Benjamin Yule Bädorf
4f86c92941
obs-portal: init obs-portal on nachtigall
...
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md
Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.
The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-23 23:47:30 +02:00
teutat3s
d62b6cda92
Merge pull request 'ci: update forgejo runner to fix cache' ( #152 ) from ci/update-forgejo-runner into main
...
Reviewed-on: pub-solar/infra#152
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-23 18:18:39 +00:00
teutat3s
c580fe0fbb
ci: prevent flake inputs from GC as well
2024-04-23 19:10:20 +02:00
teutat3s
60aef1d038
ci: prevent nix garbage collection
2024-04-23 16:00:16 +02:00
teutat3s
fa9ce9d435
gitea-actions-runner: don't run as systemd DynamicUser
...
to enable usage of cache outside of /var/lib/private
2024-04-23 15:42:33 +02:00
teutat3s
9541e5029e
flora-6: move forgejo-runner cache directory to /data
2024-04-23 15:12:11 +02:00
teutat3s
c4d0d34807
ci: revert cache-nix-action to version 4.0.3
2024-04-23 15:12:06 +02:00
teutat3s
d5fe65b60d
ci: disable cachix daemon, spams logs with
...
[2024-04-22 23:46:26][Info] Skipping /nix/store/w2zp8k8yy2avv5r92w0cpq9aixkir2sp-LocalSettings.php
...
2024-04-23 15:11:59 +02:00
teutat3s
0e7dc95250
ci: remove broken purge config from check workflow
2024-04-23 01:42:04 +02:00
teutat3s
c86e22b292
ci: update forgejo-runner to version 3.4.1
...
https://github.com/NixOS/nixpkgs/pull/301383
2024-04-23 00:38:53 +02:00
Hendrik Sokolowski
4992819742
Merge pull request 'set pruneOpts for restic backups to daily 7, weekly 4, monthly 3' ( #151 ) from feature/restic-backup-retention into main
...
Reviewed-on: pub-solar/infra#151
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-04-22 19:38:21 +00:00
Hendrik Sokolowski
a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3
2024-04-22 20:06:49 +02:00
teutat3s
e8530caf1d
Merge pull request 'ci: update nix-quick-install-action, cache-nix-action, cachix-action' ( #150 ) from chore-update-ci into main
...
Reviewed-on: pub-solar/infra#150
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-22 15:19:36 +00:00
teutat3s
7c492e7391
Merge pull request 'chore: forgejo security update, update matrix-synapse et al.' ( #149 ) from chore-update-flake into main
...
Reviewed-on: pub-solar/infra#149
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-22 15:18:33 +00:00
teutat3s
a0c6f0dc08
ci: fix cache-nix-action, use new config syntax
2024-04-21 20:17:03 +02:00
teutat3s
46c7c9ecb1
ci: update nix-quick-install-action, cache-nix-action,
...
cachix-action
2024-04-21 19:58:58 +02:00
teutat3s
fb4004e9f0
chore: update flake inputs
...
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083?narHash=sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/%2BYZOq3sKviI%3D' (2024-03-30)
→ 'github:lnl7/nix-darwin/9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed?narHash=sha256-olEWxacm1xZhAtpq%2BZkEyQgR4zgfE7ddpNtZNvubi3g%3D' (2024-04-19)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/90055d5e616bd943795d38808c94dbf0dd35abe8?narHash=sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib%2B8%3D' (2024-04-13)
→ 'github:nixos/nixpkgs/bc194f70731cc5d2b046a6c1b3b15f170f05999c?narHash=sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo%3D' (2024-04-19)
• Updated input 'unstable':
'github:nixos/nixpkgs/cfd6b5fc90b15709b780a5a1619695a88505a176?narHash=sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM%3D' (2024-04-12)
→ 'github:nixos/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f?narHash=sha256-XtTSSIB2DA6tOv%2Bl0FhvfDMiyCmhoRbNB%2B0SeInZkbk%3D' (2024-04-19)
2024-04-21 19:28:02 +02:00
teutat3s
3030b0f84d
Merge pull request 'flora-6: add wg-ssh to ignored systemd-wait-online interfaces' ( #148 ) from flora-6/fix-network-wait-online into main
...
Reviewed-on: pub-solar/infra#148
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-14 21:53:33 +00:00
teutat3s
c07d24f6a7
flora-6: add wg-ssh to ignored interfaces
...
for systemd-wait-online to start successfully
2024-04-14 23:22:53 +02:00
teutat3s
0f297c4711
Merge pull request 'chore: security update PHP, update element-web, misc updates' ( #147 ) from chore-update-flake into main
...
Reviewed-on: pub-solar/infra#147
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-14 20:29:39 +00:00
teutat3s
679d9b236f
Merge pull request 'nginx: set worker_processes to number of CPU cores' ( #146 ) from feat/nginx-tuning into main
...
