teutat3s
9758aeda5d
garage: fix wildcard DNS cert renewal with wildcard
...
CNAME records
By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
2024-10-23 20:18:57 +02:00
teutat3s
0ae6bc637b
Merge pull request 'mastodon: host media files on pub.solar garage cluster' ( #239 ) from mastodon-media-on-garage into main
...
Reviewed-on: pub-solar/infra#239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-23 15:24:28 +00:00
teutat3s
5300f381b0
nginx: use safer request_uri variable
...
Fix >> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
2024-10-17 21:15:57 +02:00
teutat3s
8a18ee452b
garage: fix s3_api root_domain
2024-10-17 21:15:57 +02:00
teutat3s
666de2c8f4
mastodon: switch files.pub.solar from storj to garage
...
s3 backend
2024-10-17 21:15:55 +02:00
teutat3s
b1391521b9
Merge pull request 'maintenance: update element-web, keycloak, mastodon, nextcloud' ( #240 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#240
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-17 19:12:37 +00:00
teutat3s
987c0919ca
style: fix formatting
2024-10-17 20:31:47 +02:00
teutat3s
c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable
...
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
2024-10-17 20:31:47 +02:00
teutat3s
3943f34c92
flake.lock: Update
...
Flake lock file updates:
• Updated input 'disko':
'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
→ 'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
→ 'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
→ 'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
• Updated input 'unstable':
'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
→ 'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
2024-10-17 20:31:17 +02:00
b12f
e85807a29b
Merge pull request 'nextcloud: docs how to get debug logs' ( #238 ) from nextcloud-fix-logs into main
...
Reviewed-on: pub-solar/infra#238
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-10-16 15:29:26 +00:00
teutat3s
c53d48384a
nextcloud: document how to get debugging logs
2024-10-16 17:19:49 +02:00
teutat3s
9579f6adde
Merge pull request 'logins: add teutat3s secondary SSH public key' ( #237 ) from teutat3s-add-ssh into main
...
Reviewed-on: pub-solar/infra#237
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-08 22:09:53 +00:00
teutat3s
01ca3b21c2
Merge pull request 'mastodon: actually use opensearch via module option' ( #236 ) from mastodon-full-text-search into main
...
Reviewed-on: pub-solar/infra#236
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-08 21:03:39 +00:00
teutat3s
d085e49925
logins: add teutat3s secondary SSH public key
2024-10-08 19:10:20 +02:00
teutat3s
092a45e3bd
mastodon: actually use opensearch via module option
2024-10-08 19:09:17 +02:00
teutat3s
a8d865bbca
Merge pull request 'maintenance updates for element-web, forgejo, mastodon, matrix-synapse, nextcloud and others' ( #235 ) from flake-updates into main
...
Reviewed-on: pub-solar/infra#235
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-10-05 12:30:07 +00:00
teutat3s
df2f0d4442
flake: refactor, bye srid
...
Refactor flake to work without nixos-flake and use native NixOS module
system. This is because of recent changes to nixos-flake, like renaming it
to nixos-unified and changing the API without a changelog or guide how
to update.
2024-10-05 14:03:40 +02:00
teutat3s
8c8a757f8f
garage: update to 1.0.1
...
https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.1
2024-10-05 13:03:40 +02:00
teutat3s
8600fc64c5
wireguard: fix trinkgenossin IPv4 address
2024-10-05 13:03:40 +02:00
teutat3s
37f210c96f
security: add libolm to permittedInsecurePackages
2024-10-05 13:03:40 +02:00
teutat3s
d675fd8d00
flake.lock: Update
...
Flake lock file updates:
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12)
→ 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76' (2024-09-27)
• Updated input 'disko':
'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22)
→ 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
→ 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'flake-parts/nixpkgs-lib':
'a5d394176e
.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
→ 'fb192fec7c
.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
• Updated input 'home-manager':
'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
→ 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
→ 'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/5734c1d9a5fe0bc8e8beaf389ad6227392ca0108' (2024-07-16)
→ 'github:srid/nixos-flake/47a26bc9118d17500bbe0c4adb5ebc26f776cc36' (2024-10-04)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21)
→ 'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
• Updated input 'unstable':
'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
→ 'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
2024-10-05 13:02:20 +02:00
teutat3s
2e5a7bea4b
Merge pull request 'flora-6: remove' ( #234 ) from remove-flora-6-sad-face into main
...
