Commit graph

169 commits

Author SHA1 Message Date
teutat3s 7e8f3c8cf5
fix: update forgejo-actions-runner token, use
docker image from https://git.pub.solar/pub-solar/actions-base-image
2023-12-29 19:26:43 +01:00
teutat3s afca5c3735
chore: bump Nextcloud to version 28 2023-12-28 17:38:41 +01:00
teutat3s a310b414f7
fix: update well-known for sliding-sync 2023-12-16 14:57:36 +01:00
teutat3s 768d4c78bc
fix: use nginx locations recommended by upstream
https://github.com/matrix-org/sliding-sync#same-hostname
2023-12-16 14:48:08 +01:00
teutat3s 14fa3fdec2
feat(matrix): enable sliding-sync
Sliding Sync is an implementation of MSC3575 and a prerequisite for
running the new (still beta) Element X clients (Element X iOS and
Element X Android).

https://github.com/matrix-org/sliding-sync
https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md
2023-12-16 13:53:34 +01:00
teutat3s d734adce58
fix: new Greenbaum mail server is mail.greenbaum.zone 2023-12-13 20:45:35 +01:00
teutat3s e3d4f61a42
feat(nachtigall): send logs to loki, https+basic auth
Use caddy as reverse proxy for loki on flora-6, add basic auth

Add promtail to nachtigall, push logs to flora-6
2023-12-13 19:18:56 +01:00
teutat3s 10bb3295de
fix: grafana editor role is unused for now 2023-12-13 17:52:01 +01:00
teutat3s e8cf4dceb0
fix(flora-6): allow traffic from br-+ interfaces 2023-12-13 17:51:34 +01:00
teutat3s 1b9a6bb0c2
fix: don't ignore interfaces that can change 2023-12-13 02:12:12 +01:00
teutat3s 219b67df20
fix: add 4 logs retention for loki 2023-12-13 02:12:12 +01:00
teutat3s 6c1fa290e8
feat(prometheus): add job to scrape nachtigall.pub.solar 2023-12-13 02:12:12 +01:00
teutat3s d5b59ea18a
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
2023-12-13 02:12:11 +01:00
teutat3s fdda65eea9
feat: init loki 2023-12-13 02:12:11 +01:00
teutat3s 0e290f080e
feat(grafana): provision node-exporter dashboard 2023-12-13 02:12:11 +01:00
teutat3s 6b15d72d85
fix: systemd-networkd-wait-online timing out 2023-12-13 02:12:11 +01:00
teutat3s 2f7eccc970
fix: grafana root_url needs https://, role mapping 2023-12-13 02:12:11 +01:00
teutat3s 8dc908aabd
feat(flora-6): init grafana + prometheus on
grafana.pub.solar
2023-12-13 02:12:10 +01:00
teutat3s 6bfeb835c2
fix: type INI atom (null, bool, int, float or string)
option `services.gitea.settings.webhook.ALLOWED_HOST_LIST' is not of
type `INI atom (null, bool, int, float or string)'
2023-12-08 17:37:28 +01:00
Benjamin Bädorf 97a592a53e
forgejo: allow webhooks to all pub.solar subdomains
This should fix the following error that was occuring while trying to post
notices to matrix channels:

```
Delivery: Put "https://matrix.pub.solar/_matrix/client/r0/rooms/[...]": dial tcp [::1]:443: webhook can only call allowed HTTP servers (check your webhook.ALLOWED_HOST_LIST setting), deny 'matrix.pub.solar([::1]:443)'
```
2023-12-08 17:12:02 +01:00
teutat3s a3ce107c73
Merge pull request 'feat: backup matrix-synapse, matrix-appservice-irc, mautrix-telegram to storagebox' (#76) from feat/matrix-backups into main
Reviewed-on: pub-solar/infra#76
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-08 15:36:10 +00:00
teutat3s caaab0e14d
fix: new Greenbaum mail server is mail.greenbaum.zone 2023-12-05 20:57:26 +01:00
teutat3s 3ac327a750
feat: backup matrix-synapse, matrix-appservice-irc,
mautrix-telegram to storagebox
2023-12-03 13:11:25 +01:00
Akshay Mankar 75270321d5
fix: Allow matrix-appservice-irc to chown things
@chown is part of @privileged. It is used by sed which is used to manage the
registration.yaml
2023-12-02 17:22:28 +01:00
teutat3s becaa9d649
fix: revert mautrix-telegram changes 2023-12-02 16:09:15 +01:00
teutat3s 37528c0874
fix: mautrix-telegram ExecStart missing \ 2023-12-02 15:44:40 +01:00
teutat3s 1cfe140e77
fix: mkForce mautrix-telegram ExecStart 2023-12-02 15:43:52 +01:00
teutat3s f911ac7bad
fix(matrix-synapse): needs to defince oidc extras
after NixOS module updates
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights
2023-12-02 15:35:02 +01:00
teutat3s 904a73b51d
fix(mautrix-telegram): should not try to update config
See: https://github.com/mautrix/python/pull/152
2023-12-02 15:33:58 +01:00
teutat3s 35a4ac5619
Merge pull request 'feat: NixOS 23.11 Tapir' (#74) from feat/nixos-23.11 into main
Reviewed-on: pub-solar/infra#74
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-02 12:53:18 +00:00
teutat3s 7cf6f51516
fix: nextcloud interned strings buffer defaults to 23 now 2023-12-02 11:58:48 +01:00
teutat3s 2ee4bc5682
feat: NixOS 23.11 Tapir
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights

Track nixos-23.11 branch, remove unstable overlays

This will update our services to the following versions:
nextcloud: 27.1.3 -> 27.1.4
forgejo: 1.20.5-0 -> 1.20.6-0
keycloak: 21.1.2 -> 22.0.5
matrix-synapse: 1.95.1 -> 1.97.0

Internal:
postgresql: 14.9 -> 15.5

Flake inputs diff:
• Updated input 'home-manager':
    'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d2332963662edffacfddfad59ff4f709dde80ffe' (2023-11-30)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
2023-12-02 11:13:56 +01:00
Benjamin Bädorf 1d3934693b
nextcloud: add skeleton directory that adds a good readme for new users
Co-authored-by: teutat3s <teutates@mailbox.org>
2023-12-02 11:11:16 +01:00
Akshay Mankar 2cbc46c154
matrix: Move the whole email section into the secret
Matrix doesn't deep merge the secrets, so this is necessary
2023-11-25 23:37:58 +01:00
teutat3s 9f633582d1
feat: add well-known for matrix support contacts 2023-11-25 14:28:23 +01:00
Akshay Mankar 8a2d946206
matrix: Use production domains 2023-11-19 18:17:58 +01:00
Akshay Mankar 35afcd9682
matrix: Make public rooms discoverable over federation 2023-11-19 18:12:08 +01:00
Akshay Mankar fe284a20d9
matrix: Fix typo 2023-11-19 18:12:08 +01:00
Akshay Mankar f0c3178b4d
matrix: Use greenbaum cloud for sending emails 2023-11-19 18:12:07 +01:00
Akshay Mankar 7fcefe4b85
matrix: Use chat.pub.solar as invite_client_location 2023-11-19 18:12:07 +01:00
Akshay Mankar 8a2f83c96a
nachtigall: Deploy coturn and configure matrix to use it 2023-11-19 18:08:15 +01:00
Akshay Mankar a2e7adbc79
element: Add themes 2023-11-19 16:03:24 +01:00
Akshay Mankar e12b3d5c40
matrix: Import config for IRC 2023-11-19 14:53:14 +01:00
teutat3s 7037abb8f3
fix: forgejo needs module from nixos-unstable
for SSH access
2023-11-19 02:23:34 +01:00
teutat3s 8bc731da6e
Merge pull request 'feat: backups to hetzner storagebox' (#66) from feat/backups-to-storagebox into main
Reviewed-on: pub-solar/infra#66
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:13:17 +00:00
teutat3s 40ed46b05b
Merge pull request 'feat: pull in forgejo + mastodon updates early' (#64) from feat/early-forgejo-mastodon-updates into main
Reviewed-on: pub-solar/infra#64
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:13:06 +00:00
teutat3s e41127593b
Merge pull request 'fix(nextcloud): push server is not a trusted proxy' (#62) from fix/nextcloud-trusted-proxies into main
Reviewed-on: pub-solar/infra#62
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:12:50 +00:00
teutat3s a461fc72f6
feat(backups): start backups in 5 minute interval 2023-11-18 22:41:48 +01:00
teutat3s 2195b7ed0a
feat: backups to hetzner storagebox 2023-11-18 22:30:23 +01:00
teutat3s 37176a52ce
feat: mastodon module updates from nixos-unstable
Pull in changes from https://github.com/NixOS/nixpkgs/pull/251950 early
2023-11-18 18:46:23 +01:00