pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity
717 commits 15 branches 0 tags 13 MiB
Commit graph

717 commits

This branch
This branch
All branches
Author SHA1 Message Date
teutat3s 9d9bcf9a15
mas: move to module, add secrets for prod 2024-10-30 18:37:46 +01:00
b12f 4434a90136
modules/matrix: rename secrets to not include hostnames 2024-10-30 18:37:46 +01:00
teutat3s 472f9aa68b
dns: list.pub.solar should be A / AAAA records 2024-10-30 18:37:46 +01:00
teutat3s c9c2d06a98
dns: add CNAME record for mas.pub.solar 2024-10-30 18:37:46 +01:00
teutat3s 8244e605b6
fix: passkey support in pub.solar keycloak theme 2024-10-30 18:37:46 +01:00
teutat3s 9d7d251369
style: fix formatting 2024-10-30 18:37:46 +01:00
teutat3s 7775ad332e
matrix: do not change paths for nachtigall secrets 2024-10-30 18:37:46 +01:00
teutat3s d6cc9c8164
matrix-authentication-service: init host underground 
to test mas, related to #242
 2024-10-30 18:37:45 +01:00
teutat3s 4c51eda8b6
Merge pull request 'modules/tt-rss: pin on revision' (#253) from update-tt-rss into main 
Reviewed-on: pub-solar/infra#253
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-10-30 17:37:10 +00:00
b12f 471d7650ff
modules/tt-rss: pin on revision 2024-10-30 18:35:18 +01:00
teutat3s 9cc50ed678
Merge pull request 'maintenance: updates for mastodon, matrix-synapse' (#249) from flake-updates-2024-10-24 into main 
Reviewed-on: pub-solar/infra#249
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 16:16:06 +00:00
teutat3s 870e81ee4c
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
  → 'github:nix-community/disko/09a776702b004fdf9c41a024e1299d575ee18a7d' (2024-10-23)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
  → 'github:lnl7/nix-darwin/04193f188e4144d7047f83ad1de81d6034d175cd' (2024-10-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
  → 'github:nixos/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
  → 'github:nixos/nixpkgs/2768c7d042a37de65bb1b5b3268fc987e534c49d' (2024-10-23)
 2024-10-24 14:53:39 +02:00
teutat3s cef7a561f3
Merge pull request 'garage: fix wildcard DNS cert renewal with wildcard CNAME records' (#245) from fix-dns-cert-renewal into main 
Reviewed-on: pub-solar/infra#245
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 12:51:41 +00:00
teutat3s 281701b7b6
Merge pull request 'docs: fix IP for keycloak admin API' (#247) from update-docs into main 
Reviewed-on: pub-solar/infra#247
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 12:51:31 +00:00
teutat3s 90bbaad7b7
Merge pull request 'trinkgenossin: fix network in initrd' (#244) from trinkgenossin-remote-luks into main 
Reviewed-on: pub-solar/infra#244
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-24 12:51:18 +00:00
teutat3s 633f0a4402
docs: fix IP for keycloak admin API 2024-10-23 20:28:55 +02:00
teutat3s 9758aeda5d
garage: fix wildcard DNS cert renewal with wildcard 
CNAME records

