pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity
747 commits 15 branches 0 tags 13 MiB
Commit graph

747 commits

This branch
This branch
All branches
Author SHA1 Message Date
teutat3s
213c06ca87
matrix-authentication-service: disable changing mail 
address. This should be done via auth.pub.solar
 2024-11-19 13:57:23 +01:00
b12f
1ae1f68ce2
Merge pull request 'modules/forgejo: allow migrations from local networks' (#262) from forgejo/allow-local-migrations into main 
Reviewed-on: pub-solar/infra#262
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-11-14 11:10:44 +00:00
b12f
87f9bc92df
modules/forgejo: allow migrations from local networks 2024-11-14 11:10:44 +00:00
teutat3s
3b29b847b0
Merge pull request 'coturn: fix secret path' (#265) from fix-coturn-secret into main 
Reviewed-on: pub-solar/infra#265
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-13 20:39:47 +00:00
teutat3s
4923f033f5
coturn: fix secret path 
this is fallout that was overlooked in #250
 2024-11-13 21:25:12 +01:00
teutat3s
2424a3ec8b
Merge pull request 'keycloak: fix registration with pub.solar theme' (#264) from fix-keycloak-theme-for-registration into main 
Reviewed-on: pub-solar/infra#264
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-13 19:48:15 +00:00
teutat3s
b41edf0cfb
Merge pull request 'core: add activationScript to show closure diff' (#260) from closure-diffs into main 
Reviewed-on: pub-solar/infra#260
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-13 19:47:17 +00:00
teutat3s
0d6da8d678
Merge pull request 'maintenance: updates for element-web, forgejo, matrix-synapse and others' (#259) from flake-updates into main 
Reviewed-on: pub-solar/infra#259
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-13 19:47:05 +00:00
teutat3s
b87670d07d
keycloak: fix registration with pub.solar theme 
This pulls in changes from
* pub-solar/keycloak-theme#3
* pub-solar/keycloak-theme#4
 2024-11-13 20:34:38 +01:00
teutat3s
73333537a5
Merge pull request 'alertmanager: alert on high load only after 20m' (#255) from alerts-tweak-load into main 
Reviewed-on: pub-solar/infra#255
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-12 14:47:53 +00:00
teutat3s
45d3b939bf
Merge pull request 'matrix-appservice-irc: reduce logging level to warn' (#256) from irc-reduce-logging into main 
Reviewed-on: pub-solar/infra#256
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-12 14:47:44 +00:00
teutat3s
904c7ed1e4
Merge pull request 'secrets: remove leftover secret files' (#257) from secrets-cleanup into main 
Reviewed-on: pub-solar/infra#257
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-12 14:47:35 +00:00
teutat3s
ab85ba751a
alertmanager: enable e2e_dead_man_switch 2024-11-12 13:41:42 +01:00
teutat3s
a9c5edfeb3
alertmanager: don't alert on high memory page faults 
This alert is non actionable, we still monitor high memory usage.
 2024-11-12 13:40:46 +01:00
teutat3s
7067d93ee2
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
  → 'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
  → 'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90' (2024-11-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'fb192fec7c.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
  → 'cc2f280002.tar.gz?narHash=sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s%3D' (2024-11-01)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
  → 'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
  → 'github:nixos/nixpkgs/9256f7c71a195ebe7a218043d9f93390d49e6884' (2024-11-10)
• Updated input 'unstable':
    'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
  → 'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09)
 2024-11-11 20:05:12 +01:00
teutat3s
e48fe612e2
core: add activationScript to show closure diff 
This is useful when updating a host, by doing a dry-run with deploy-rs
we get a list of changed package versions.
 2024-11-11 18:02:47 +01:00
teutat3s
34ce43a5e0
secrets: remove leftover secret files 
After cleanup:
❯ find ./secrets -type f -name "*.age" | wc -l
64

