pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity
729 commits 15 branches 0 tags 13 MiB
Commit graph

232 commits

Author SHA1 Message Date
teutat3s
7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into 
synapse now, update synapse config to use matrix-authentication-service
 2024-10-30 20:31:29 +01:00
b12f
041d311bb2
modules/matrix: rename used config options 2024-10-30 18:37:47 +01:00
teutat3s
9d9bcf9a15
mas: move to module, add secrets for prod 2024-10-30 18:37:46 +01:00
b12f
4434a90136
modules/matrix: rename secrets to not include hostnames 2024-10-30 18:37:46 +01:00
teutat3s
9d7d251369
style: fix formatting 2024-10-30 18:37:46 +01:00
teutat3s
7775ad332e
matrix: do not change paths for nachtigall secrets 2024-10-30 18:37:46 +01:00
teutat3s
d6cc9c8164
matrix-authentication-service: init host underground 
to test mas, related to #242
 2024-10-30 18:37:45 +01:00
teutat3s
987c0919ca
style: fix formatting 2024-10-17 20:31:47 +02:00
teutat3s
c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable 
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
 2024-10-17 20:31:47 +02:00
teutat3s
8600fc64c5
wireguard: fix trinkgenossin IPv4 address 2024-10-05 13:03:40 +02:00
b12f
1ec5bafa30
flora-6: remove 
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
 2024-09-10 16:02:24 +02:00
teutat3s
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall} 
To use a restic repository per host
 2024-08-29 16:22:58 +02:00
teutat3s
4626fd85c0
mediawiki: add backups to garage bucket + storagebox 
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
 2024-08-28 17:13:34 +02:00
teutat3s
88b76beb5c
keycloak: use backups module 
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-08-27 10:09:07 +02:00
teutat3s
a0b52d51e5
nachtigall: make postgres wait for zfs mount 
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-08-27 10:00:42 +02:00
teutat3s
af5abfc712
nachtigall: enable ZFS auto scrub once per month 2024-06-23 15:14:30 +02:00
teutat3s
6ea916603c
networking: set networking.domain in core module 2024-06-06 19:30:11 +02:00
teutat3s
941eff6d87
tankstelle: configure wireguard 2024-05-30 19:17:21 +02:00
teutat3s
0cb89a9fe8
fix: nachtigall wants keycloak 2024-05-15 19:20:06 +02:00
teutat3s
2ca0bd7c3e
style: run treefmt 2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf
ef94681e11
refactor: Move all apps into modules 2024-04-28 18:07:28 +02:00
Hendrik Sokolowski
10c86c6b20
nachtigall: obs-portal: remove tiles mount 2024-04-28 01:07:49 +02:00
Hendrik Sokolowski
1d6c5003e8
nachtigall: obs-portal: fix dependencies of docker network unit and portal 2024-04-28 01:05:43 +02:00
Benjamin Yule Bädorf
d280b29394
obs-portal: init obs-portal on nachtigall 
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md

Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.

The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
 2024-04-27 22:45:07 +02:00
teutat3s
2fa3ccf28e
Revert "matrix-appservice-irc: remove unneeded syscall override" 
This reverts commit a11255b433.
 2024-04-27 01:44:20 +02:00
teutat3s
a11255b433
matrix-appservice-irc: remove unneeded syscall override 
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
 2024-04-25 12:37:58 +02:00
Hendrik Sokolowski
a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3 2024-04-22 20:06:49 +02:00
teutat3s
c768203bed
nginx: set worker_processes to number of CPU cores 
and set worker_connections to 1024

https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
 2024-04-14 17:39:56 +02:00
teutat3s
b6a54efd9a
fix: add comment with hostnames to wireguard peers 2024-04-12 22:36:17 +02:00
Benjamin Yule Bädorf
7e145040cc
wireguard: use IP addresses for wireguard endpoints 
Otherwise the hostnames written to the /etc/hosts file are already
pointing at the wireguard IP-addresses, so they can never connect.
 2024-04-12 22:31:28 +02:00
Benjamin Yule Bädorf
316ba9ef53
forgejo: also reroute ssh traffic for ipv6 2024-04-12 19:38:15 +00:00
teutat3s
afca75441c
Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' (#142) from feat/forgejo-enable-search into main 
Reviewed-on: pub-solar/infra#142
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-04-06 16:07:42 +00:00
teutat3s
9698c47530
Merge pull request 'mastodon: clean media older than 7 days' (#143) from mastodon/auto-clean-7-days into main 
Reviewed-on: pub-solar/infra#143
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-04-06 16:07:34 +00:00
teutat3s
41e4d3427c
mastodon: clean media older than 7 days 
Currently we keep everything for 30 days, which is about 180GB
 2024-04-05 23:50:04 +02:00
teutat3s
c5159dd66d
forgejo: enable repo search (indexer), save login 
cookie for 365 days instead of default 7 days.
Caveat for the repo indexer is that repository size on disk will grow
by factor of 6. Forgejo repositories currently use 4.7GB on disk, with
3.3GB being a nixpkgs fork.
 2024-04-05 23:29:49 +02:00
Benjamin Yule Bädorf
16c6aa3b61
forgejo: make SSH keys declarative 2024-04-05 19:35:55 +00:00
teutat3s
315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' (#135) from chore/nextcloud-config-maintenance-window into main 
Reviewed-on: pub-solar/infra#135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-04-05 18:41:17 +00:00
Hendrik Sokolowski
b6b8d69852
nachtigall: forgejo: update firewall settings 2024-04-05 18:39:43 +02:00
Benjamin Yule Bädorf
e618b9f9c2
forgejo: use iptables routing instead of ssh patch 2024-04-05 17:00:28 +02:00
Benjamin Yule Bädorf
d7c9333ff4
forgejo: allow multiple host addresses for SSH 2024-04-05 14:26:56 +00:00
teutat3s
18a62b8d35
fix(nextcloud): define a maintenance window for 
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html

> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
 2024-04-05 16:23:16 +02:00
Benjamin Yule Bädorf
f7eaef0d18
wireguard: fix flora-6 address and private key 
Reviewed-on: pub-solar/infra#129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
 2024-04-05 11:26:38 +00:00
Benjamin Yule Bädorf
621e9336ed
wireguard: add basic keys 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf
9433a8aea7
mediawiki: update to v1.41.1 2024-03-30 00:10:09 +01:00
b12f
6aea728583
Merge branch 'main' into feat/security-txt 2024-03-25 15:38:30 +00:00
Benjamin Yule Bädorf
b9cffad02a
matrix: set forgotten_room_retention_period to 7d 
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.

The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
 2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf
2bb2247716
website: add security.txt 
Ref: pub-solar/legal#11
 2024-03-23 11:07:04 +01:00
teutat3s
c49ffb2d5b
fix: nginx duplicate default server 
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
 2024-02-25 23:02:00 +01:00
Benjamin Yule Bädorf
de04556191
nginx/miom: disable logging 2024-02-25 21:41:06 +00:00