pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity
402 commits 15 branches 0 tags 13 MiB
Commit graph

402 commits

This branch
This branch
All branches
Author SHA1 Message Date
Benjamin Yule Bädorf
ad1ea4a49e
forgejo: run internal ssh server on port 22 
The system-wide SSH server was hidden behind a wireguard proxy for
security reasons, but since forgejo was using it, git pushes and pulls
got broken for people without wireguard access.

These config changes make sure forgejo starts its built-in SSH server
on port 22, which is then allowed to be accessed from the open internet
in the firewall config.
 2024-04-05 15:05:28 +02:00
b12f
2851273d18
Merge pull request 'security/close-ssh' (#128) from security/close-ssh into main 
Reviewed-on: pub-solar/infra#128
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 12:51:04 +00:00
Benjamin Yule Bädorf
b1519c8f22
ssh: only allow ssh on wireguard interface 2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf
f7eaef0d18
wireguard: fix flora-6 address and private key 
Reviewed-on: pub-solar/infra#129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
 2024-04-05 11:26:38 +00:00
b12f
51523439e7
Merge pull request 'feat/wireguard' (#126) from feat/wireguard into main 
Reviewed-on: pub-solar/infra#126
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
48845d6cf6
logins/wireguard: move teutat3s wireguard device 2024-04-05 11:09:31 +00:00
Hendrik Sokolowski
c53adf51f7
logins: add judy for hensoko 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
a795f0824f
logins: fix admin login merging 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
83125ae472
logins: check for missing wireguard device attribute 2024-04-05 11:09:31 +00:00
teutat3s
147ed44b9a
wireguard: add dumpyourvms 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
621e9336ed
wireguard: add basic keys 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
b12f
6748e44824
Merge pull request 'chore: update element-desktop, matrix-synapse, nextcloud and misc' (#127) from chore/flake-updates into main 
Reviewed-on: pub-solar/infra#127
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 11:06:25 +00:00
teutat3s
815dccc0b4
chore: update flake inputs 
• Updated input 'agenix':
    'github:ryantm/agenix/8cb01a0e717311680e0cbca06a76cbceba6f3ed6' (2024-02-13)
  → 'github:ryantm/agenix/1381a759b205dff7a6818733118d02253340fd5e' (2024-04-02)
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
  → 'github:serokell/deploy-rs/88b3059b020da69cbe16526b8d639bd5e0b51c8b' (2024-04-01)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
  → 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
  → 'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
  → 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/bcc8afd06e237df060c85bad6af7128e05fd61a3' (2024-03-17)
  → 'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083' (2024-03-30)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/05f9464e282dee5a706273f50344a8201d8980b5' (2024-03-19)
  → 'github:srid/nixos-flake/7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5' (2024-03-25)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/fa9f817df522ac294016af3d40ccff82f5fd3a63' (2024-03-19)
  → 'github:nixos/nixpkgs/1487bdea619e4a7a53a4590c475deabb5a9d1bfb' (2024-04-03)
• Updated input 'unstable':
    'github:nixos/nixpkgs/b06025f1533a1e07b6db3e75151caa155d1c7eb3' (2024-03-19)
  → 'github:nixos/nixpkgs/fd281bd6b7d3e32ddfa399853946f782553163b5' (2024-04-03)
 2024-04-04 18:49:09 +02:00
b12f
dda8ed6938
Merge pull request 'mediawiki: update to v1.41.1' (#125) from mediawiki/v1.41.1 into main 
Reviewed-on: pub-solar/infra#125
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-03-29 23:41:43 +00:00
Benjamin Yule Bädorf
9433a8aea7
mediawiki: update to v1.41.1 2024-03-30 00:10:09 +01:00
b12f
37ebcb3669
Merge pull request 'website: add security.txt' (#122) from feat/security-txt into main 
Reviewed-on: pub-solar/infra#122
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-25 16:26:17 +00:00
b12f
6aea728583
Merge branch 'main' into feat/security-txt 2024-03-25 15:38:30 +00:00
b12f
a5e72f9cc7
Merge pull request 'matrix: set forgotten_room_retention_period to 7d' (#124) from matrix/room-retention-period into main 
Reviewed-on: pub-solar/infra#124
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-25 15:38:24 +00:00
Benjamin Yule Bädorf
b9cffad02a
matrix: set forgotten_room_retention_period to 7d 
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.

