Commit graph

60 commits

Author SHA1 Message Date
b12f 1ec5bafa30
flora-6: remove
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s 2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s e2ba1aacf4
mail: add backups to garage bucket + storagebox
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
teutat3s d2389497c2
Merge pull request 'garage: initial cluster' (#222) from garage-cluster into main
Reviewed-on: pub-solar/infra#222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
teutat3s 4626fd85c0
mediawiki: add backups to garage bucket + storagebox
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
teutat3s d32abd7a7f
wireguard: add trinkgenossin, delite, blue-shell 2024-08-25 00:13:53 +02:00
teutat3s 15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
2024-08-24 21:48:48 +02:00
teutat3s b0790876ec
style: format using nixfmt-rfc-style 2024-08-24 17:39:49 +02:00
teutat3s 4a3d3ce84b
garage: init module 2024-08-24 03:05:16 +02:00
teutat3s 8bf1e1d1a3
tt-rss: remove newlines from secrets
using :set noeol nofixeol in neovim
2024-07-18 17:55:45 +02:00
teutat3s 2b1a5d6f7f
secrets: revert rekey of non-related secrets 2024-07-18 17:43:10 +02:00
teutat3s 5a84628e42
tt-rss: remove newlines from secrets
using :set noeol nofixeol in neovim
2024-07-18 17:36:12 +02:00
Benjamin Yule Bädorf c59fac512e
secrets: rekey for nachtigalls tt-rss secrets 2024-07-17 18:49:36 +02:00
Benjamin Yule Bädorf 8ce50bb73b
tt-rss: add pub.solar specific configuration 2024-07-17 15:22:58 +02:00
teutat3s 20ebf92f1f
loki, promtail, prometheus: remove basic auth, use
wireguard to secure connections
2024-06-01 16:51:14 +02:00
teutat3s fcd9af314e
mail: update teutat3s password 2024-05-31 16:52:04 +02:00
teutat3s 9d8026a31a
mail(treewide): update mail.greenbaum.zone -> mail.pub.solar 2024-05-31 16:52:04 +02:00
teutat3s b6f64a1e04
mail: add more @pub.solar mail accounts 2024-05-31 16:52:03 +02:00
Hendrik Sokolowski af233793fb
initial work on mail 2024-05-31 16:52:01 +02:00
teutat3s 941eff6d87
tankstelle: configure wireguard 2024-05-30 19:17:21 +02:00
teutat3s e71cbfc461
ci: add self-hosted forgejo-actions-runner
wip: add git.pub.solar to /etc/hosts

ci: add devshell with Node.js for forgejo actions

ci: add PATH

ci: add HOME
2024-05-30 19:04:13 +02:00
teutat3s e52324209f
alertmanager: fix SMTP secret 2024-05-15 17:15:46 +02:00
teutat3s f329fbe26d
secrets: rekey for ryzensun
See #188
2024-05-15 00:22:39 +02:00
teutat3s 2ca0bd7c3e
style: run treefmt 2024-05-08 22:57:07 +02:00
Hendrik Sokolowski c74394449d
remove git conflict heading 2024-04-27 22:45:21 +02:00
Benjamin Yule Bädorf d280b29394
obs-portal: init obs-portal on nachtigall
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md

Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.

The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-27 22:45:07 +02:00
Benjamin Yule Bädorf 16c6aa3b61
forgejo: make SSH keys declarative 2024-04-05 19:35:55 +00:00
Benjamin Yule Bädorf 621e9336ed
wireguard: add basic keys 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
teutat3s 576ceb6875
fix(matrix-synapse): mail hostname, missing tls
setting on metrics listener
2024-01-30 19:42:48 +01:00
teutat3s 815033c764
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s e3f00b7d19
fix: update drone forgejo oauth secrets 2023-12-29 19:27:45 +01:00
teutat3s 7e8f3c8cf5
fix: update forgejo-actions-runner token, use
docker image from https://git.pub.solar/pub-solar/actions-base-image
2023-12-29 19:26:43 +01:00
teutat3s a56f8d2a00
fix: add missing SYNCV3_SECRET env var 2023-12-16 14:33:20 +01:00
teutat3s 14fa3fdec2
feat(matrix): enable sliding-sync
Sliding Sync is an implementation of MSC3575 and a prerequisite for
running the new (still beta) Element X clients (Element X iOS and
Element X Android).

https://github.com/matrix-org/sliding-sync
https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md
2023-12-16 13:53:34 +01:00
teutat3s e3d4f61a42
feat(nachtigall): send logs to loki, https+basic auth
Use caddy as reverse proxy for loki on flora-6, add basic auth

Add promtail to nachtigall, push logs to flora-6
2023-12-13 19:18:56 +01:00
teutat3s 6c1fa290e8
feat(prometheus): add job to scrape nachtigall.pub.solar 2023-12-13 02:12:12 +01:00
teutat3s d5b59ea18a
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
2023-12-13 02:12:11 +01:00
teutat3s 8dc908aabd
feat(flora-6): init grafana + prometheus on
grafana.pub.solar
2023-12-13 02:12:10 +01:00
Akshay Mankar 2cbc46c154
matrix: Move the whole email section into the secret
Matrix doesn't deep merge the secrets, so this is necessary
2023-11-25 23:37:58 +01:00
Akshay Mankar f0c3178b4d
matrix: Use greenbaum cloud for sending emails 2023-11-19 18:12:07 +01:00
Akshay Mankar 8a2f83c96a
nachtigall: Deploy coturn and configure matrix to use it 2023-11-19 18:08:15 +01:00
teutat3s 2195b7ed0a
feat: backups to hetzner storagebox 2023-11-18 22:30:23 +01:00
b12f f5185e5c15
feat: add mediawiki
Co-authored-by: @teutat3s <teutates@mailbox.org>
2023-11-15 21:40:29 +01:00
teutat3s 3e0af35c75
wip: actions runner 2023-11-15 18:54:32 +00:00
teutat3s 43512ae6e7
forgejo-actions-runner: use Node.js docker images
Regenerate auth token
2023-11-15 18:54:32 +00:00
teutat3s f24a29196c
secrets: add drone, forgejo-actions-runner secrets and rekey 2023-11-15 18:54:32 +00:00
Benjamin Bädorf 42fbde31e5
feat: droppie backups for all nachtigall services 2023-11-06 21:07:24 +00:00
Benjamin Bädorf e8ad662631
refactor: change file structure to use modules dir
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00
Benjamin Bädorf d011cb04e1
feat: add declarative root ssh key on nachtigall 2023-11-05 19:35:37 +01:00