teutat3s
7037abb8f3
fix: forgejo needs module from nixos-unstable
...
for SSH access
2023-11-19 02:23:34 +01:00
teutat3s
8bc731da6e
Merge pull request 'feat: backups to hetzner storagebox' ( #66 ) from feat/backups-to-storagebox into main
...
Reviewed-on: pub-solar/infra#66
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:13:17 +00:00
teutat3s
40ed46b05b
Merge pull request 'feat: pull in forgejo + mastodon updates early' ( #64 ) from feat/early-forgejo-mastodon-updates into main
...
Reviewed-on: pub-solar/infra#64
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:13:06 +00:00
teutat3s
e41127593b
Merge pull request 'fix(nextcloud): push server is not a trusted proxy' ( #62 ) from fix/nextcloud-trusted-proxies into main
...
Reviewed-on: pub-solar/infra#62
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:12:50 +00:00
teutat3s
a461fc72f6
feat(backups): start backups in 5 minute interval
2023-11-18 22:41:48 +01:00
teutat3s
2195b7ed0a
feat: backups to hetzner storagebox
2023-11-18 22:30:23 +01:00
teutat3s
37176a52ce
feat: mastodon module updates from nixos-unstable
...
Pull in changes from https://github.com/NixOS/nixpkgs/pull/251950 early
2023-11-18 18:46:23 +01:00
teutat3s
d26b3c12f4
fix(nextcloud): push server is not a trusted proxy
...
The nextcloud push service would fail with the following error message
when deploying a new version:
please add '2a01:4f8:172:1c25::1' to the list of trusted proxies or
configure any existing reverse proxy to forward the 'x-forwarded-for'
send by the push server
The following x-forwarded-for header was received by Nextcloud: 1.2.3.4
The following trusted proxies are currently configured: "127.0.0.1", "::1"
https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies
2023-11-18 18:12:38 +01:00
teutat3s
c88a0608f6
fix: matrix delegation via well-known for test domain
...
We use pub.solar as our server_name and matrix.pub.solar:8448 for matrix
federation traffic. The well-known record served at
https://pub.solar/.well-known/matrix/server should point to
matrix.pub.solar:8448. The same is true for test.pub.solar and
matrix.test.pub.solar:8448.
https://matrix-org.github.io/synapse/latest/delegate.html
2023-11-18 17:46:56 +01:00
Benjamin Bädorf
33e003d4b4
feat: add wellknown for matrix test domain
2023-11-18 17:32:56 +01:00
teutat3s
f2364b314a
fix: keycloak secret file permissions
2023-11-15 21:43:44 +01:00
b12f
f5185e5c15
feat: add mediawiki
...
Co-authored-by: @teutat3s <teutates@mailbox.org>
2023-11-15 21:40:29 +01:00
teutat3s
25549fdc53
fix: link to our statutes / satzung
2023-11-15 18:54:47 +00:00
teutat3s
9c1d19d49f
nachtigall: move SSH private key from user to host
2023-11-15 18:54:32 +00:00
teutat3s
43512ae6e7
forgejo-actions-runner: use Node.js docker images
...
Regenerate auth token
2023-11-15 18:54:32 +00:00
teutat3s
1bd7e5c0e7
docs: clean up
2023-11-15 18:54:32 +00:00
teutat3s
7be3567e6d
flora-6: refactor to use flake.parts
2023-11-15 18:54:32 +00:00
teutat3s
e041f05505
feat: advertise sliding sync support to matrix clients
2023-11-10 19:02:13 +01:00
Benjamin Bädorf
b085c2e2b2
feat: add all matrix well-known data to nginx
2023-11-07 15:19:55 +01:00
Benjamin Bädorf
6fa03994b1
fix: add matrix well-known for pub.solar
2023-11-07 15:12:24 +01:00
Benjamin Bädorf
d69e0350ef
fix: use clean new directory for backups on droppie
2023-11-06 22:59:17 +00:00
Benjamin Bädorf
07df547f33
fix: specify sftp storage for droppie restic backups
2023-11-06 22:59:17 +00:00
teutat3s
428fcab009
fix: store forgejo sessions in DB
...
