Commit graph

439 commits

Author SHA1 Message Date
teutat3s 4de835127f
fix(keycloak): NullPointerException
Use nightly to fix Cannot invoke "org.keycloak.models.RealmModel.getClientScopesStream()" because "realm" is null

Until 23.0.2 is out

https://github.com/keycloak/keycloak/pull/25313

https://github.com/keycloak/keycloak/issues/25176
https://github.com/keycloak/keycloak/issues/25183
2023-12-14 01:53:29 +01:00
teutat3s 17baf5aa2f
Merge pull request 'feat: nixpkgs updates 2023-12-13' (#81) from feat/nixpkgs-updates into main
Reviewed-on: pub-solar/infra#81
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-12-14 00:19:21 +00:00
teutat3s e6177069ab
fix(security): pull in forgejo 1.20.6-1 early
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1206-1

https://github.com/NixOS/nixpkgs/pull/274026
https://nixpk.gs/pr-tracker.html?pr=274026

• Added input 'release-2311':
    'github:nixos/nixpkgs/c15f414581b4eb4113eed52ed303a1e62771fb6f' (2023-12-13)
2023-12-14 00:49:21 +01:00
teutat3s 4562bda0bf
fix(ci): avoid nix trying to use GH access-token
The GITHUB_TOKEN env var is set on each step by
https://code.forgejo.org/forgejo/runner, but only to communicate with
forgejo to access the repo (if it is private)

error: unable to download '4e422edf6b': HTTP error 401
2023-12-14 00:40:38 +01:00
teutat3s efb789d658
docs: how to show diff with nix before deploying
updates
2023-12-14 00:40:38 +01:00
teutat3s 294f3b7836
fix: add result to gitignore 2023-12-14 00:40:37 +01:00
teutat3s e8bab677db
chore: update flake inputs
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/660180bbbeae7d60dad5a92b30858306945fd427' (2023-11-02)
  → 'github:serokell/deploy-rs/915327515f5fd1b7719c06e2f1eb304ee0bdd803' (2023-12-13)
• Updated input 'deploy-rs/flake-compat':
    'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
  → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'deploy-rs/utils':
    'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
  → 'github:numtide/flake-utils/4022d587cbbfd70fe950c1e2083a02621806a725' (2023-12-04)
• Added input 'deploy-rs/utils/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'home-manager':
    'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
  → 'github:nix-community/home-manager/6761b8188b860f374b457eddfdb05c82eef9752f' (2023-12-10)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/7c9168884128ed4634751b3e2f5553b09d7b8cb0' (2023-11-28)
  → 'github:srid/nixos-flake/4e422edf6b511f8e214b392cf1a0d4707a0399a4' (2023-12-09)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
  → 'github:nixos/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7' (2023-12-12)
• Updated input 'unstable':
    'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
  → 'github:nixos/nixpkgs/a9bf124c46ef298113270b1f84a164865987a91c' (2023-12-11)
2023-12-14 00:40:31 +01:00
teutat3s f0fb575c81
Merge pull request 'feat: grafana + prometheus + loki on flora-6' (#77) from feat/grafana into main
Reviewed-on: pub-solar/infra#77
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-13 23:21:32 +00:00
teutat3s d734adce58
fix: new Greenbaum mail server is mail.greenbaum.zone 2023-12-13 20:45:35 +01:00
teutat3s e3d4f61a42
feat(nachtigall): send logs to loki, https+basic auth
Use caddy as reverse proxy for loki on flora-6, add basic auth

