teutat3s
ddc5c65bf7
chore: bump flake inputs
...
• Updated input 'home-manager':
'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff?narHash=sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ%3D' (2024-04-06)
→ 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411?narHash=sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM%3D' (2024-04-25)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed?narHash=sha256-olEWxacm1xZhAtpq%2BZkEyQgR4zgfE7ddpNtZNvubi3g%3D' (2024-04-19)
→ 'github:lnl7/nix-darwin/230a197063de9287128e2c68a7a4b0cd7d0b50a7?narHash=sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8%3D' (2024-04-24)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/bc194f70731cc5d2b046a6c1b3b15f170f05999c?narHash=sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo%3D' (2024-04-19)
→ 'github:nixos/nixpkgs/dd37924974b9202f8226ed5d74a252a9785aedf8?narHash=sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds%3D' (2024-04-24)
• Updated input 'unstable':
'github:nixos/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f?narHash=sha256-XtTSSIB2DA6tOv%2Bl0FhvfDMiyCmhoRbNB%2B0SeInZkbk%3D' (2024-04-19)
→ 'github:nixos/nixpkgs/572af610f6151fd41c212f897c71f7056e3fb518?narHash=sha256-cfh1hi%2B6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U%3D' (2024-04-23)
2024-04-25 19:21:05 +02:00
teutat3s
a11255b433
matrix-appservice-irc: remove unneeded syscall override
...
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
2024-04-25 12:37:58 +02:00
teutat3s
d62b6cda92
Merge pull request 'ci: update forgejo runner to fix cache' ( #152 ) from ci/update-forgejo-runner into main
...
Reviewed-on: pub-solar/infra#152
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-23 18:18:39 +00:00
teutat3s
c580fe0fbb
ci: prevent flake inputs from GC as well
2024-04-23 19:10:20 +02:00
teutat3s
60aef1d038
ci: prevent nix garbage collection
2024-04-23 16:00:16 +02:00
teutat3s
fa9ce9d435
gitea-actions-runner: don't run as systemd DynamicUser
...
to enable usage of cache outside of /var/lib/private
2024-04-23 15:42:33 +02:00
teutat3s
9541e5029e
flora-6: move forgejo-runner cache directory to /data
2024-04-23 15:12:11 +02:00
teutat3s
c4d0d34807
ci: revert cache-nix-action to version 4.0.3
2024-04-23 15:12:06 +02:00
teutat3s
d5fe65b60d
ci: disable cachix daemon, spams logs with
...
[2024-04-22 23:46:26][Info] Skipping /nix/store/w2zp8k8yy2avv5r92w0cpq9aixkir2sp-LocalSettings.php
...
2024-04-23 15:11:59 +02:00
teutat3s
0e7dc95250
ci: remove broken purge config from check workflow
2024-04-23 01:42:04 +02:00
teutat3s
c86e22b292
ci: update forgejo-runner to version 3.4.1
...
https://github.com/NixOS/nixpkgs/pull/301383
2024-04-23 00:38:53 +02:00
Hendrik Sokolowski
4992819742
Merge pull request 'set pruneOpts for restic backups to daily 7, weekly 4, monthly 3' ( #151 ) from feature/restic-backup-retention into main
...
Reviewed-on: pub-solar/infra#151
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-04-22 19:38:21 +00:00
Hendrik Sokolowski
a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3
2024-04-22 20:06:49 +02:00
teutat3s
e8530caf1d
Merge pull request 'ci: update nix-quick-install-action, cache-nix-action, cachix-action' ( #150 ) from chore-update-ci into main
...
Reviewed-on: pub-solar/infra#150
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-22 15:19:36 +00:00
teutat3s
7c492e7391
Merge pull request 'chore: forgejo security update, update matrix-synapse et al.' ( #149 ) from chore-update-flake into main
...
