Commit graph

558 commits

Author SHA1 Message Date
Benjamin Bädorf 8da5f0b48a
fix: enable SSL for keycloak 2023-10-28 21:34:45 +02:00
teutat3s 8b09f19add
fix: nginx user needs access to mastodon's unix socket 2023-10-28 21:30:37 +02:00
Benjamin Bädorf 8e07034aad
feat: add keycloak secrets and virtualhost 2023-10-28 21:28:01 +02:00
Benjamin Bädorf d27328fd1f
feat: init keycloak 2023-10-28 21:23:07 +02:00
teutat3s 6f4741fae0
fix: missing nginx proxy cache zone 2023-10-28 21:12:33 +02:00
teutat3s 1983edcc5b
fix: add nginx virtualHost for mastodon
We use pub.solar as our LOCAL_DOMAIN and mastodon.pub.solar as our
WEB_DOMAIN. The NixOS module does not support this special use case.
See: https://github.com/NixOS/nixpkgs/issues/202399
2023-10-28 18:56:22 +02:00
teutat3s b718a29d3a
Merge pull request 'nginx: files.pub.solar' (#23) from feature/nginx-mastodon-files into main
Reviewed-on: pub-solar/infra-new#23
Reviewed-by: hensoko <hensoko@gssws.de>
2023-10-28 18:24:40 +02:00
teutat3s d4ab1756b3
fix: files.pub.solar force TLS, remove default site 2023-10-28 18:24:14 +02:00
Hendrik Sokolowski 1d68ed73c3
add nginx virtual host for files.pub.solar 2023-10-28 18:24:13 +02:00
teutat3s 8a0ac64eac
Merge pull request 'fix: nginx config for pub.solar website' (#22) from fix-nginx into main
Reviewed-on: pub-solar/infra-new#22
Reviewed-by: hensoko <hensoko@gssws.de>
2023-10-28 18:22:40 +02:00
teutat3s f804de372c
Merge pull request 'feat: mastodon + agenix secrets' (#13) from feat-mastodon into main
Reviewed-on: pub-solar/infra-new#13
Reviewed-by: hensoko <hensoko@gssws.de>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-10-28 18:22:31 +02:00
teutat3s c162d46094
fix: address review comments 2023-10-28 18:18:06 +02:00
teutat3s 1e19efe20e
docs: add comment about streaming processes 2023-10-28 18:07:29 +02:00
teutat3s 5ffc4f67ff
fix: nginx config for pub.solar website 2023-10-28 17:50:37 +02:00
b12f a35969e8e4
Merge pull request 'fix: ensure directory for website static files gets created' (#21) from nginx-www-website-path into main
Reviewed-on: pub-solar/infra-new#21
Reviewed-by: hensoko <hensoko@gssws.de>
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-28 17:03:44 +02:00
teutat3s 6408288049
fix: ensure directory for website static files gets created 2023-10-28 17:03:22 +02:00
teutat3s 0944b2d11c
feat: enable nginx for mastodon
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/mastodon.nix#L762-L785
2023-10-28 17:02:03 +02:00
teutat3s e43cb021ce
feat: use mastodon version 4.2.1 from our fork
This still needs updates in the NixOS module to account for the changes
in https://github.com/mastodon/mastodon/pull/24655 that change how
multiple streaming processes run. Hopefully this is fine for a single
streaming process though.