Reviewed-on: pub-solar/infra#146
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-14 20:22:08 +00:00
teutat3s
78d5e5a4f0
chore: update flake inputs
...
❯ nix store diff-closures $OLD_CLOSURE $NEW_CLOSURE
cpupower: 6.1.84 → 6.1.86
element-web: 1.11.63 → 1.11.64, +148.0 KiB
element-web-wrapped: 1.11.63 → 1.11.64
initrd-linux: 6.1.84 → 6.1.86
linux: 6.1.84, 6.1.84-modules → 6.1.86, 6.1.86-modules, +24.3 KiB
linux-firmware: 20240312 → 20240410, +493.3 KiB
nixos-system-nachtigall: 23.11.20240410.b2cf36f → 23.11.20240413.90055d5
owncast: 0.1.2 → 0.1.3, -376.1 KiB
php: 8.2.17 → 8.2.18
php-bcmath: 8.2.17 → 8.2.18
php-bz2: 8.2.17 → 8.2.18
php-calendar: 8.2.17 → 8.2.18
php-ctype: 8.2.17 → 8.2.18
php-curl: 8.2.17 → 8.2.18
php-dom: 8.2.17 → 8.2.18
php-exif: 8.2.17 → 8.2.18
php-extra-init: 8.2.17.ini → 8.2.18.ini
php-fileinfo: 8.2.17 → 8.2.18
php-filter: 8.2.17 → 8.2.18
php-ftp: 8.2.17 → 8.2.18
php-gd: 8.2.17 → 8.2.18
php-gettext: 8.2.17 → 8.2.18
php-gmp: 8.2.17 → 8.2.18
php-iconv: 8.2.17 → 8.2.18
php-imap: 8.2.17 → 8.2.18
php-intl: 8.2.17 → 8.2.18
php-ldap: 8.2.17 → 8.2.18
php-mbstring: 8.2.17 → 8.2.18
php-mysqli: 8.2.17 → 8.2.18
php-mysqlnd: 8.2.17 → 8.2.18
php-opcache: 8.2.17 → 8.2.18
php-openssl: 8.2.17 → 8.2.18
php-pcntl: 8.2.17 → 8.2.18
php-pdo: 8.2.17 → 8.2.18
php-pdo_mysql: 8.2.17 → 8.2.18
php-pdo_odbc: 8.2.17 → 8.2.18
php-pdo_pgsql: 8.2.17 → 8.2.18
php-pdo_sqlite: 8.2.17 → 8.2.18
php-pgsql: 8.2.17 → 8.2.18
php-posix: 8.2.17 → 8.2.18
php-readline: 8.2.17 → 8.2.18
php-session: 8.2.17 → 8.2.18
php-simplexml: 8.2.17 → 8.2.18
php-soap: 8.2.17 → 8.2.18
php-sockets: 8.2.17 → 8.2.18
php-sodium: 8.2.17 → 8.2.18
php-sqlite3: 8.2.17 → 8.2.18
php-sysvsem: 8.2.17 → 8.2.18
php-tokenizer: 8.2.17 → 8.2.18
php-with-extensions: 8.2.17 → 8.2.18
php-xmlreader: 8.2.17 → 8.2.18
php-xmlwriter: 8.2.17 → 8.2.18
php-zip: 8.2.17 → 8.2.18
php-zlib: 8.2.17 → 8.2.18
searxng: ∅ → 0-unstable-2024-03-08, +15337.5 KiB
searxng-unstable: 2023-10-31 → ∅, -14965.6 KiB
source: +470.3 KiB
uwsgi: 2.0.23 → 2.0.24
zfs-kernel: 2.2.3-6.1.84 → 2.2.3-6.1.86
2024-04-14 22:09:37 +02:00
teutat3s
c768203bed
nginx: set worker_processes to number of CPU cores
...
and set worker_connections to 1024
https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
2024-04-14 17:39:56 +02:00
teutat3s
b0c466869e
Merge pull request 'wireguard: use IP addresses for wireguard endpoints' ( #145 ) from fix/use-ip-for-wireguard into main
...
Reviewed-on: pub-solar/infra#145
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-04-12 20:40:39 +00:00
teutat3s
b6a54efd9a
fix: add comment with hostnames to wireguard peers
2024-04-12 22:36:17 +02:00
Benjamin Yule Bädorf
7e145040cc
wireguard: use IP addresses for wireguard endpoints
...
Otherwise the hostnames written to the /etc/hosts file are already
pointing at the wireguard IP-addresses, so they can never connect.
2024-04-12 22:31:28 +02:00
b12f
9d94b888ae
Merge pull request 'networking: add wireguard hosts to /etc/hosts' ( #144 ) from wireguard/add-etc-hosts into main
...
Reviewed-on: pub-solar/infra#144
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-12 19:54:09 +00:00
teutat3s
8a9fe3b8fe
chore: update flake inputs
...
