utils/5021eac20303a61fafe17224c087f5519baed54d' (2020-11-14)
→ 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
• Added input 'simple-nixos-mailserver/utils/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'unstable':
'github:nixos/nixpkgs/a71e967ef3694799d0c418c98332f7ff4cc5f6af' (2024-06-22)
→ 'github:nixos/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24)
2024-06-27 16:53:25 +02:00
teutat3s
0b0074a65b
Merge pull request 'flake: update to NixOS 24.05' ( #203 ) from nixos-24.05 into main
...
Reviewed-on: pub-solar/infra#203
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-27 14:47:18 +00:00
teutat3s
f5034c4e08
Merge pull request 'zfs: enable scrub once per month' ( #210 ) from zfs-enable-scrub into main
...
Reviewed-on: pub-solar/infra#210
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-23 14:21:13 +00:00
teutat3s
f0347b945c
Merge pull request 'Updates for element-web, forgejo, nextcloud, synapse and more' ( #209 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#209
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-23 14:10:12 +00:00
teutat3s
2ebe4bd109
loki: fix invalid config max_look_back_period,
...
seems no longer used in loki 3
2024-06-23 15:19:20 +02:00
teutat3s
e90d923e91
flake: update simple-mailserver to nixos-24.05
2024-06-23 15:19:20 +02:00
teutat3s
bc9ac6011e
flake: update to NixOS 24.05
...
Fix warnings:
trace: warning: The option `services.nextcloud.extraOptions' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings'.
trace: warning: The option `services.nextcloud.skeletonDirectory' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.skeletondirectory'.
trace: warning: The option `services.nextcloud.config.overwriteProtocol' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.overwriteprotocol'.
trace: warning: The option `services.matrix-synapse.sliding-sync' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.matrix' has been renamed to `services.matrix-sliding-sync'.
Fix errors:
loki: fix config for version 3+
keycloak: declarative-user-profile feature is now enabled by default
error: A definition for option `programs.gnupg.agent.pinentryPackage' is not of type `null or package'. Definition values:
- In `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.forgejo': "curses"
2024-06-23 15:19:18 +02:00
teutat3s
153ef69daf
metronom: enable ZFS auto scrub once per month
2024-06-23 15:16:04 +02:00
teutat3s
af5abfc712
nachtigall: enable ZFS auto scrub once per month
2024-06-23 15:14:30 +02:00
teutat3s
99f84268e7
nextcloud: fine tune for performance, following
...
https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html
2024-06-23 15:01:37 +02:00
teutat3s
f38aa289ea
matrix-synapse: enable more useful logging
2024-06-23 15:00:40 +02:00
teutat3s
aa244087d3
forgejo: use latest version from unstable for security fixes
...
error: Package ‘forgejo-1.20.6-1-unstable-2024-04-18’ in /nix/store/qk1dpz44db85rhd8lr4j6i2hkn9j5hg4-source/pkgs/applications/version-management/forgejo/default.nix:147 is marked as insecure, refusing to evaluate.
Known issues:
- Forgejo v1.20.x is EOL
- OAuth2 implementation does not always require authentication for public clients
2024-06-22 20:55:50 +02:00