Reviewed-on: pub-solar/infra#149
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-22 15:18:33 +00:00
teutat3s
a0c6f0dc08
ci: fix cache-nix-action, use new config syntax
2024-04-21 20:17:03 +02:00
teutat3s
46c7c9ecb1
ci: update nix-quick-install-action, cache-nix-action,
...
cachix-action
2024-04-21 19:58:58 +02:00
teutat3s
fb4004e9f0
chore: update flake inputs
...
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083?narHash=sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/%2BYZOq3sKviI%3D' (2024-03-30)
→ 'github:lnl7/nix-darwin/9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed?narHash=sha256-olEWxacm1xZhAtpq%2BZkEyQgR4zgfE7ddpNtZNvubi3g%3D' (2024-04-19)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/90055d5e616bd943795d38808c94dbf0dd35abe8?narHash=sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib%2B8%3D' (2024-04-13)
→ 'github:nixos/nixpkgs/bc194f70731cc5d2b046a6c1b3b15f170f05999c?narHash=sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo%3D' (2024-04-19)
• Updated input 'unstable':
'github:nixos/nixpkgs/cfd6b5fc90b15709b780a5a1619695a88505a176?narHash=sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM%3D' (2024-04-12)
→ 'github:nixos/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f?narHash=sha256-XtTSSIB2DA6tOv%2Bl0FhvfDMiyCmhoRbNB%2B0SeInZkbk%3D' (2024-04-19)
2024-04-21 19:28:02 +02:00
teutat3s
3030b0f84d
Merge pull request 'flora-6: add wg-ssh to ignored systemd-wait-online interfaces' ( #148 ) from flora-6/fix-network-wait-online into main
...
Reviewed-on: pub-solar/infra#148
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-14 21:53:33 +00:00
teutat3s
c07d24f6a7
flora-6: add wg-ssh to ignored interfaces
...
for systemd-wait-online to start successfully
2024-04-14 23:22:53 +02:00
teutat3s
0f297c4711
Merge pull request 'chore: security update PHP, update element-web, misc updates' ( #147 ) from chore-update-flake into main
...
Reviewed-on: pub-solar/infra#147
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-14 20:29:39 +00:00
teutat3s
679d9b236f
Merge pull request 'nginx: set worker_processes to number of CPU cores' ( #146 ) from feat/nginx-tuning into main
...
Reviewed-on: pub-solar/infra#146
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-14 20:22:08 +00:00
teutat3s
78d5e5a4f0
chore: update flake inputs
...
❯ nix store diff-closures $OLD_CLOSURE $NEW_CLOSURE
cpupower: 6.1.84 → 6.1.86
element-web: 1.11.63 → 1.11.64, +148.0 KiB
element-web-wrapped: 1.11.63 → 1.11.64
initrd-linux: 6.1.84 → 6.1.86
linux: 6.1.84, 6.1.84-modules → 6.1.86, 6.1.86-modules, +24.3 KiB
linux-firmware: 20240312 → 20240410, +493.3 KiB
nixos-system-nachtigall: 23.11.20240410.b2cf36f → 23.11.20240413.90055d5
owncast: 0.1.2 → 0.1.3, -376.1 KiB
php: 8.2.17 → 8.2.18
php-bcmath: 8.2.17 → 8.2.18
php-bz2: 8.2.17 → 8.2.18
php-calendar: 8.2.17 → 8.2.18
php-ctype: 8.2.17 → 8.2.18
php-curl: 8.2.17 → 8.2.18
php-dom: 8.2.17 → 8.2.18
php-exif: 8.2.17 → 8.2.18
php-extra-init: 8.2.17.ini → 8.2.18.ini
php-fileinfo: 8.2.17 → 8.2.18
