b12f
87f9bc92df
modules/forgejo: allow migrations from local networks
2024-11-14 11:10:44 +00:00
teutat3s
3b29b847b0
Merge pull request 'coturn: fix secret path' ( #265 ) from fix-coturn-secret into main
...
Reviewed-on: pub-solar/infra#265
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 20:39:47 +00:00
teutat3s
4923f033f5
coturn: fix secret path
...
this is fallout that was overlooked in #250
2024-11-13 21:25:12 +01:00
teutat3s
2424a3ec8b
Merge pull request 'keycloak: fix registration with pub.solar theme' ( #264 ) from fix-keycloak-theme-for-registration into main
...
Reviewed-on: pub-solar/infra#264
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 19:48:15 +00:00
teutat3s
b41edf0cfb
Merge pull request 'core: add activationScript to show closure diff' ( #260 ) from closure-diffs into main
...
Reviewed-on: pub-solar/infra#260
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 19:47:17 +00:00
teutat3s
0d6da8d678
Merge pull request 'maintenance: updates for element-web, forgejo, matrix-synapse and others' ( #259 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#259
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-13 19:47:05 +00:00
teutat3s
b87670d07d
keycloak: fix registration with pub.solar theme
...
This pulls in changes from
* pub-solar/keycloak-theme#3
* pub-solar/keycloak-theme#4
2024-11-13 20:34:38 +01:00
teutat3s
73333537a5
Merge pull request 'alertmanager: alert on high load only after 20m' ( #255 ) from alerts-tweak-load into main
...
Reviewed-on: pub-solar/infra#255
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-12 14:47:53 +00:00
teutat3s
45d3b939bf
Merge pull request 'matrix-appservice-irc: reduce logging level to warn' ( #256 ) from irc-reduce-logging into main
...
Reviewed-on: pub-solar/infra#256
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-12 14:47:44 +00:00
teutat3s
904c7ed1e4
Merge pull request 'secrets: remove leftover secret files' ( #257 ) from secrets-cleanup into main
...
Reviewed-on: pub-solar/infra#257
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-12 14:47:35 +00:00
teutat3s
ab85ba751a
alertmanager: enable e2e_dead_man_switch
2024-11-12 13:41:42 +01:00
teutat3s
a9c5edfeb3
alertmanager: don't alert on high memory page faults
...
This alert is non actionable, we still monitor high memory usage.
2024-11-12 13:40:46 +01:00
teutat3s
7067d93ee2
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
→ 'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
→ 'github:hercules-ci/flake-parts/506278e768c2a08bec68eb62932193e341f55c90' (2024-11-01)
• Updated input 'flake-parts/nixpkgs-lib':
'fb192fec7c
.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
→ 'cc2f280002
.tar.gz?narHash=sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s%3D' (2024-11-01)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
→ 'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
→ 'github:nixos/nixpkgs/9256f7c71a195ebe7a218043d9f93390d49e6884' (2024-11-10)
• Updated input 'unstable':
'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
→ 'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09)
2024-11-11 20:05:12 +01:00
teutat3s
e48fe612e2
core: add activationScript to show closure diff
...
This is useful when updating a host, by doing a dry-run with deploy-rs
we get a list of changed package versions.
2024-11-11 18:02:47 +01:00
teutat3s
34ce43a5e0
secrets: remove leftover secret files
...
After cleanup:
❯ find ./secrets -type f -name "*.age" | wc -l
64
❯ rg publicKeys secrets/secrets.nix | wc -l
64
2024-11-07 12:22:27 +01:00
teutat3s
43b0c8d489
matrix-appservice-irc: reduce logging level to warn
2024-11-06 21:29:27 +01:00
teutat3s
afe52ca6af
alertmanager: alert on high load only after 20m
2024-11-06 21:28:28 +01:00
teutat3s
da529b023e
Merge pull request 'ci: use treefmt2 with flag --ci
' ( #248 ) from ci-treefmt into main
...
Reviewed-on: pub-solar/infra#248
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:40:03 +00:00
teutat3s
cf39137340
Merge pull request 'docs: more garage CLI usage, avoid leaking secret' ( #246 ) from docs-garage into main
...
Reviewed-on: pub-solar/infra#246
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:39:53 +00:00
teutat3s
18683d383f
Merge pull request 'docs: add examples for cachix usage' ( #230 ) from docs-cachix into main
...
Reviewed-on: pub-solar/infra#230
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-11-06 14:39:44 +00:00
teutat3s
d8a793190d
Merge pull request 'matrix-authentication-service: init, test, migrate synapse' ( #250 ) from mas-init into main
...