https://github.com/NixOS/nixpkgs/pull/251950
https://github.com/teutat3s/nixpkgs/tree/mastodon-4.2.1
2023-10-28 16:57:24 +02:00
teutat3s 65689ae524
chore: remove unused nachtigall user keys 2023-10-28 16:57:24 +02:00
teutat3s 2135a5e841
chore: move mastodon + postgres into apps directory 2023-10-28 16:57:23 +02:00
hensoko 0f527e3f41
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main
Reviewed-on: pub-solar/infra-new#20
2023-10-28 16:56:49 +02:00
hensoko 5dcbb8e526
Merge pull request 'feature/pub-solar-website' (#20) from feature/pub-solar-website into main
Reviewed-on: pub-solar/infra-new#20
2023-10-28 16:45:30 +02:00
Benjamin Bädorf c56f11a034
chore: remove link for PubsolarOS downloads 2023-10-28 16:31:16 +02:00
Hendrik Sokolowski 6630dd8ce6 Add nginx configuration for pub.solar website 2023-10-28 16:26:02 +02:00
Hendrik Sokolowski 05b880da4b Update to new standards 2023-10-28 16:25:48 +02:00
hensoko 1fde142895
Merge pull request 'use nginx' (#19) from feature/switch-from-caddy-to-nginx into main
Reviewed-on: pub-solar/infra-new#19
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-28 15:35:17 +02:00
Hendrik Sokolowski 710b81c94c use nginx 2023-10-28 15:34:31 +02:00
b12f f0eb3fd4f4
Merge pull request 'fix: mount zfs datasets declaratively' (#18) from fix-zfs-mount into main
Reviewed-on: pub-solar/infra-new#18
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-28 15:20:56 +02:00
teutat3s 3690b3cf9d
fix: mount zfs datasets declaratively 2023-10-28 15:19:48 +02:00
b12f 14c647e8f7
Merge pull request 'Use deploy-rs from nixpkgs, use caddy module from nixos-unstable' (#17) from deploy-rs-from-nixpkgs into main
Reviewed-on: pub-solar/infra-new#17
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-28 15:07:29 +02:00
teutat3s a5b32302c1
fix: use caddy module from nixos-unstable 2023-10-28 15:06:57 +02:00
teutat3s 3c9f9c9fc7
fix: use deploy-rs overlay to force usage of nixpkgs 2023-10-28 15:06:57 +02:00
Akshay Mankar 49890bc53d
Merge pull request 'nachtigall: Mount /var/lib as a separate ZFS dataset' (#16) from var-lib-is-zfs into main
Reviewed-on: pub-solar/infra-new#16
Reviewed-by: hensoko <hensoko@gssws.de>
2023-10-28 14:18:27 +02:00
Akshay Mankar fcc2115c0b
Merge pull request 'nachtigall/apps/caddy: Remove option from nixos-unstable' (#15) from fix-caddy into main
Reviewed-on: pub-solar/infra-new#15
Reviewed-by: hensoko <hensoko@gssws.de>
2023-10-28 14:17:13 +02:00
Akshay Mankar c42fadab6d
nachtigall: Mount /var/lib as a separate ZFS dataset
This would help keep all application data out of the root partion by default
2023-10-28 14:14:29 +02:00
Akshay Mankar bdc5033bf4
nachtigall/apps/caddy: Remove option from nixos-unstable
It is anyway enabled by default
2023-10-28 14:10:25 +02:00
b12f 44f301c772
Merge pull request 'feat: caddy' (#11) from feat/caddy into main
Reviewed-on: pub-solar/infra-new#11
Reviewed-by: teutat3s <teutates@mailbox.org>
2023-10-28 14:00:40 +02:00
Benjamin Bädorf 8aee160fd1
fix: import networking and nix modules 2023-10-28 14:00:32 +02:00
Benjamin Bädorf b921201645
feat: caddy 2023-10-28 14:00:32 +02:00
Akshay Mankar 41d6c334bc
Merge pull request 'Use nixos-23.05 instead of unstable' (#14) from use-nixos-stable into main
Reviewed-on: pub-solar/infra-new#14
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-28 14:00:29 +02:00
teutat3s b6f75c2c27
Merge pull request 'chore: remove darwin systems from flake' (#12) from flake-update-systems into main
Reviewed-on: pub-solar/infra-new#12
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-10-28 13:51:18 +02:00
teutat3s e7febf5403
chore: remove darwin systems 2023-10-28 13:48:56 +02:00
Akshay Mankar c23bc00f19
Use nixos-23.05 instead of unstable 2023-10-28 13:47:10 +02:00
Akshay Mankar 5a7d81d787
flake.nix: Fix usage of self.nixos-flake.lib.mkLinuxSystem 2023-10-28 13:46:05 +02:00
Akshay Mankar c9beea7f82
Merge pull request 'Add dev shell' (#10) from dev-shell into main
Reviewed-on: pub-solar/infra-new#10
Reviewed-by: teutat3s <teutates@mailbox.org>
2023-10-28 13:38:05 +02:00
teutat3s 3ceec80aab
chore: pin more inputs and bump flake lock
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8e8d955c22df93dbe24f19ea04f47a74adbdc5ec' (2023-07-04)
  → 'github:hercules-ci/flake-parts/c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4' (2023-10-03)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/4bc72cae107788bf3f24f30db2e2f685c9298dc9?dir=lib' (2023-06-29)
  → 'github:NixOS/nixpkgs/f5892ddac112a1e9b3612c39af1b72987ee5783a?dir=lib' (2023-09-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/f58889c07efa8e1328fdf93dc1796ec2a5c47f38' (2023-07-29)
  → 'github:nix-community/home-manager/f92a54fef4eacdbe86b0a2054054dd58b0e2a2a4' (2023-10-28)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/16c07487ac9bc59f58b121d13160c67befa3342e' (2023-07-27)
  → 'github:lnl7/nix-darwin/afe83cbc2e673b1f08d32dd0f70df599678ff1e7' (2023-10-27)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/df6fe273ff64dc29de2c93805045b5348d70bc26' (2023-07-27)
  → 'github:srid/nixos-flake/2c25190ceacdaaae7e8afbecfa87096bb499a431' (2023-08-22)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28' (2023-07-28)
  → 'github:nixos/nixpkgs/63678e9f3d3afecfeafa0acead6239cdb447574c' (2023-10-26)
• Updated input 'terranix':
    'github:terranix/terranix/c0dd15076856c6cb425795b8c7d5d37d3a1e922a' (2023-05-24)
  → 'github:terranix/terranix/fc9077ca02ab5681935dbf0ecd725c4d889b9275' (2023-09-22)
2023-10-28 13:36:43 +02:00
Akshay Mankar b788a9f383
Add dev shell 2023-10-28 12:38:14 +02:00
b12f 02e570c85a
Merge pull request 'Disable Password authentication in SSH' (#9) from ssh-disable-password into main
Reviewed-on: pub-solar/infra-new#9
2023-10-28 12:04:56 +02:00
Akshay Mankar e0c6530d97
Disable Password authentication in SSH 2023-10-28 12:01:48 +02:00
b12f 41b85714a6
Merge pull request 'hosts/nachtigall: Move config to configuration.nix' (#8) from restructure-nachtigall into main
Reviewed-on: pub-solar/infra-new#8
2023-10-28 11:56:56 +02:00