teutat3s
df2f0d4442
flake: refactor, bye srid
...
Refactor flake to work without nixos-flake and use native NixOS module
system. This is because of recent changes to nixos-flake, like renaming it
to nixos-unified and changing the API without a changelog or guide how
to update.
2024-10-05 14:03:40 +02:00
teutat3s
8c8a757f8f
garage: update to 1.0.1
...
https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.1
2024-10-05 13:03:40 +02:00
teutat3s
8600fc64c5
wireguard: fix trinkgenossin IPv4 address
2024-10-05 13:03:40 +02:00
teutat3s
37f210c96f
security: add libolm to permittedInsecurePackages
2024-10-05 13:03:40 +02:00
teutat3s
d675fd8d00
flake.lock: Update
...
Flake lock file updates:
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12)
→ 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76' (2024-09-27)
• Updated input 'disko':
'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22)
→ 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
→ 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'flake-parts/nixpkgs-lib':
'a5d394176e
.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
→ 'fb192fec7c
.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
• Updated input 'home-manager':
'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
→ 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
→ 'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/5734c1d9a5fe0bc8e8beaf389ad6227392ca0108' (2024-07-16)
→ 'github:srid/nixos-flake/47a26bc9118d17500bbe0c4adb5ebc26f776cc36' (2024-10-04)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21)
→ 'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
• Updated input 'unstable':
'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
→ 'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
2024-10-05 13:02:20 +02:00
teutat3s
2e5a7bea4b
Merge pull request 'flora-6: remove' ( #234 ) from remove-flora-6-sad-face into main
...
Reviewed-on: pub-solar/infra#234
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-09-10 15:58:58 +00:00
b12f
4831430455
chore: run nix fmt
2024-09-10 16:02:26 +02:00
teutat3s
663ef8feb1
alerts: fix condition
2024-09-10 16:02:26 +02:00
teutat3s
63fa03e971
alerts.pub.solar: use DNS challenge for cert
2024-09-10 16:02:26 +02:00
teutat3s
faa71b7797
alerts: add check for healthy garage cluster
2024-09-10 16:02:26 +02:00
teutat3s
21a1ae15cb
trinkgenossin: fix duplicate promtail, prometheus-exporter
2024-09-10 16:02:26 +02:00
teutat3s
19723f3812
monitoring: add prometheus-exporter, promtail to
...
delite, blue-shell
add instance labels to garage scrape jobs
2024-09-10 16:02:26 +02:00
teutat3s
ec5e9896fd
delite: use static IP in initrd, DHCP not working
2024-09-10 16:02:25 +02:00
teutat3s
47b076e0a6
loki: store logs in /var/lib/loki
2024-09-10 16:02:25 +02:00
teutat3s
02a146c507
dns: switch to opentofu + terraform-backend-git,
...
use opentofu encrypted state feature
https://opentofu.org/docs/language/state/encryption/#new-project
2024-09-10 16:02:25 +02:00
teutat3s
7e48428fb9
dns: remove old, unused DKIM key
...
We have our own mailserver now
2024-09-10 16:02:25 +02:00
teutat3s
f4f6c14faa
flake: remove triton-vmtools, no longer needed
...
It was only used on flora-6
2024-09-10 16:02:25 +02:00
b12f
1ec5bafa30
flora-6: remove
...
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s
02629598aa
Merge pull request 'obs-portal: fix backups, docker command does not need a TTY' ( #233 ) from obs-backup-fix into main
...
Reviewed-on: pub-solar/infra#233
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-09-09 15:43:14 +00:00
teutat3s
44f708ec76
obs-portal: run backups 1h later to avoid lock conflict
2024-09-09 17:28:57 +02:00
teutat3s
cd82b83427
obs-portal: fix backups, docker command does not
...
need a TTY
2024-08-31 22:05:11 +02:00
teutat3s
2d94ed5a0d
Merge pull request 'obs-portal: add backups' ( #228 ) from obs-portal-backups into main
...
Reviewed-on: pub-solar/infra#228
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:43:10 +00:00
teutat3s
83e4bcd2df
Merge pull request 'mail: add backups' ( #226 ) from mail-backups into main
...
Reviewed-on: pub-solar/infra#226
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:39:25 +00:00
teutat3s
09804f5c25
docs: how-to add backups for new hosts
2024-08-29 16:36:11 +02:00
teutat3s
2eb54a331e
backups: add storagebox to programs.ssh.knownHosts
2024-08-29 16:36:09 +02:00
teutat3s
77b642f646
garage: increase nginx client_body_size to 64m
...
To make bigger garage uploads work well, avoiding error
HTTP 413 Entity Too Large
2024-08-29 16:24:32 +02:00
teutat3s
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
...
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s
e2ba1aacf4
mail: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
teutat3s
27dc20dd04
obs-portal: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket nachtigall-backups
2024-08-29 10:09:04 +02:00
teutat3s
a0fb6a60c3
Merge pull request 'devshell: add terraform-ls' ( #227 ) from terraform-devshell into main
...
Reviewed-on: pub-solar/infra#227
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:29 +00:00
teutat3s
d2389497c2
Merge pull request 'garage: initial cluster' ( #222 ) from garage-cluster into main
...
Reviewed-on: pub-solar/infra#222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
teutat3s
c056d9c35e
Merge pull request 'mediawiki: add backups' ( #225 ) from mediawiki-backups into main
...
Reviewed-on: pub-solar/infra#225
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:54:33 +00:00
teutat3s
4626fd85c0
mediawiki: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
teutat3s
c0a3d90d63
backups: add environmentFile option
2024-08-28 17:13:34 +02:00
teutat3s
1d92ef53ca
backups: storeName -> repoName
2024-08-28 17:13:33 +02:00
teutat3s
751d82f7e3
backups: rename pub-solar-os.backups.backups -> pub-solar-os.backups.restic
2024-08-28 17:12:22 +02:00
teutat3s
fb8ee1278a
Merge pull request 'feat/tests' ( #224 ) from feat/tests into main
...
Reviewed-on: pub-solar/infra#224
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-08-27 10:45:56 +00:00
teutat3s
66ed87e666
ci: avoid garbage collection of checks
2024-08-27 12:37:37 +02:00
teutat3s
88b76beb5c
keycloak: use backups module
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:09:07 +02:00
teutat3s
e857c6198b
modules/backup: init
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:04:10 +02:00
teutat3s
998cf4c63d
website: force HTTPS
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:03:43 +02:00
teutat3s
a0b52d51e5
nachtigall: make postgres wait for zfs mount
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
teutat3s
701c62dd69
tests: create keycloak test, add working test for website
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 09:55:25 +02:00
teutat3s
711347abe6
docs: add how-to create garage bucket + key
...
add new hosts to WireGuard example config
2024-08-26 11:56:45 +02:00
teutat3s
13bf3f5beb
docs: SSH to trinkgenossin for garage command
2024-08-25 03:27:42 +02:00
teutat3s
f639fbe050
devshell: add terraform-ls
2024-08-25 02:37:36 +02:00
teutat3s
f236962e17
garage: add monitoring, connect to grafana + loki
...
https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
2024-08-25 00:18:09 +02:00
teutat3s
d32abd7a7f
wireguard: add trinkgenossin, delite, blue-shell
2024-08-25 00:13:53 +02:00
teutat3s
15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy
...
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
2024-08-24 21:48:48 +02:00
teutat3s
b0790876ec
style: format using nixfmt-rfc-style
2024-08-24 17:39:49 +02:00