Reviewed-on: pub-solar/infra#250
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-10-30 20:02:53 +00:00
teutat3s
3ec5c9f343
style: fix formatting
2024-10-30 20:32:47 +01:00
teutat3s
7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into
...
synapse now, update synapse config to use matrix-authentication-service
2024-10-30 20:31:29 +01:00
b12f
041d311bb2
modules/matrix: rename used config options
2024-10-30 18:37:47 +01:00
teutat3s
9d9bcf9a15
mas: move to module, add secrets for prod
2024-10-30 18:37:46 +01:00
b12f
4434a90136
modules/matrix: rename secrets to not include hostnames
2024-10-30 18:37:46 +01:00
teutat3s
472f9aa68b
dns: list.pub.solar should be A / AAAA records
2024-10-30 18:37:46 +01:00
teutat3s
c9c2d06a98
dns: add CNAME record for mas.pub.solar
2024-10-30 18:37:46 +01:00
teutat3s
8244e605b6
fix: passkey support in pub.solar keycloak theme
2024-10-30 18:37:46 +01:00
teutat3s
9d7d251369
style: fix formatting
2024-10-30 18:37:46 +01:00
teutat3s
7775ad332e
matrix: do not change paths for nachtigall secrets
2024-10-30 18:37:46 +01:00
teutat3s
d6cc9c8164
matrix-authentication-service: init host underground
...
to test mas, related to #242
2024-10-30 18:37:45 +01:00
teutat3s
4c51eda8b6
Merge pull request 'modules/tt-rss: pin on revision' ( #253 ) from update-tt-rss into main
...
Reviewed-on: pub-solar/infra#253
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-10-30 17:37:10 +00:00
b12f
471d7650ff
modules/tt-rss: pin on revision
2024-10-30 18:35:18 +01:00
teutat3s
9cc50ed678
Merge pull request 'maintenance: updates for mastodon, matrix-synapse' ( #249 ) from flake-updates-2024-10-24 into main
...
Reviewed-on: pub-solar/infra#249
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 16:16:06 +00:00
teutat3s
4309cc9cdd
ci: use treefmt2 with flag --ci
...
Update treefmt to version 2.
This adds the following flags for CI usage:
"--no-cache, --fail-on-change and adjusting some other settings best suited to a CI".
See: https://treefmt.com/usage
2024-10-24 15:43:00 +02:00
teutat3s
08f5c5ce67
docs: more garage CLI usage, avoid leaking secret
2024-10-24 15:10:44 +02:00
teutat3s
870e81ee4c
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
→ 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
→ 'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
→ 'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
• Updated input 'unstable':
'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
→ 'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
2024-10-24 14:53:39 +02:00
teutat3s
cef7a561f3
Merge pull request 'garage: fix wildcard DNS cert renewal with wildcard CNAME records' ( #245 ) from fix-dns-cert-renewal into main
...
Reviewed-on: pub-solar/infra#245
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 12:51:41 +00:00
teutat3s
281701b7b6
Merge pull request 'docs: fix IP for keycloak admin API' ( #247 ) from update-docs into main
...
Reviewed-on: pub-solar/infra#247
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 12:51:31 +00:00
teutat3s
90bbaad7b7
Merge pull request 'trinkgenossin: fix network in initrd' ( #244 ) from trinkgenossin-remote-luks into main
...
Reviewed-on: pub-solar/infra#244
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-24 12:51:18 +00:00
teutat3s
6a15c09509
docs: add hint how to get CACHIX_AUTH_TOKEN
2024-10-23 20:59:07 +02:00
teutat3s
94d7db1331
docs: add examples for cachix usage
2024-10-23 20:59:06 +02:00
teutat3s
633f0a4402
docs: fix IP for keycloak admin API
2024-10-23 20:28:55 +02:00
teutat3s
9758aeda5d
garage: fix wildcard DNS cert renewal with wildcard
...
CNAME records
By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
2024-10-23 20:18:57 +02:00
teutat3s
2c29d27ce7
style: remove redundant brackets
2024-10-23 20:18:03 +02:00
teutat3s
31a885926b
trinkgenossin: fix network in initrd, virtio_net
...
kernel module was missing. Also this is a QEMU host, hyperV is not
required.
2024-10-23 20:17:32 +02:00
teutat3s
0ae6bc637b
Merge pull request 'mastodon: host media files on pub.solar garage cluster' ( #239 ) from mastodon-media-on-garage into main
...
Reviewed-on: pub-solar/infra#239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-23 15:24:28 +00:00
teutat3s
5300f381b0
nginx: use safer request_uri variable
...
Fix >> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
2024-10-17 21:15:57 +02:00
teutat3s
8a18ee452b
garage: fix s3_api root_domain
2024-10-17 21:15:57 +02:00