By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
 2024-10-23 20:18:57 +02:00
teutat3s 2c29d27ce7
style: remove redundant brackets 2024-10-23 20:18:03 +02:00
teutat3s 31a885926b
trinkgenossin: fix network in initrd, virtio_net 
kernel module was missing. Also this is a QEMU host, hyperV is not
required.
 2024-10-23 20:17:32 +02:00
teutat3s 0ae6bc637b
Merge pull request 'mastodon: host media files on pub.solar garage cluster' (#239) from mastodon-media-on-garage into main 
Reviewed-on: pub-solar/infra#239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-23 15:24:28 +00:00
teutat3s 5300f381b0
nginx: use safer request_uri variable 
Fix >> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
 2024-10-17 21:15:57 +02:00
teutat3s 8a18ee452b
garage: fix s3_api root_domain 2024-10-17 21:15:57 +02:00
teutat3s 666de2c8f4
mastodon: switch files.pub.solar from storj to garage 
s3 backend
 2024-10-17 21:15:55 +02:00
teutat3s b1391521b9
Merge pull request 'maintenance: update element-web, keycloak, mastodon, nextcloud' (#240) from flake-updates into main 
Reviewed-on: pub-solar/infra#240
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-17 19:12:37 +00:00
teutat3s 987c0919ca
style: fix formatting 2024-10-17 20:31:47 +02:00
teutat3s c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable 
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
 2024-10-17 20:31:47 +02:00
teutat3s 3943f34c92
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
  → 'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
  → 'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
  → 'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
• Updated input 'unstable':
    'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
  → 'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
 2024-10-17 20:31:17 +02:00
b12f e85807a29b
Merge pull request 'nextcloud: docs how to get debug logs' (#238) from nextcloud-fix-logs into main 
Reviewed-on: pub-solar/infra#238
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-10-16 15:29:26 +00:00
teutat3s c53d48384a
nextcloud: document how to get debugging logs 2024-10-16 17:19:49 +02:00
teutat3s 9579f6adde
Merge pull request 'logins: add teutat3s secondary SSH public key' (#237) from teutat3s-add-ssh into main 
Reviewed-on: pub-solar/infra#237
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-08 22:09:53 +00:00
teutat3s 01ca3b21c2
Merge pull request 'mastodon: actually use opensearch via module option' (#236) from mastodon-full-text-search into main 
Reviewed-on: pub-solar/infra#236
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-10-08 21:03:39 +00:00
teutat3s d085e49925
logins: add teutat3s secondary SSH public key 2024-10-08 19:10:20 +02:00
teutat3s 092a45e3bd
mastodon: actually use opensearch via module option 2024-10-08 19:09:17 +02:00
teutat3s a8d865bbca
Merge pull request 'maintenance updates for element-web, forgejo, mastodon, matrix-synapse, nextcloud and others' (#235) from flake-updates into main 
Reviewed-on: pub-solar/infra#235
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
 2024-10-05 12:30:07 +00:00
teutat3s df2f0d4442
flake: refactor, bye srid 
Refactor flake to work without nixos-flake and use native NixOS module
system. This is because of recent changes to nixos-flake, like renaming it
to nixos-unified and changing the API without a changelog or guide how
to update.
 2024-10-05 14:03:40 +02:00
teutat3s 8c8a757f8f
garage: update to 1.0.1 
https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.1
 2024-10-05 13:03:40 +02:00
teutat3s 8600fc64c5
wireguard: fix trinkgenossin IPv4 address 2024-10-05 13:03:40 +02:00
teutat3s 37f210c96f
security: add libolm to permittedInsecurePackages 2024-10-05 13:03:40 +02:00
teutat3s d675fd8d00
flake.lock: Update 
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12)
  → 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76' (2024-09-27)
• Updated input 'disko':
    'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22)
  → 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
  → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'a5d394176e.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
  → 'fb192fec7c.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
  → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
  → 'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/5734c1d9a5fe0bc8e8beaf389ad6227392ca0108' (2024-07-16)
  → 'github:srid/nixos-flake/47a26bc9118d17500bbe0c4adb5ebc26f776cc36' (2024-10-04)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21)
  → 'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
  → 'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
 2024-10-05 13:02:20 +02:00
teutat3s 2e5a7bea4b
Merge pull request 'flora-6: remove' (#234) from remove-flora-6-sad-face into main 
Reviewed-on: pub-solar/infra#234
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-09-10 15:58:58 +00:00
b12f 4831430455
chore: run nix fmt 2024-09-10 16:02:26 +02:00
teutat3s 663ef8feb1
alerts: fix condition 2024-09-10 16:02:26 +02:00
teutat3s 63fa03e971
alerts.pub.solar: use DNS challenge for cert 2024-09-10 16:02:26 +02:00
teutat3s faa71b7797
alerts: add check for healthy garage cluster 2024-09-10 16:02:26 +02:00
teutat3s 21a1ae15cb
trinkgenossin: fix duplicate promtail, prometheus-exporter 2024-09-10 16:02:26 +02:00
teutat3s 19723f3812
monitoring: add prometheus-exporter, promtail to 
delite, blue-shell

add instance labels to garage scrape jobs
 2024-09-10 16:02:26 +02:00
teutat3s ec5e9896fd
delite: use static IP in initrd, DHCP not working 2024-09-10 16:02:25 +02:00
teutat3s 47b076e0a6
loki: store logs in /var/lib/loki 2024-09-10 16:02:25 +02:00
teutat3s 02a146c507
dns: switch to opentofu + terraform-backend-git, 
use opentofu encrypted state feature

https://opentofu.org/docs/language/state/encryption/#new-project
 2024-09-10 16:02:25 +02:00
teutat3s 7e48428fb9
dns: remove old, unused DKIM key 
We have our own mailserver now
 2024-09-10 16:02:25 +02:00