teutat3s
|
d32abd7a7f
|
wireguard: add trinkgenossin, delite, blue-shell
|
2024-08-25 00:13:53 +02:00 |
|
teutat3s
|
4350cbf7c4
|
tankstelle: add promtail, prometheus node-exporter
for monitoring, configure wireguard between flora-6 and tankstelle
|
2024-06-06 12:53:49 +02:00 |
|
teutat3s
|
b93608a8fa
|
metronom: add promtail, prometheus node-exporter
configure wireguard to push logs to and scrape metrics from flora-6
open firewall for node-exporter port on wg-ssh interface
|
2024-06-06 12:52:55 +02:00 |
|
teutat3s
|
2ca0bd7c3e
|
style: run treefmt
|
2024-05-08 22:57:07 +02:00 |
|
Benjamin Yule Bädorf
|
ef94681e11
|
refactor: Move all apps into modules
|
2024-04-28 18:07:28 +02:00 |
|
teutat3s
|
fa9ce9d435
|
gitea-actions-runner: don't run as systemd DynamicUser
to enable usage of cache outside of /var/lib/private
|
2024-04-23 15:42:33 +02:00 |
|
teutat3s
|
9541e5029e
|
flora-6: move forgejo-runner cache directory to /data
|
2024-04-23 15:12:11 +02:00 |
|
teutat3s
|
c86e22b292
|
ci: update forgejo-runner to version 3.4.1
https://github.com/NixOS/nixpkgs/pull/301383
|
2024-04-23 00:38:53 +02:00 |
|
teutat3s
|
c07d24f6a7
|
flora-6: add wg-ssh to ignored interfaces
for systemd-wait-online to start successfully
|
2024-04-14 23:22:53 +02:00 |
|
teutat3s
|
b6a54efd9a
|
fix: add comment with hostnames to wireguard peers
|
2024-04-12 22:36:17 +02:00 |
|
Benjamin Yule Bädorf
|
7e145040cc
|
wireguard: use IP addresses for wireguard endpoints
Otherwise the hostnames written to the /etc/hosts file are already
pointing at the wireguard IP-addresses, so they can never connect.
|
2024-04-12 22:31:28 +02:00 |
|
teutat3s
|
8743ea7b0c
|
networking: add wireguard hosts to /etc/hosts
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
|
2024-04-12 19:54:09 +00:00 |
|
Benjamin Yule Bädorf
|
d7c9333ff4
|
forgejo: allow multiple host addresses for SSH
|
2024-04-05 14:26:56 +00:00 |
|
Benjamin Yule Bädorf
|
f7eaef0d18
|
wireguard: fix flora-6 address and private key
Reviewed-on: pub-solar/infra#129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
|
2024-04-05 11:26:38 +00:00 |
|
Benjamin Yule Bädorf
|
621e9336ed
|
wireguard: add basic keys
|
2024-04-05 11:09:31 +00:00 |
|
teutat3s
|
45e91d7ef1
|
fix: drone port should bind to localhost
|
2024-03-21 10:44:40 +01:00 |
|
teutat3s
|
33d80dc558
|
feat(grafana): add synapse dashboard
Source:
https://github.com/element-hq/synapse/blob/master/contrib/grafana/synapse.json
|
2024-01-30 20:00:41 +01:00 |
|
teutat3s
|
2f75ae7e62
|
feat(matrix-synapse): enable metrics
Following:
https://github.com/matrix-org/synapse/blob/develop/docs/metrics-howto.md
|
2024-01-29 00:44:13 +01:00 |
|
teutat3s
|
815033c764
|
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
|
2024-01-27 20:29:30 +01:00 |
|
teutat3s
|
7e8f3c8cf5
|
fix: update forgejo-actions-runner token, use
docker image from https://git.pub.solar/pub-solar/actions-base-image
|
2023-12-29 19:26:43 +01:00 |
|
teutat3s
|
d734adce58
|
fix: new Greenbaum mail server is mail.greenbaum.zone
|
2023-12-13 20:45:35 +01:00 |
|
teutat3s
|
e3d4f61a42
|
feat(nachtigall): send logs to loki, https+basic auth
Use caddy as reverse proxy for loki on flora-6, add basic auth
Add promtail to nachtigall, push logs to flora-6
|
2023-12-13 19:18:56 +01:00 |
|
teutat3s
|
10bb3295de
|
fix: grafana editor role is unused for now
|
2023-12-13 17:52:01 +01:00 |
|
teutat3s
|
e8cf4dceb0
|
fix(flora-6): allow traffic from br-+ interfaces
|
2023-12-13 17:51:34 +01:00 |
|
teutat3s
|
1b9a6bb0c2
|
fix: don't ignore interfaces that can change
|
2023-12-13 02:12:12 +01:00 |
|
teutat3s
|
219b67df20
|
fix: add 4 logs retention for loki
|
2023-12-13 02:12:12 +01:00 |
|
teutat3s
|
6c1fa290e8
|
feat(prometheus): add job to scrape nachtigall.pub.solar
|
2023-12-13 02:12:12 +01:00 |
|
teutat3s
|
d5b59ea18a
|
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
|
2023-12-13 02:12:11 +01:00 |
|
teutat3s
|
fdda65eea9
|
feat: init loki
|
2023-12-13 02:12:11 +01:00 |
|
teutat3s
|
0e290f080e
|
feat(grafana): provision node-exporter dashboard
|
2023-12-13 02:12:11 +01:00 |
|
teutat3s
|
6b15d72d85
|
fix: systemd-networkd-wait-online timing out
|
2023-12-13 02:12:11 +01:00 |
|
teutat3s
|
2f7eccc970
|
fix: grafana root_url needs https://, role mapping
|
2023-12-13 02:12:11 +01:00 |
|
teutat3s
|
8dc908aabd
|
feat(flora-6): init grafana + prometheus on
grafana.pub.solar
|
2023-12-13 02:12:10 +01:00 |
|
teutat3s
|
2ee4bc5682
|
feat: NixOS 23.11 Tapir
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights
Track nixos-23.11 branch, remove unstable overlays
This will update our services to the following versions:
nextcloud: 27.1.3 -> 27.1.4
forgejo: 1.20.5-0 -> 1.20.6-0
keycloak: 21.1.2 -> 22.0.5
matrix-synapse: 1.95.1 -> 1.97.0
Internal:
postgresql: 14.9 -> 15.5
Flake inputs diff:
• Updated input 'home-manager':
'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19)
→ 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/d2332963662edffacfddfad59ff4f709dde80ffe' (2023-11-30)
→ 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
|
2023-12-02 11:13:56 +01:00 |
|
teutat3s
|
43512ae6e7
|
forgejo-actions-runner: use Node.js docker images
Regenerate auth token
|
2023-11-15 18:54:32 +00:00 |
|
teutat3s
|
1bd7e5c0e7
|
docs: clean up
|
2023-11-15 18:54:32 +00:00 |
|
teutat3s
|
7be3567e6d
|
flora-6: refactor to use flake.parts
|
2023-11-15 18:54:32 +00:00 |
|