pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity
402 commits 15 branches 0 tags 13 MiB
Commit graph

402 commits

This branch
This branch
All branches
Author SHA1 Message Date
Benjamin Yule Bädorf ad1ea4a49e
forgejo: run internal ssh server on port 22 
The system-wide SSH server was hidden behind a wireguard proxy for
security reasons, but since forgejo was using it, git pushes and pulls
got broken for people without wireguard access.

These config changes make sure forgejo starts its built-in SSH server
on port 22, which is then allowed to be accessed from the open internet
in the firewall config.
 2024-04-05 15:05:28 +02:00
b12f 2851273d18
Merge pull request 'security/close-ssh' (#128) from security/close-ssh into main 
Reviewed-on: pub-solar/infra#128
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 12:51:04 +00:00
Benjamin Yule Bädorf b1519c8f22
ssh: only allow ssh on wireguard interface 2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf f7eaef0d18
wireguard: fix flora-6 address and private key 
Reviewed-on: pub-solar/infra#129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
 2024-04-05 11:26:38 +00:00
b12f 51523439e7
Merge pull request 'feat/wireguard' (#126) from feat/wireguard into main 
Reviewed-on: pub-solar/infra#126
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 48845d6cf6
logins/wireguard: move teutat3s wireguard device 2024-04-05 11:09:31 +00:00
Hendrik Sokolowski c53adf51f7
logins: add judy for hensoko 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf a795f0824f
logins: fix admin login merging 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 83125ae472
logins: check for missing wireguard device attribute 2024-04-05 11:09:31 +00:00
teutat3s 147ed44b9a
wireguard: add dumpyourvms 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 621e9336ed
wireguard: add basic keys 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
b12f 6748e44824
Merge pull request 'chore: update element-desktop, matrix-synapse, nextcloud and misc' (#127) from chore/flake-updates into main 
Reviewed-on: pub-solar/infra#127
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 11:06:25 +00:00
teutat3s 815dccc0b4
chore: update flake inputs 
• Updated input 'agenix':
    'github:ryantm/agenix/8cb01a0e717311680e0cbca06a76cbceba6f3ed6' (2024-02-13)
  → 'github:ryantm/agenix/1381a759b205dff7a6818733118d02253340fd5e' (2024-04-02)
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
  → 'github:serokell/deploy-rs/88b3059b020da69cbe16526b8d639bd5e0b51c8b' (2024-04-01)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
  → 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
  → 'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
  → 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/bcc8afd06e237df060c85bad6af7128e05fd61a3' (2024-03-17)
  → 'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083' (2024-03-30)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/05f9464e282dee5a706273f50344a8201d8980b5' (2024-03-19)
  → 'github:srid/nixos-flake/7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5' (2024-03-25)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/fa9f817df522ac294016af3d40ccff82f5fd3a63' (2024-03-19)
  → 'github:nixos/nixpkgs/1487bdea619e4a7a53a4590c475deabb5a9d1bfb' (2024-04-03)
• Updated input 'unstable':
    'github:nixos/nixpkgs/b06025f1533a1e07b6db3e75151caa155d1c7eb3' (2024-03-19)
  → 'github:nixos/nixpkgs/fd281bd6b7d3e32ddfa399853946f782553163b5' (2024-04-03)
 2024-04-04 18:49:09 +02:00
b12f dda8ed6938
Merge pull request 'mediawiki: update to v1.41.1' (#125) from mediawiki/v1.41.1 into main 
Reviewed-on: pub-solar/infra#125
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-03-29 23:41:43 +00:00
Benjamin Yule Bädorf 9433a8aea7
mediawiki: update to v1.41.1 2024-03-30 00:10:09 +01:00
b12f 37ebcb3669
Merge pull request 'website: add security.txt' (#122) from feat/security-txt into main 
Reviewed-on: pub-solar/infra#122
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-25 16:26:17 +00:00
b12f 6aea728583
Merge branch 'main' into feat/security-txt 2024-03-25 15:38:30 +00:00
b12f a5e72f9cc7
Merge pull request 'matrix: set forgotten_room_retention_period to 7d' (#124) from matrix/room-retention-period into main 
Reviewed-on: pub-solar/infra#124
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-25 15:38:24 +00:00
Benjamin Yule Bädorf b9cffad02a
matrix: set forgotten_room_retention_period to 7d 
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.