Add promtail to nachtigall, push logs to flora-6
2023-12-13 19:18:56 +01:00
teutat3s 10bb3295de
fix: grafana editor role is unused for now 2023-12-13 17:52:01 +01:00
teutat3s e8cf4dceb0
fix(flora-6): allow traffic from br-+ interfaces 2023-12-13 17:51:34 +01:00
teutat3s 1b9a6bb0c2
fix: don't ignore interfaces that can change 2023-12-13 02:12:12 +01:00
teutat3s 219b67df20
fix: add 4 logs retention for loki 2023-12-13 02:12:12 +01:00
teutat3s 6c1fa290e8
feat(prometheus): add job to scrape nachtigall.pub.solar 2023-12-13 02:12:12 +01:00
teutat3s d5b59ea18a
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
2023-12-13 02:12:11 +01:00
teutat3s fdda65eea9
feat: init loki 2023-12-13 02:12:11 +01:00
teutat3s 0e290f080e
feat(grafana): provision node-exporter dashboard 2023-12-13 02:12:11 +01:00
teutat3s 6b15d72d85
fix: systemd-networkd-wait-online timing out 2023-12-13 02:12:11 +01:00
teutat3s 35487b53c7
fix: DNS record for grafana.pub.solar 2023-12-13 02:12:11 +01:00
teutat3s 2f7eccc970
fix: grafana root_url needs https://, role mapping 2023-12-13 02:12:11 +01:00
teutat3s 630723516d
fix: remove DNS ttl until we need it again 2023-12-13 02:12:11 +01:00
teutat3s 8dc908aabd
feat(flora-6): init grafana + prometheus on
grafana.pub.solar
2023-12-13 02:12:10 +01:00
teutat3s 6f0801d419
Merge pull request 'forgejo: allow webhooks to all pub.solar subdomains' (#80) from fix/forgejo-matrix-webhook into main
Reviewed-on: pub-solar/infra#80
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-12-13 01:11:48 +00:00
teutat3s efe31cadd9
Merge pull request 'ci: cache nix-store using nix-community/cache-nix-action' (#65) from ci/enable-cache into main
Reviewed-on: pub-solar/infra#65
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-13 00:59:09 +00:00
teutat3s ebc7abf685
ci: dependencies now included in actions-base-image
https://git.pub.solar/pub-solar/actions-base-image
2023-12-13 01:52:01 +01:00
teutat3s e4c4644a8e
ci: cache using nix-community/cache-nix-action
https://github.com/nix-community/cache-nix-action
2023-12-13 01:42:15 +01:00
teutat3s 6bfeb835c2
fix: type INI atom (null, bool, int, float or string)
option `services.gitea.settings.webhook.ALLOWED_HOST_LIST' is not of
type `INI atom (null, bool, int, float or string)'
2023-12-08 17:37:28 +01:00
Benjamin Bädorf 97a592a53e
forgejo: allow webhooks to all pub.solar subdomains
This should fix the following error that was occuring while trying to post
notices to matrix channels:

```
Delivery: Put "https://matrix.pub.solar/_matrix/client/r0/rooms/[...]": dial tcp [::1]:443: webhook can only call allowed HTTP servers (check your webhook.ALLOWED_HOST_LIST setting), deny 'matrix.pub.solar([::1]:443)'
```
2023-12-08 17:12:02 +01:00
teutat3s a3ce107c73
Merge pull request 'feat: backup matrix-synapse, matrix-appservice-irc, mautrix-telegram to storagebox' (#76) from feat/matrix-backups into main
Reviewed-on: pub-solar/infra#76
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-08 15:36:10 +00:00
teutat3s ac582d3f6f
Merge pull request 'docs: add how to manage DNS records with terraform' (#79) from docs-terraform-dns into main
Reviewed-on: pub-solar/infra#79
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-08 15:35:55 +00:00
teutat3s 75e4179f42
Merge pull request 'fix: new Greenbaum mail hostname is mail.greenbaum.zone' (#78) from fix/mail-server into main
Reviewed-on: pub-solar/infra#78
2023-12-06 18:19:18 +00:00
teutat3s 21e620a12c
docs: add how to manage DNS records with terraform 2023-12-06 18:41:23 +01:00
teutat3s caaab0e14d
fix: new Greenbaum mail server is mail.greenbaum.zone 2023-12-05 20:57:26 +01:00
teutat3s 5c664a0401
Merge pull request 'NixOS 23.11 fixes' (#75) from fix/nixos-23.11-fixes into main
Reviewed-on: pub-solar/infra#75
2023-12-03 13:20:51 +00:00
teutat3s 3ac327a750
feat: backup matrix-synapse, matrix-appservice-irc,
mautrix-telegram to storagebox
2023-12-03 13:11:25 +01:00
teutat3s 790848ef69
fix: update keycloak pub.solar theme
1ee87a1884
2023-12-03 12:14:47 +01:00
Akshay Mankar 75270321d5
fix: Allow matrix-appservice-irc to chown things
@chown is part of @privileged. It is used by sed which is used to manage the
registration.yaml
2023-12-02 17:22:28 +01:00
teutat3s becaa9d649
fix: revert mautrix-telegram changes 2023-12-02 16:09:15 +01:00
teutat3s 37528c0874
fix: mautrix-telegram ExecStart missing \ 2023-12-02 15:44:40 +01:00
teutat3s 1cfe140e77
fix: mkForce mautrix-telegram ExecStart 2023-12-02 15:43:52 +01:00
teutat3s 038d80a801
feat: DNS updates
Fix turn domain used by coturn
2023-12-02 15:36:03 +01:00
teutat3s f911ac7bad
fix(matrix-synapse): needs to defince oidc extras
after NixOS module updates
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights
2023-12-02 15:35:02 +01:00
teutat3s 904a73b51d
fix(mautrix-telegram): should not try to update config
See: https://github.com/mautrix/python/pull/152
2023-12-02 15:33:58 +01:00
teutat3s 35a4ac5619
Merge pull request 'feat: NixOS 23.11 Tapir' (#74) from feat/nixos-23.11 into main
Reviewed-on: pub-solar/infra#74
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-02 12:53:18 +00:00
teutat3s 3e7af270c1
Merge pull request 'nextcloud: add skeleton directory that adds a good readme for new users' (#73) from feat/nextcloud-improved-skeleton into main
Reviewed-on: pub-solar/infra#73
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-12-02 12:53:08 +00:00
teutat3s 7cf6f51516
fix: nextcloud interned strings buffer defaults to 23 now 2023-12-02 11:58:48 +01:00
teutat3s 2ee4bc5682
feat: NixOS 23.11 Tapir
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights

Track nixos-23.11 branch, remove unstable overlays

This will update our services to the following versions:
nextcloud: 27.1.3 -> 27.1.4
forgejo: 1.20.5-0 -> 1.20.6-0
keycloak: 21.1.2 -> 22.0.5
matrix-synapse: 1.95.1 -> 1.97.0

Internal:
postgresql: 14.9 -> 15.5

Flake inputs diff:
• Updated input 'home-manager':
    'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d2332963662edffacfddfad59ff4f709dde80ffe' (2023-11-30)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
2023-12-02 11:13:56 +01:00
Benjamin Bädorf 1d3934693b
nextcloud: add skeleton directory that adds a good readme for new users
Co-authored-by: teutat3s <teutates@mailbox.org>
2023-12-02 11:11:16 +01:00
teutat3s 4d7e1c3c94
chore: bump flake inputs
• Updated input 'agenix':
    'github:ryantm/agenix/daf42cb35b2dc614d1551e37f96406e4c4a2d3e4' (2023-10-08)
  → 'github:ryantm/agenix/13ac9ac6d68b9a0896e3d43a082947233189e247' (2023-11-29)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8c9fa2545007b49a5db5f650ae91f227672c3877' (2023-11-01)
  → 'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735?dir=lib' (2023-10-29)
  → 'github:NixOS/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58?dir=lib' (2023-11-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
  → 'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/e67f2bf515343da378c3f82f098df8ca01bccc5f' (2023-11-13)
  → 'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d' (2023-11-24)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/40010feda1ac1afdcc2571ef550ef3de44926b0e' (2023-11-12)
  → 'github:srid/nixos-flake/7c9168884128ed4634751b3e2f5553b09d7b8cb0' (2023-11-28)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
  → 'github:nixos/nixpkgs/d2332963662edffacfddfad59ff4f709dde80ffe' (2023-11-30)
• Updated input 'unstable':
    'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
  → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
2023-12-02 10:58:38 +01:00