php-filter: 8.2.17 → 8.2.18
php-ftp: 8.2.17 → 8.2.18
php-gd: 8.2.17 → 8.2.18
php-gettext: 8.2.17 → 8.2.18
php-gmp: 8.2.17 → 8.2.18
php-iconv: 8.2.17 → 8.2.18
php-imap: 8.2.17 → 8.2.18
php-intl: 8.2.17 → 8.2.18
php-ldap: 8.2.17 → 8.2.18
php-mbstring: 8.2.17 → 8.2.18
php-mysqli: 8.2.17 → 8.2.18
php-mysqlnd: 8.2.17 → 8.2.18
php-opcache: 8.2.17 → 8.2.18
php-openssl: 8.2.17 → 8.2.18
php-pcntl: 8.2.17 → 8.2.18
php-pdo: 8.2.17 → 8.2.18
php-pdo_mysql: 8.2.17 → 8.2.18
php-pdo_odbc: 8.2.17 → 8.2.18
php-pdo_pgsql: 8.2.17 → 8.2.18
php-pdo_sqlite: 8.2.17 → 8.2.18
php-pgsql: 8.2.17 → 8.2.18
php-posix: 8.2.17 → 8.2.18
php-readline: 8.2.17 → 8.2.18
php-session: 8.2.17 → 8.2.18
php-simplexml: 8.2.17 → 8.2.18
php-soap: 8.2.17 → 8.2.18
php-sockets: 8.2.17 → 8.2.18
php-sodium: 8.2.17 → 8.2.18
php-sqlite3: 8.2.17 → 8.2.18
php-sysvsem: 8.2.17 → 8.2.18
php-tokenizer: 8.2.17 → 8.2.18
php-with-extensions: 8.2.17 → 8.2.18
php-xmlreader: 8.2.17 → 8.2.18
php-xmlwriter: 8.2.17 → 8.2.18
php-zip: 8.2.17 → 8.2.18
php-zlib: 8.2.17 → 8.2.18
searxng: ∅ → 0-unstable-2024-03-08, +15337.5 KiB
searxng-unstable: 2023-10-31 → ∅, -14965.6 KiB
source: +470.3 KiB
uwsgi: 2.0.23 → 2.0.24
zfs-kernel: 2.2.3-6.1.84 → 2.2.3-6.1.86
2024-04-14 22:09:37 +02:00
teutat3s
c768203bed
nginx: set worker_processes to number of CPU cores
...
and set worker_connections to 1024
https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
2024-04-14 17:39:56 +02:00
teutat3s
b0c466869e
Merge pull request 'wireguard: use IP addresses for wireguard endpoints' ( #145 ) from fix/use-ip-for-wireguard into main
...
Reviewed-on: pub-solar/infra#145
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-04-12 20:40:39 +00:00
teutat3s
b6a54efd9a
fix: add comment with hostnames to wireguard peers
2024-04-12 22:36:17 +02:00
Benjamin Yule Bädorf
7e145040cc
wireguard: use IP addresses for wireguard endpoints
...
Otherwise the hostnames written to the /etc/hosts file are already
pointing at the wireguard IP-addresses, so they can never connect.
2024-04-12 22:31:28 +02:00
b12f
9d94b888ae
Merge pull request 'networking: add wireguard hosts to /etc/hosts' ( #144 ) from wireguard/add-etc-hosts into main
...
Reviewed-on: pub-solar/infra#144
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-12 19:54:09 +00:00
teutat3s
8a9fe3b8fe
chore: update flake inputs
...
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/d272ca50d1f7424fbfcd1e6f1c9e01d92f6da167' (2024-04-08)
→ 'github:nixos/nixpkgs/b2cf36f43f9ef2ded5711b30b1f393ac423d8f72' (2024-04-10)
• Updated input 'unstable':
'github:nixos/nixpkgs/4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6' (2024-04-08)
→ 'github:nixos/nixpkgs/1042fd8b148a9105f3c0aca3a6177fd1d9360ba5' (2024-04-10)
2024-04-12 19:54:09 +00:00
teutat3s
8743ea7b0c
networking: add wireguard hosts to /etc/hosts
...
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 19:54:09 +00:00
b12f
8743b50f7f
Merge pull request 'forgejo: also reroute ssh traffic for ipv6' ( #139 ) from forgejo/reroute-ssh-ipv6 into main
...