The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
 2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf 2bb2247716
website: add security.txt 
Ref: pub-solar/legal#11
 2024-03-23 11:07:04 +01:00
teutat3s ef943f02e3
Merge pull request 'Update element-web, matrix-synapse' (#121) from chore/flake-updates into main 
Reviewed-on: pub-solar/infra#121
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-03-21 10:24:34 +00:00
teutat3s 45e91d7ef1
fix: drone port should bind to localhost 2024-03-21 10:44:40 +01:00
teutat3s e33529ad4b
chore: bump flake inputs 2024-03-21 10:44:16 +01:00
b12f 1f8e53053b
Merge pull request 'public-keys: update b12f ssh keys with new yubikeys' (#120) from b12f/public-keys-update into main 
Reviewed-on: pub-solar/infra#120
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-20 10:51:41 +00:00
Benjamin Yule Bädorf c8c10269c4
public-keys: update b12f ssh keys with new yubikeys 2024-03-20 11:27:23 +01:00
teutat3s 27116f053a
Merge pull request 'chore: updates for element-web, forgejo, mastodon, nextcloud' (#119) from chore/updates into main 
Reviewed-on: pub-solar/infra#119
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-03-05 22:38:52 +00:00
teutat3s b76b7821a7
chore: update flake inputs 
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/1776009f1f3fb2b5d236b84d9815f2edee463a9b' (2024-01-10)
  → 'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
  → 'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd' (2024-02-12)
  → 'github:lnl7/nix-darwin/daa03606dfb5296a22e842acb02b46c1c4e9f5e7' (2024-03-04)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/3891b2030114f8661402991eac9be0ed59f786ae' (2024-02-09)
  → 'github:srid/nixos-flake/50203d68b305abff2f29e555992eb55ddeffbcd5' (2024-02-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/617579a787259b9a6419492eaac670a5f7663917' (2024-03-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
  → 'github:nixos/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
• Removed input 'nixpkgs-head'
 2024-03-05 21:39:19 +01:00
teutat3s 14e689486b
Merge pull request 'fix: nginx duplicate default server' (#118) from fix/nginx-duplicate-default-server into main 
Reviewed-on: pub-solar/infra#118
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-25 22:07:52 +00:00
teutat3s c49ffb2d5b
fix: nginx duplicate default server 
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
 2024-02-25 23:02:00 +01:00
b12f aa607396e4
Merge pull request 'nginx/miom: init miom.space website' (#116) from feat/miom.space into main 
Reviewed-on: pub-solar/infra#116
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-02-25 21:42:03 +00:00
Benjamin Yule Bädorf de04556191
nginx/miom: disable logging 2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 0e89b7f210
nginx/miom: init miom.space website 
This adds an nginx configuration for https://miom.space/. MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.

This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.

On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
 2024-02-25 21:41:06 +00:00
b12f 1878595af2
Merge pull request 'nginx/pub.solar: disable logging for homepage' (#117) from privacy/website-no-logging into main 
Reviewed-on: pub-solar/infra#117
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-02-25 18:10:30 +00:00
Benjamin Yule Bädorf 24b77b6de5
nginx/pub.solar: disable logging for homepage 2024-02-25 18:51:24 +01:00
Akshay Mankar 50fa98eebb
Merge pull request 'security: Upgrade mastodon to 4.2.7' (#114) from mastodon-4.2.7 into main 
Reviewed-on: pub-solar/infra#114
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-16 13:47:58 +00:00
Akshay Mankar f7d7964299
security: Upgrade mastodon to 4.2.7 2024-02-16 13:22:39 +01:00
Akshay Mankar afcfb4fe0f
Merge pull request 'chore: nix flake update' (#113) from flake-update-16-02 into main 
Reviewed-on: pub-solar/infra#113
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-16 09:23:32 +00:00
Akshay Mankar bbc01be474
chore: nix flake update 2024-02-16 10:13:32 +01:00
teutat3s 0bf113e3a9
Merge pull request 'feat: init tmate-ssh-server' (#112) from feat/tmate into main 
Reviewed-on: pub-solar/infra#112
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
 2024-02-14 20:32:14 +00:00
teutat3s 842ec945f4
forgejo: appName option has been renamed 
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
 2024-02-07 19:02:04 +01:00
teutat3s d67190d175
feat: init tmate-ssh-server 
https://tmate.io
 2024-02-07 19:01:36 +01:00
teutat3s 840a250278
Merge pull request 'chore: update element-web, keycloak, matrix-synapse, nextcloud, misc' (#110) from chore/bump-flake-inputs into main 
Reviewed-on: pub-solar/infra#110
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-02-07 16:46:11 +00:00
teutat3s b54ff7d6bf
Merge pull request 'feat: use forgejo NixOS module with gitea user' (#111) from feat/forgejo-module into main 
Reviewed-on: pub-solar/infra#111
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-02-07 16:46:02 +00:00
teutat3s 700173a874
Merge pull request 'dns: add DKIM record to pub.solar domain' (#109) from feat/dkim into main 
Reviewed-on: pub-solar/infra#109
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2024-02-07 16:45:26 +00:00
teutat3s f43ba01ee6
feat: use forgejo NixOS module with gitea user 
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
 2024-02-06 12:19:45 +01:00
teutat3s fcc74784ea
fix: remove mastodon version 4.2.5 overlay 
It's now included in nixos-23.11
 2024-02-06 10:57:28 +01:00
teutat3s bf0ab84979
chore: bump flake inputs 
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/07f6395285469419cf9d078f59b5b49993198c00' (2024-01-11)
  → 'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9?dir=lib' (2023-12-30)
  → 'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19)
  → 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/00538eecf2d1a8f98a53a71c9c84f913003ec5e8' (2024-01-29)
  → 'github:lnl7/nix-darwin/bdbae6ecff8fcc322bf6b9053c0b984912378af7' (2024-02-02)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27)
  → 'github:nixos/nixpkgs/9f2ee8c91ac42da3ae6c6a1d21555f283458247e' (2024-02-05)
• Updated input 'unstable':
    'github:nixos/nixpkgs/ae5c332cbb5827f6b1f02572496b141021de335f' (2024-01-25)
  → 'github:nixos/nixpkgs/faf912b086576fd1a15fca610166c98d47bc667e' (2024-02-05)
 2024-02-06 10:56:56 +01:00
teutat3s 4f558e8a9b
dns: add DKIM record 2024-02-05 22:27:34 +01:00
teutat3s 0deb8eb6be
Merge pull request 'security: update mastodon to 4.2.5' (#108) from security/mastodon-4.2.5 into main 
Reviewed-on: pub-solar/infra#108
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-01 17:11:05 +00:00