See:
https://docs.gitea.com/administration/config-cheat-sheet#session-session
2023-11-06 22:34:51 +01:00
Benjamin Bädorf
c8233cf6a7
chore: simplify sudo command for backups
2023-11-06 22:22:36 +01:00
Benjamin Bädorf
052d752d27
feat: add settings_local.json to mailman-web backup
2023-11-06 22:20:29 +01:00
Benjamin Bädorf
841757517f
refactor: small backup refactoring
2023-11-06 21:07:24 +00:00
Benjamin Bädorf
42fbde31e5
feat: droppie backups for all nachtigall services
2023-11-06 21:07:24 +00:00
Benjamin Bädorf
e7c70c6cd0
fix: nachtigall root ssh key config fixes
2023-11-06 21:07:24 +00:00
teutat3s
6a96345760
feat: enable gitea actions in forgejo
...
See: https://docs.gitea.com/usage/actions/quickstart
2023-11-06 22:06:16 +01:00
Benjamin Bädorf
e8ad662631
refactor: change file structure to use modules dir
...
This commit changes the file structure around, so that we have the
following parts:
`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.
This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00
Benjamin Bädorf
d011cb04e1
feat: add declarative root ssh key on nachtigall
2023-11-05 19:35:37 +01:00
Benjamin Bädorf
633549159e
fix: keep forgejo email addresses private by default
2023-11-05 15:06:30 +01:00
b12f
90b0fb53e6
Merge pull request 'fix: enable websockets for collabora' ( #43 ) from fix/collabora-websockets into main
...
Reviewed-on: pub-solar/infra#43
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-11-03 17:12:45 +00:00
teutat3s
b9e18a167c
fix: keycloak nginx buffer size
...
Tune according to
https://www.getpagespeed.com/server-setup/nginx/tuning-proxy_buffer_size-in-nginx
2023-11-03 13:54:11 +01:00
teutat3s
cd1fa3daef
fix: enable websockets for collabora
...
Adopt upstream recommended nginx config
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-nginx-webserver
2023-11-03 12:52:32 +01:00
teutat3s
9fc42c44a8
fix: tune nextcloud / php-fpm pool settings
...
Calculated on https://spot13.com/pmcalculator/
with 4GiB RAM available, average php-fpm process size 80MiB
Original settings are
pm = dynamic
pm.max_children = 32
pm.max_requests = 500
pm.max_spare_servers = 4
pm.min_spare_servers = 2
pm.start_servers = 2
2023-10-31 21:24:27 +01:00
Benjamin Bädorf
cb26fa3d00
chore: disable uwsgi logging on searx
2023-10-29 23:51:28 +01:00
Benjamin Bädorf
1db27813dd
fix: Searx is running
2023-10-29 23:49:45 +01:00
teutat3s
a7b3490c15
Merge pull request 'fix: owncast websockets, forgejo max body size in nginx' ( #38 ) from fix-owncast into main
...
Reviewed-on: pub-solar/infra#38
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-29 22:12:21 +00:00
teutat3s
505602bd73
fix: set max body size to 1G for forgejo
2023-10-29 23:04:33 +01:00
teutat3s
9898e35208
fix: enable websockets in nginx for owncast
2023-10-29 23:04:11 +01:00
Benjamin Bädorf
edc76ebb1b
chore: add search.pub.solar dns entry
2023-10-29 22:14:13 +01:00
teutat3s
e28cedb274
fix: owncast missing import, enable websockets
2023-10-29 22:10:29 +01:00
Benjamin Bädorf
fe6edd54b1
feat: searx
2023-10-29 20:57:26 +01:00
teutat3s
94c7b6d7db
fix: postgresql service should always wait for ZFS mount
2023-10-29 20:53:16 +01:00
Benjamin Bädorf
f013c6e3f8
feat: make docker run on zfs, add unlocking docs
2023-10-29 19:39:48 +00:00
Benjamin Bädorf
a10d77dcf6
fix: increase php strings cache size for nextcloud
...
