pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity
659 commits 15 branches 0 tags 13 MiB
Commit graph

271 commits

Author SHA1 Message Date
teutat3s
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall} 
To use a restic repository per host
 2024-08-29 16:22:58 +02:00
teutat3s
e2ba1aacf4
mail: add backups to garage bucket + storagebox 
Restic backups to garage S3 bucket metronom-backups
 2024-08-29 16:19:24 +02:00
teutat3s
d2389497c2
Merge pull request 'garage: initial cluster' (#222) from garage-cluster into main 
Reviewed-on: pub-solar/infra#222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-08-28 15:55:16 +00:00
teutat3s
4626fd85c0
mediawiki: add backups to garage bucket + storagebox 
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
 2024-08-28 17:13:34 +02:00
teutat3s
88b76beb5c
keycloak: use backups module 
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-08-27 10:09:07 +02:00
teutat3s
e857c6198b
modules/backup: init 
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-08-27 10:04:10 +02:00
teutat3s
a0b52d51e5
nachtigall: make postgres wait for zfs mount 
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-08-27 10:00:42 +02:00
teutat3s
f236962e17
garage: add monitoring, connect to grafana + loki 
https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
 2024-08-25 00:18:09 +02:00
teutat3s
d32abd7a7f
wireguard: add trinkgenossin, delite, blue-shell 2024-08-25 00:13:53 +02:00
teutat3s
15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy 
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
 2024-08-24 21:48:48 +02:00
teutat3s
b0790876ec
style: format using nixfmt-rfc-style 2024-08-24 17:39:49 +02:00
teutat3s
83b7e3e11e
hosts: init blue-shell 2024-08-24 03:02:15 +02:00
teutat3s
4ef9781d10
hosts: init delite 2024-08-24 03:01:46 +02:00
teutat3s
ca8e578b11
hosts: init trinkgenossin 2024-08-24 03:00:01 +02:00
Benjamin Yule Bädorf
8ce50bb73b
tt-rss: add pub.solar specific configuration 2024-07-17 15:22:58 +02:00
teutat3s
153ef69daf
metronom: enable ZFS auto scrub once per month 2024-06-23 15:16:04 +02:00
teutat3s
af5abfc712
nachtigall: enable ZFS auto scrub once per month 2024-06-23 15:14:30 +02:00
teutat3s
e127c668f6
metronom, tankstelle: cleanup for SSH only via wireguard 2024-06-08 23:52:08 +02:00
teutat3s
6ea916603c
networking: set networking.domain in core module 2024-06-06 19:30:11 +02:00
teutat3s
4350cbf7c4
tankstelle: add promtail, prometheus node-exporter 
for monitoring, configure wireguard between flora-6 and tankstelle
 2024-06-06 12:53:49 +02:00
teutat3s
b93608a8fa
metronom: add promtail, prometheus node-exporter 
configure wireguard to push logs to and scrape metrics from flora-6

open firewall for node-exporter port on wg-ssh interface
 2024-06-06 12:52:55 +02:00
teutat3s
008e14f2d2
mail: add missing NixOS module to metronom 2024-06-06 12:49:58 +02:00
teutat3s
0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH 
port access to wireguard only
 2024-05-31 16:52:04 +02:00
teutat3s
9a9dccf5bb
mail: move NixOS module to modules 2024-05-31 16:52:04 +02:00
teutat3s
c5dfb472f8
style: treefmt 2024-05-31 16:52:04 +02:00
teutat3s
1ca1168d7a
mail: switch to mail.pub.solar 2024-05-31 16:52:04 +02:00
teutat3s
b6f64a1e04
mail: add more @pub.solar mail accounts 2024-05-31 16:52:03 +02:00
Hendrik Sokolowski
af233793fb
initial work on mail 2024-05-31 16:52:01 +02:00
teutat3s
941eff6d87
tankstelle: configure wireguard 2024-05-30 19:17:21 +02:00
teutat3s
5aa1276e85
ci: add nix to PATH 2024-05-30 19:04:40 +02:00
teutat3s
cc70a740a1
ci: run actions runner as normal user 2024-05-30 19:04:40 +02:00
teutat3s
866785ef47
style: format using treefmt 2024-05-30 19:04:40 +02:00
teutat3s
692c152406
gitea-actions-runner: fix PATH in systemd 2024-05-30 19:04:40 +02:00
teutat3s
e71cbfc461
ci: add self-hosted forgejo-actions-runner 
wip: add git.pub.solar to /etc/hosts

ci: add devshell with Node.js for forgejo actions

ci: add PATH

ci: add HOME
 2024-05-30 19:04:13 +02:00
Hendrik Sokolowski
946585d1ca
initial commit of tankstelle 2024-05-29 14:08:59 +02:00
teutat3s
0cb89a9fe8
fix: nachtigall wants keycloak 2024-05-15 19:20:06 +02:00
teutat3s
2ca0bd7c3e
style: run treefmt 2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf
68278ad983
refactor: use options for config parts 
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
 2024-05-08 19:47:47 +02:00
Benjamin Yule Bädorf
ef94681e11
refactor: Move all apps into modules 2024-04-28 18:07:28 +02:00
Hendrik Sokolowski
10c86c6b20
nachtigall: obs-portal: remove tiles mount 2024-04-28 01:07:49 +02:00
Hendrik Sokolowski
1d6c5003e8
nachtigall: obs-portal: fix dependencies of docker network unit and portal 2024-04-28 01:05:43 +02:00
Benjamin Yule Bädorf
d280b29394
obs-portal: init obs-portal on nachtigall 
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md

Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.

The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
 2024-04-27 22:45:07 +02:00
teutat3s
2fa3ccf28e
Revert "matrix-appservice-irc: remove unneeded syscall override" 
This reverts commit a11255b433.
 2024-04-27 01:44:20 +02:00
teutat3s
a11255b433
matrix-appservice-irc: remove unneeded syscall override 
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
 2024-04-25 12:37:58 +02:00
teutat3s
fa9ce9d435
gitea-actions-runner: don't run as systemd DynamicUser 
to enable usage of cache outside of /var/lib/private
 2024-04-23 15:42:33 +02:00
teutat3s
9541e5029e
flora-6: move forgejo-runner cache directory to /data 2024-04-23 15:12:11 +02:00
teutat3s
c86e22b292
ci: update forgejo-runner to version 3.4.1 
https://github.com/NixOS/nixpkgs/pull/301383
 2024-04-23 00:38:53 +02:00
Hendrik Sokolowski
a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3 2024-04-22 20:06:49 +02:00
teutat3s
c07d24f6a7
flora-6: add wg-ssh to ignored interfaces 
for systemd-wait-online to start successfully
 2024-04-14 23:22:53 +02:00
teutat3s
c768203bed
nginx: set worker_processes to number of CPU cores 
and set worker_connections to 1024

https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
 2024-04-14 17:39:56 +02:00