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/d272ca50d1f7424fbfcd1e6f1c9e01d92f6da167' (2024-04-08)
→ 'github:nixos/nixpkgs/b2cf36f43f9ef2ded5711b30b1f393ac423d8f72' (2024-04-10)
• Updated input 'unstable':
'github:nixos/nixpkgs/4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6' (2024-04-08)
→ 'github:nixos/nixpkgs/1042fd8b148a9105f3c0aca3a6177fd1d9360ba5' (2024-04-10)
2024-04-12 19:54:09 +00:00
teutat3s
8743ea7b0c
networking: add wireguard hosts to /etc/hosts
...
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 19:54:09 +00:00
b12f
8743b50f7f
Merge pull request 'forgejo: also reroute ssh traffic for ipv6' ( #139 ) from forgejo/reroute-ssh-ipv6 into main
...
Reviewed-on: pub-solar/infra#139
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-12 19:38:15 +00:00
Benjamin Yule Bädorf
316ba9ef53
forgejo: also reroute ssh traffic for ipv6
2024-04-12 19:38:15 +00:00
teutat3s
afca75441c
Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' ( #142 ) from feat/forgejo-enable-search into main
...
Reviewed-on: pub-solar/infra#142
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:42 +00:00
teutat3s
9698c47530
Merge pull request 'mastodon: clean media older than 7 days' ( #143 ) from mastodon/auto-clean-7-days into main
...
Reviewed-on: pub-solar/infra#143
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:34 +00:00
teutat3s
ccb029dde3
Merge pull request 'wireguard: add ryzensun to teutat3s' hosts' ( #141 ) from wireguard/add-ryzensun-host into main
...
Reviewed-on: pub-solar/infra#141
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-06 16:07:21 +00:00
teutat3s
41e4d3427c
mastodon: clean media older than 7 days
...
Currently we keep everything for 30 days, which is about 180GB
2024-04-05 23:50:04 +02:00
teutat3s
16e9d476cb
Merge pull request 'docs: include notes regarding rollback in deploy docs, misc updates' ( #140 ) from docs/update-deployment-docs into main
...
Reviewed-on: pub-solar/infra#140
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 21:39:46 +00:00
teutat3s
3caf085d0b
wireguard: add ryzensun to teutat3s' hosts
2024-04-05 23:32:59 +02:00
teutat3s
c5159dd66d
forgejo: enable repo search (indexer), save login
...
cookie for 365 days instead of default 7 days.
Caveat for the repo indexer is that repository size on disk will grow
by factor of 6. Forgejo repositories currently use 4.7GB on disk, with
3.3GB being a nixpkgs fork.
2024-04-05 23:29:49 +02:00
teutat3s
b27f8c1380
docs: include notes regarding rollback in deploy
...
docs, misc updates
2024-04-05 23:03:43 +02:00
b12f
76ca43142a
Merge pull request 'forgejo: make SSH keys declarative' ( #138 ) from forgejo/ssh-keys-declarative into main
...
Reviewed-on: pub-solar/infra#138
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 19:35:55 +00:00
Benjamin Yule Bädorf
16c6aa3b61
forgejo: make SSH keys declarative
2024-04-05 19:35:55 +00:00
teutat3s
315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' ( #135 ) from chore/nextcloud-config-maintenance-window into main
...
Reviewed-on: pub-solar/infra#135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 18:41:17 +00:00
b12f
9191729f5c
Merge pull request 'nachtigall: forgejo: update firewall settings' ( #137 ) from fix/git-forgejo-open-service-port-in-firewall into main
...
Reviewed-on: pub-solar/infra#137
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 16:51:36 +00:00
Hendrik Sokolowski
b6b8d69852
nachtigall: forgejo: update firewall settings
2024-04-05 18:39:43 +02:00
b12f
4380c3b0ab
Merge pull request 'forgejo: use iptables routing instead of ssh patch' ( #136 ) from fix/forgejo-ssh-again into main
...
Reviewed-on: pub-solar/infra#136
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 15:26:10 +00:00
Benjamin Yule Bädorf
e618b9f9c2
forgejo: use iptables routing instead of ssh patch
2024-04-05 17:00:28 +02:00
b12f
ae0c90e4f8
Merge pull request 'forgejo: allow multiple host addresses for SSH' ( #133 ) from fix/forgejo-multi-host into main
...
Reviewed-on: pub-solar/infra#133
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-04-05 14:27:03 +00:00
Benjamin Yule Bädorf
d7c9333ff4
forgejo: allow multiple host addresses for SSH
2024-04-05 14:26:56 +00:00
teutat3s
18a62b8d35
fix(nextcloud): define a maintenance window for
...
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html
> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
2024-04-05 16:23:16 +02:00
Hendrik Sokolowski
9ec77e2a30
Update flake.nix ( #134 )
...
Update deploy node settinsg with wireguard ips
Reviewed-on: pub-solar/infra#134
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 14:11:42 +00:00