https://github.com/nextcloud/server/issues/31223
2023-10-29 19:39:48 +00:00
Benjamin Bädorf
13d46c22c5
fix: nextcloud connections to other applications
2023-10-29 19:39:48 +00:00
Benjamin Bädorf
2c2d77456e
chore: update nextcloud to v27
2023-10-29 19:39:48 +00:00
Benjamin Bädorf
7b4b79f5d4
fix: add host header to collabora nginx proxy_pass
2023-10-29 19:39:48 +00:00
Benjamin Bädorf
8ad19f72fc
fix: small nextcloud fixes
...
* Add admin pass
* Increase max post size
* Fix secret owner
2023-10-29 19:39:48 +00:00
teutat3s
4897317f4f
feat: add more nginx recommended settings
2023-10-29 15:40:35 +00:00
teutat3s
f48782e987
feat: owncast initial commit
...
https://owncast.online/
2023-10-29 15:40:35 +00:00
Benjamin Bädorf
4d50282ab3
Merge branch 'feat/nextcloud' of git.pub.solar:pub-solar/infra-new into feat/nextcloud
2023-10-29 13:52:50 +01:00
Benjamin Bädorf
42879bde05
fix: don't set maintenance mode in nix config
2023-10-29 13:52:11 +01:00
Benjamin Bädorf
569ff3ee03
fix: fix php package name
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
d2c6756371
chore: use php8.2 for nextcloud
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
a14af74d82
fix: don't global bind collabora
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
f33a7c48e7
feat: add collabora
2023-10-29 12:49:36 +00:00
Hendrik Sokolowski
1577462c94
add virtualhost for nextcloud
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
c187b59bd7
feat: add nextcloud secrets
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
422b1ba33e
feat: add complete nextcloud config without secrets
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
41c5f1797c
feat: nextcloud initial commit
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
c6453f2631
feat: add complete nextcloud config without secrets
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
8a2889fd46
feat: nextcloud initial commit
2023-10-29 12:49:36 +00:00
Benjamin Bädorf
b42917de78
fix: fix php package name
2023-10-29 13:46:52 +01:00
Benjamin Bädorf
ac817a7ca2
chore: use php8.2 for nextcloud
2023-10-29 13:46:06 +01:00
Benjamin Bädorf
25f4c8d296
fix: don't global bind collabora
2023-10-29 13:43:41 +01:00
Benjamin Bädorf
3cb548d77a
feat: add collabora
2023-10-29 13:42:50 +01:00
Hendrik Sokolowski
ea7996ce0a
add virtualhost for nextcloud
2023-10-29 13:42:23 +01:00
Benjamin Bädorf
ece8e9156a
feat: add nextcloud secrets
2023-10-29 13:42:22 +01:00
Benjamin Bädorf
9244a42a20
feat: add complete nextcloud config without secrets
2023-10-29 13:42:01 +01:00
Benjamin Bädorf
1425492e19
feat: nextcloud initial commit
2023-10-29 13:42:00 +01:00
Benjamin Bädorf
8737ddbe6c
feat: add complete nextcloud config without secrets
2023-10-29 13:41:43 +01:00
Benjamin Bädorf
db77fcc378
feat: nextcloud initial commit
2023-10-29 13:41:41 +01:00
Akshay Mankar
eaf99a2d78
nachtigall: Add nginx config for serving matrix-synapse
2023-10-29 13:39:20 +01:00
teutat3s
5aa4f8b947
fix: mailman web static dir permissions
2023-10-29 12:38:12 +00:00
teutat3s
e859cbbc10
fix: reduce forgejo logs to warning level
2023-10-29 12:38:12 +00:00
Benjamin Bädorf
f1fc31eea7
fix: update mailman nginx https settings
2023-10-29 12:38:12 +00:00
Benjamin Bädorf
b7d0e23703
refactor: add nginx to mastodon group in mastodon module
2023-10-29 12:38:12 +00:00
teutat3s
e9ef6be915
fix: use 127.0.0.1 IPv4 instead of localhost to avoid errors
...