Reviewed-on: pub-solar/infra#139
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-12 19:38:15 +00:00
Benjamin Yule Bädorf
316ba9ef53
forgejo: also reroute ssh traffic for ipv6
2024-04-12 19:38:15 +00:00
teutat3s
afca75441c
Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' ( #142 ) from feat/forgejo-enable-search into main
...
Reviewed-on: pub-solar/infra#142
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:42 +00:00
teutat3s
9698c47530
Merge pull request 'mastodon: clean media older than 7 days' ( #143 ) from mastodon/auto-clean-7-days into main
...
Reviewed-on: pub-solar/infra#143
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:34 +00:00
teutat3s
ccb029dde3
Merge pull request 'wireguard: add ryzensun to teutat3s' hosts' ( #141 ) from wireguard/add-ryzensun-host into main
...
Reviewed-on: pub-solar/infra#141
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-06 16:07:21 +00:00
teutat3s
41e4d3427c
mastodon: clean media older than 7 days
...
Currently we keep everything for 30 days, which is about 180GB
2024-04-05 23:50:04 +02:00
teutat3s
16e9d476cb
Merge pull request 'docs: include notes regarding rollback in deploy docs, misc updates' ( #140 ) from docs/update-deployment-docs into main
...
Reviewed-on: pub-solar/infra#140
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 21:39:46 +00:00
teutat3s
3caf085d0b
wireguard: add ryzensun to teutat3s' hosts
2024-04-05 23:32:59 +02:00
teutat3s
c5159dd66d
forgejo: enable repo search (indexer), save login
...
cookie for 365 days instead of default 7 days.
Caveat for the repo indexer is that repository size on disk will grow
by factor of 6. Forgejo repositories currently use 4.7GB on disk, with
3.3GB being a nixpkgs fork.
2024-04-05 23:29:49 +02:00
teutat3s
b27f8c1380
docs: include notes regarding rollback in deploy
...
docs, misc updates
2024-04-05 23:03:43 +02:00
b12f
76ca43142a
Merge pull request 'forgejo: make SSH keys declarative' ( #138 ) from forgejo/ssh-keys-declarative into main
...
Reviewed-on: pub-solar/infra#138
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 19:35:55 +00:00
Benjamin Yule Bädorf
16c6aa3b61
forgejo: make SSH keys declarative
2024-04-05 19:35:55 +00:00
teutat3s
315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' ( #135 ) from chore/nextcloud-config-maintenance-window into main
...
Reviewed-on: pub-solar/infra#135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 18:41:17 +00:00
b12f
9191729f5c
Merge pull request 'nachtigall: forgejo: update firewall settings' ( #137 ) from fix/git-forgejo-open-service-port-in-firewall into main
...
Reviewed-on: pub-solar/infra#137
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 16:51:36 +00:00
Hendrik Sokolowski
b6b8d69852
nachtigall: forgejo: update firewall settings
2024-04-05 18:39:43 +02:00
b12f
4380c3b0ab
Merge pull request 'forgejo: use iptables routing instead of ssh patch' ( #136 ) from fix/forgejo-ssh-again into main
...
Reviewed-on: pub-solar/infra#136
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 15:26:10 +00:00
Benjamin Yule Bädorf
e618b9f9c2
forgejo: use iptables routing instead of ssh patch
2024-04-05 17:00:28 +02:00
b12f
ae0c90e4f8
Merge pull request 'forgejo: allow multiple host addresses for SSH' ( #133 ) from fix/forgejo-multi-host into main
...
Reviewed-on: pub-solar/infra#133
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-04-05 14:27:03 +00:00
Benjamin Yule Bädorf
d7c9333ff4
forgejo: allow multiple host addresses for SSH
2024-04-05 14:26:56 +00:00
teutat3s
18a62b8d35
fix(nextcloud): define a maintenance window for
...
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html
> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
2024-04-05 16:23:16 +02:00