Reviewed-on: pub-solar/infra#234
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-09-10 15:58:58 +00:00
b12f
4831430455
chore: run nix fmt
2024-09-10 16:02:26 +02:00
teutat3s
663ef8feb1
alerts: fix condition
2024-09-10 16:02:26 +02:00
teutat3s
63fa03e971
alerts.pub.solar: use DNS challenge for cert
2024-09-10 16:02:26 +02:00
teutat3s
faa71b7797
alerts: add check for healthy garage cluster
2024-09-10 16:02:26 +02:00
teutat3s
21a1ae15cb
trinkgenossin: fix duplicate promtail, prometheus-exporter
2024-09-10 16:02:26 +02:00
teutat3s
19723f3812
monitoring: add prometheus-exporter, promtail to
...
delite, blue-shell
add instance labels to garage scrape jobs
2024-09-10 16:02:26 +02:00
teutat3s
ec5e9896fd
delite: use static IP in initrd, DHCP not working
2024-09-10 16:02:25 +02:00
teutat3s
47b076e0a6
loki: store logs in /var/lib/loki
2024-09-10 16:02:25 +02:00
teutat3s
02a146c507
dns: switch to opentofu + terraform-backend-git,
...
use opentofu encrypted state feature
https://opentofu.org/docs/language/state/encryption/#new-project
2024-09-10 16:02:25 +02:00
teutat3s
7e48428fb9
dns: remove old, unused DKIM key
...
We have our own mailserver now
2024-09-10 16:02:25 +02:00
teutat3s
f4f6c14faa
flake: remove triton-vmtools, no longer needed
...
It was only used on flora-6
2024-09-10 16:02:25 +02:00
b12f
1ec5bafa30
flora-6: remove
...
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s
02629598aa
Merge pull request 'obs-portal: fix backups, docker command does not need a TTY' ( #233 ) from obs-backup-fix into main
...
Reviewed-on: pub-solar/infra#233
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-09-09 15:43:14 +00:00
teutat3s
44f708ec76
obs-portal: run backups 1h later to avoid lock conflict
2024-09-09 17:28:57 +02:00
teutat3s
cd82b83427
obs-portal: fix backups, docker command does not
...
need a TTY
2024-08-31 22:05:11 +02:00
teutat3s
2d94ed5a0d
Merge pull request 'obs-portal: add backups' ( #228 ) from obs-portal-backups into main
...
Reviewed-on: pub-solar/infra#228
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:43:10 +00:00
teutat3s
83e4bcd2df
Merge pull request 'mail: add backups' ( #226 ) from mail-backups into main
...
Reviewed-on: pub-solar/infra#226
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:39:25 +00:00
teutat3s
09804f5c25
docs: how-to add backups for new hosts
2024-08-29 16:36:11 +02:00
teutat3s
2eb54a331e
backups: add storagebox to programs.ssh.knownHosts
2024-08-29 16:36:09 +02:00
teutat3s
77b642f646
garage: increase nginx client_body_size to 64m
...
To make bigger garage uploads work well, avoiding error
HTTP 413 Entity Too Large
2024-08-29 16:24:32 +02:00
teutat3s
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
...
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s
e2ba1aacf4
mail: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
teutat3s
27dc20dd04
obs-portal: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket nachtigall-backups
2024-08-29 10:09:04 +02:00
teutat3s
a0fb6a60c3
Merge pull request 'devshell: add terraform-ls' ( #227 ) from terraform-devshell into main
...
Reviewed-on: pub-solar/infra#227
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:29 +00:00
teutat3s
d2389497c2
Merge pull request 'garage: initial cluster' ( #222 ) from garage-cluster into main
...
Reviewed-on: pub-solar/infra#222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
teutat3s
c056d9c35e
Merge pull request 'mediawiki: add backups' ( #225 ) from mediawiki-backups into main
...
Reviewed-on: pub-solar/infra#225
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:54:33 +00:00
teutat3s
4626fd85c0
mediawiki: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
teutat3s
c0a3d90d63
backups: add environmentFile option
2024-08-28 17:13:34 +02:00