with localhost resolving to IPv6
2023-10-29 12:30:36 +01:00
teutat3s
f168a5393f
Merge pull request 'nachtigall: Configure matrix-synapse with telegram integration' ( #7 ) from feat/matrix into main
...
Reviewed-on: pub-solar/infra-new#7
Reviewed-by: teutat3s <teutates@mailbox.org>
2023-10-29 00:56:00 +00:00
teutat3s
688f9279d1
feat: move matrix related files into subdir
2023-10-29 02:55:35 +02:00
Benjamin Bädorf
b8431f595e
nachtigall: Configure matrix-synapse with telegram integration
2023-10-29 01:37:44 +02:00
teutat3s
2916ca4cd3
feat: mailman initial commit
2023-10-29 00:31:09 +02:00
Benjamin Bädorf
b311b513d0
fix: gitea secrets
2023-10-28 23:55:39 +02:00
Benjamin Bädorf
cda39f5e2a
feat: add forgejo
2023-10-28 23:36:04 +02:00
teutat3s
620c1715b4
fix: import keycloak module
2023-10-28 23:33:07 +02:00
Benjamin Bädorf
4f7b30c2c3
fix: use flake.inputs instead of inputs directly
2023-10-28 23:18:44 +02:00
Benjamin Bädorf
16a5ee93cc
fix: enable SSL for keycloak
2023-10-28 23:06:35 +02:00
Benjamin Bädorf
ce24876f3d
feat: add keycloak secrets and virtualhost
2023-10-28 23:06:35 +02:00
Benjamin Bädorf
5139cbe2db
feat: init keycloak
2023-10-28 23:06:35 +02:00
teutat3s
347d175a8a
feat: add mastodon redirects for OIDC using keycloak
2023-10-28 23:00:07 +02:00
teutat3s
310723a18c
fix: nginx tls connection to upstream
2023-10-28 22:52:57 +02:00
teutat3s
401baf5900
fix: nginx files.pub.solar proxy_pass host header
2023-10-28 22:15:40 +02:00
teutat3s
e9fc2dabbe
fix: enable recommendedProxySettings for nginx
...
https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=recommendedProxySettings
2023-10-28 21:42:01 +02:00
teutat3s
8b09f19add
fix: nginx user needs access to mastodon's unix socket
2023-10-28 21:30:37 +02:00
teutat3s
6f4741fae0
fix: missing nginx proxy cache zone
2023-10-28 21:12:33 +02:00
teutat3s
1983edcc5b
fix: add nginx virtualHost for mastodon
...
We use pub.solar as our LOCAL_DOMAIN and mastodon.pub.solar as our
WEB_DOMAIN. The NixOS module does not support this special use case.
See: https://github.com/NixOS/nixpkgs/issues/202399
2023-10-28 18:56:22 +02:00
teutat3s
d4ab1756b3
fix: files.pub.solar force TLS, remove default site
2023-10-28 18:24:14 +02:00
Hendrik Sokolowski
1d68ed73c3
add nginx virtual host for files.pub.solar
2023-10-28 18:24:13 +02:00
teutat3s
8a0ac64eac
Merge pull request 'fix: nginx config for pub.solar website' ( #22 ) from fix-nginx into main
...
Reviewed-on: pub-solar/infra-new#22
Reviewed-by: hensoko <hensoko@gssws.de>
2023-10-28 18:22:40 +02:00
teutat3s
f804de372c
Merge pull request 'feat: mastodon + agenix secrets' ( #13 ) from feat-mastodon into main
...