The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
 2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf
2bb2247716
website: add security.txt 
Ref: pub-solar/legal#11
 2024-03-23 11:07:04 +01:00
teutat3s
ef943f02e3
Merge pull request 'Update element-web, matrix-synapse' (#121) from chore/flake-updates into main 
Reviewed-on: pub-solar/infra#121
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-03-21 10:24:34 +00:00
teutat3s
45e91d7ef1
fix: drone port should bind to localhost 2024-03-21 10:44:40 +01:00
teutat3s
e33529ad4b
chore: bump flake inputs 2024-03-21 10:44:16 +01:00
b12f
1f8e53053b
Merge pull request 'public-keys: update b12f ssh keys with new yubikeys' (#120) from b12f/public-keys-update into main 
Reviewed-on: pub-solar/infra#120
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-20 10:51:41 +00:00
Benjamin Yule Bädorf
c8c10269c4
public-keys: update b12f ssh keys with new yubikeys 2024-03-20 11:27:23 +01:00
teutat3s
27116f053a
Merge pull request 'chore: updates for element-web, forgejo, mastodon, nextcloud' (#119) from chore/updates into main 
Reviewed-on: pub-solar/infra#119
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-03-05 22:38:52 +00:00
teutat3s
b76b7821a7
chore: update flake inputs 
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/1776009f1f3fb2b5d236b84d9815f2edee463a9b' (2024-01-10)
  → 'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
  → 'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd' (2024-02-12)
  → 'github:lnl7/nix-darwin/daa03606dfb5296a22e842acb02b46c1c4e9f5e7' (2024-03-04)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/3891b2030114f8661402991eac9be0ed59f786ae' (2024-02-09)
  → 'github:srid/nixos-flake/50203d68b305abff2f29e555992eb55ddeffbcd5' (2024-02-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/617579a787259b9a6419492eaac670a5f7663917' (2024-03-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
  → 'github:nixos/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
• Removed input 'nixpkgs-head'
 2024-03-05 21:39:19 +01:00
teutat3s
14e689486b
Merge pull request 'fix: nginx duplicate default server' (#118) from fix/nginx-duplicate-default-server into main 
Reviewed-on: pub-solar/infra#118
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-25 22:07:52 +00:00
teutat3s
c49ffb2d5b
fix: nginx duplicate default server 
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
 2024-02-25 23:02:00 +01:00
b12f
aa607396e4
Merge pull request 'nginx/miom: init miom.space website' (#116) from feat/miom.space into main 
Reviewed-on: pub-solar/infra#116
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-02-25 21:42:03 +00:00
Benjamin Yule Bädorf
de04556191
nginx/miom: disable logging 2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf
0e89b7f210
nginx/miom: init miom.space website 
This adds an nginx configuration for https://miom.space/. MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.

This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.

On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
 2024-02-25 21:41:06 +00:00
b12f
1878595af2
Merge pull request 'nginx/pub.solar: disable logging for homepage' (#117) from privacy/website-no-logging into main 
Reviewed-on: pub-solar/infra#117
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-02-25 18:10:30 +00:00
Benjamin Yule Bädorf
24b77b6de5
nginx/pub.solar: disable logging for homepage 2024-02-25 18:51:24 +01:00
Akshay Mankar
50fa98eebb
Merge pull request 'security: Upgrade mastodon to 4.2.7' (#114) from mastodon-4.2.7 into main 
Reviewed-on: pub-solar/infra#114
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-16 13:47:58 +00:00
Akshay Mankar
f7d7964299
security: Upgrade mastodon to 4.2.7 2024-02-16 13:22:39 +01:00
Akshay Mankar
afcfb4fe0f
Merge pull request 'chore: nix flake update' (#113) from flake-update-16-02 into main 
Reviewed-on: pub-solar/infra#113
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-16 09:23:32 +00:00
Akshay Mankar
bbc01be474
chore: nix flake update 2024-02-16 10:13:32 +01:00
teutat3s
0bf113e3a9
Merge pull request 'feat: init tmate-ssh-server' (#112) from feat/tmate into main 
Reviewed-on: pub-solar/infra#112
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
 2024-02-14 20:32:14 +00:00
teutat3s
842ec945f4
forgejo: appName option has been renamed 
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
 2024-02-07 19:02:04 +01:00
teutat3s
d67190d175
feat: init tmate-ssh-server 
https://tmate.io
 2024-02-07 19:01:36 +01:00
teutat3s
840a250278
Merge pull request 'chore: update element-web, keycloak, matrix-synapse, nextcloud, misc' (#110) from chore/bump-flake-inputs into main 
Reviewed-on: pub-solar/infra#110
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-02-07 16:46:11 +00:00
teutat3s
b54ff7d6bf
Merge pull request 'feat: use forgejo NixOS module with gitea user' (#111) from feat/forgejo-module into main 
Reviewed-on: pub-solar/infra#111
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-02-07 16:46:02 +00:00
teutat3s
700173a874
Merge pull request 'dns: add DKIM record to pub.solar domain' (#109) from feat/dkim into main 
Reviewed-on: pub-solar/infra#109
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-02-07 16:45:26 +00:00
teutat3s
f43ba01ee6
feat: use forgejo NixOS module with gitea user 
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
 2024-02-06 12:19:45 +01:00
teutat3s
fcc74784ea
fix: remove mastodon version 4.2.5 overlay 
It's now included in nixos-23.11
 2024-02-06 10:57:28 +01:00
teutat3s
bf0ab84979
chore: bump flake inputs 
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/07f6395285469419cf9d078f59b5b49993198c00' (2024-01-11)
  → 'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9?dir=lib' (2023-12-30)
  → 'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19)
  → 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/00538eecf2d1a8f98a53a71c9c84f913003ec5e8' (2024-01-29)
  → 'github:lnl7/nix-darwin/bdbae6ecff8fcc322bf6b9053c0b984912378af7' (2024-02-02)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27)
  → 'github:nixos/nixpkgs/9f2ee8c91ac42da3ae6c6a1d21555f283458247e' (2024-02-05)
• Updated input 'unstable':
    'github:nixos/nixpkgs/ae5c332cbb5827f6b1f02572496b141021de335f' (2024-01-25)
  → 'github:nixos/nixpkgs/faf912b086576fd1a15fca610166c98d47bc667e' (2024-02-05)
 2024-02-06 10:56:56 +01:00
teutat3s
4f558e8a9b
dns: add DKIM record 2024-02-05 22:27:34 +01:00
teutat3s
0deb8eb6be
Merge pull request 'security: update mastodon to 4.2.5' (#108) from security/mastodon-4.2.5 into main 
Reviewed-on: pub-solar/infra#108
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-01 17:11:05 +00:00