❯ rg publicKeys secrets/secrets.nix  | wc -l
64
 2024-11-07 12:22:27 +01:00
teutat3s
43b0c8d489
matrix-appservice-irc: reduce logging level to warn 2024-11-06 21:29:27 +01:00
teutat3s
afe52ca6af
alertmanager: alert on high load only after 20m 2024-11-06 21:28:28 +01:00
teutat3s
da529b023e
Merge pull request 'ci: use treefmt2 with flag --ci' (#248) from ci-treefmt into main 
Reviewed-on: pub-solar/infra#248
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-06 14:40:03 +00:00
teutat3s
cf39137340
Merge pull request 'docs: more garage CLI usage, avoid leaking secret' (#246) from docs-garage into main 
Reviewed-on: pub-solar/infra#246
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-06 14:39:53 +00:00
teutat3s
18683d383f
Merge pull request 'docs: add examples for cachix usage' (#230) from docs-cachix into main 
Reviewed-on: pub-solar/infra#230
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-11-06 14:39:44 +00:00
teutat3s
d8a793190d
Merge pull request 'matrix-authentication-service: init, test, migrate synapse' (#250) from mas-init into main 
Reviewed-on: pub-solar/infra#250
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-10-30 20:02:53 +00:00
teutat3s
3ec5c9f343
style: fix formatting 2024-10-30 20:32:47 +01:00
teutat3s
7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into 
synapse now, update synapse config to use matrix-authentication-service
 2024-10-30 20:31:29 +01:00
b12f
041d311bb2
modules/matrix: rename used config options 2024-10-30 18:37:47 +01:00
teutat3s
9d9bcf9a15
mas: move to module, add secrets for prod 2024-10-30 18:37:46 +01:00
b12f
4434a90136
modules/matrix: rename secrets to not include hostnames 2024-10-30 18:37:46 +01:00
teutat3s
472f9aa68b
dns: list.pub.solar should be A / AAAA records 2024-10-30 18:37:46 +01:00
teutat3s
c9c2d06a98
dns: add CNAME record for mas.pub.solar 2024-10-30 18:37:46 +01:00
teutat3s
8244e605b6
fix: passkey support in pub.solar keycloak theme 2024-10-30 18:37:46 +01:00
teutat3s
9d7d251369
style: fix formatting 2024-10-30 18:37:46 +01:00
teutat3s
7775ad332e
matrix: do not change paths for nachtigall secrets 2024-10-30 18:37:46 +01:00
teutat3s
d6cc9c8164
matrix-authentication-service: init host underground 
to test mas, related to #242
 2024-10-30 18:37:45 +01:00
teutat3s
4c51eda8b6
Merge pull request 'modules/tt-rss: pin on revision' (#253) from update-tt-rss into main 
Reviewed-on: pub-solar/infra#253
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-10-30 17:37:10 +00:00
b12f
471d7650ff
modules/tt-rss: pin on revision 2024-10-30 18:35:18 +01:00
teutat3s
9cc50ed678
Merge pull request 'maintenance: updates for mastodon, matrix-synapse' (#249) from flake-updates-2024-10-24 into main 
Reviewed-on: pub-solar/infra#249
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 16:16:06 +00:00
teutat3s
4309cc9cdd
ci: use treefmt2 with flag --ci 
Update treefmt to version 2.

This adds the following flags for CI usage:
"--no-cache, --fail-on-change and adjusting some other settings best suited to a CI".
See: https://treefmt.com/usage
 2024-10-24 15:43:00 +02:00
teutat3s
08f5c5ce67
docs: more garage CLI usage, avoid leaking secret 2024-10-24 15:10:44 +02:00
teutat3s
870e81ee4c
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
  → 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
  → 'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
  → 'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
  → 'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
 2024-10-24 14:53:39 +02:00
teutat3s
cef7a561f3
Merge pull request 'garage: fix wildcard DNS cert renewal with wildcard CNAME records' (#245) from fix-dns-cert-renewal into main 
Reviewed-on: pub-solar/infra#245
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 12:51:41 +00:00
teutat3s
281701b7b6
Merge pull request 'docs: fix IP for keycloak admin API' (#247) from update-docs into main 
Reviewed-on: pub-solar/infra#247
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 12:51:31 +00:00
teutat3s
90bbaad7b7
Merge pull request 'trinkgenossin: fix network in initrd' (#244) from trinkgenossin-remote-luks into main 
Reviewed-on: pub-solar/infra#244
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 12:51:18 +00:00
teutat3s
6a15c09509
docs: add hint how to get CACHIX_AUTH_TOKEN 2024-10-23 20:59:07 +02:00
teutat3s
94d7db1331
docs: add examples for cachix usage 2024-10-23 20:59:06 +02:00
teutat3s
633f0a4402
docs: fix IP for keycloak admin API 2024-10-23 20:28:55 +02:00
teutat3s
9758aeda5d
garage: fix wildcard DNS cert renewal with wildcard 
CNAME records

By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
 2024-10-23 20:18:57 +02:00
teutat3s
2c29d27ce7
style: remove redundant brackets 2024-10-23 20:18:03 +02:00
teutat3s
31a885926b
trinkgenossin: fix network in initrd, virtio_net 
kernel module was missing. Also this is a QEMU host, hyperV is not
required.
 2024-10-23 20:17:32 +02:00
teutat3s
0ae6bc637b
Merge pull request 'mastodon: host media files on pub.solar garage cluster' (#239) from mastodon-media-on-garage into main 
Reviewed-on: pub-solar/infra#239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-23 15:24:28 +00:00