Reviewed-on: pub-solar/infra-new#13
Reviewed-by: hensoko <hensoko@gssws.de>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-10-28 18:22:31 +02:00
teutat3s
c162d46094
fix: address review comments
2023-10-28 18:18:06 +02:00
teutat3s
1e19efe20e
docs: add comment about streaming processes
2023-10-28 18:07:29 +02:00
teutat3s
5ffc4f67ff
fix: nginx config for pub.solar website
2023-10-28 17:50:37 +02:00
teutat3s
6408288049
fix: ensure directory for website static files gets created
2023-10-28 17:03:22 +02:00
teutat3s
0944b2d11c
feat: enable nginx for mastodon
...
https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/mastodon.nix#L762-L785
2023-10-28 17:02:03 +02:00
teutat3s
e43cb021ce
feat: use mastodon version 4.2.1 from our fork
...
This still needs updates in the NixOS module to account for the changes
in https://github.com/mastodon/mastodon/pull/24655 that change how
multiple streaming processes run. Hopefully this is fine for a single
streaming process though.
https://github.com/NixOS/nixpkgs/pull/251950
https://github.com/teutat3s/nixpkgs/tree/mastodon-4.2.1
2023-10-28 16:57:24 +02:00
teutat3s
2135a5e841
chore: move mastodon + postgres into apps directory
2023-10-28 16:57:23 +02:00
hensoko
0f527e3f41
Merge pull request 'feature/pub-solar-website' ( #20 ) from feature/pub-solar-website into main
...
Reviewed-on: pub-solar/infra-new#20
2023-10-28 16:56:49 +02:00
Benjamin Bädorf
c56f11a034
chore: remove link for PubsolarOS downloads
2023-10-28 16:31:16 +02:00
Hendrik Sokolowski
6630dd8ce6
Add nginx configuration for pub.solar website
2023-10-28 16:26:02 +02:00
Hendrik Sokolowski
05b880da4b
Update to new standards
2023-10-28 16:25:48 +02:00
Hendrik Sokolowski
710b81c94c
use nginx
2023-10-28 15:34:31 +02:00
teutat3s
3690b3cf9d
fix: mount zfs datasets declaratively
2023-10-28 15:19:48 +02:00
teutat3s
a5b32302c1
fix: use caddy module from nixos-unstable
2023-10-28 15:06:57 +02:00
Akshay Mankar
49890bc53d
Merge pull request 'nachtigall: Mount /var/lib as a separate ZFS dataset' ( #16 ) from var-lib-is-zfs into main
...
Reviewed-on: pub-solar/infra-new#16
Reviewed-by: hensoko <hensoko@gssws.de>
2023-10-28 14:18:27 +02:00
Akshay Mankar
c42fadab6d
nachtigall: Mount /var/lib as a separate ZFS dataset
...
This would help keep all application data out of the root partion by default
2023-10-28 14:14:29 +02:00
Akshay Mankar
bdc5033bf4
nachtigall/apps/caddy: Remove option from nixos-unstable
...
It is anyway enabled by default
2023-10-28 14:10:25 +02:00
Benjamin Bädorf
8aee160fd1
fix: import networking and nix modules
2023-10-28 14:00:32 +02:00
Benjamin Bädorf
b921201645
feat: caddy
2023-10-28 14:00:32 +02:00
Akshay Mankar
d8e0bbb43b
hosts/nachtigall: Move config to configuration.nix
2023-10-28 11:28:41 +02:00
Akshay Mankar
d935c946b5
nachtigall: Disable debug info
2023-10-28 00:58:13 +02:00
Akshay Mankar
de553e6c7b
nachtigall: Better DNS servers
2023-10-28 00:58:13 +02:00
Akshay Mankar
5554b5191e
Add NixOS config for nachtigall
2023-10-28 00:58:13 +02:00