Benjamin Yule Bädorf
d280b29394
obs-portal: init obs-portal on nachtigall
...
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md
Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.
The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-27 22:45:07 +02:00
teutat3s
2fa3ccf28e
Revert "matrix-appservice-irc: remove unneeded syscall override"
...
This reverts commit a11255b433
.
2024-04-27 01:44:20 +02:00
teutat3s
a11255b433
matrix-appservice-irc: remove unneeded syscall override
...
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
2024-04-25 12:37:58 +02:00
Hendrik Sokolowski
a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3
2024-04-22 20:06:49 +02:00
teutat3s
c768203bed
nginx: set worker_processes to number of CPU cores
...
and set worker_connections to 1024
https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
2024-04-14 17:39:56 +02:00
Benjamin Yule Bädorf
316ba9ef53
forgejo: also reroute ssh traffic for ipv6
2024-04-12 19:38:15 +00:00
teutat3s
afca75441c
Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' ( #142 ) from feat/forgejo-enable-search into main
...
Reviewed-on: pub-solar/infra#142
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:42 +00:00
teutat3s
9698c47530
Merge pull request 'mastodon: clean media older than 7 days' ( #143 ) from mastodon/auto-clean-7-days into main
...
Reviewed-on: pub-solar/infra#143
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:34 +00:00
teutat3s
41e4d3427c
mastodon: clean media older than 7 days
...
Currently we keep everything for 30 days, which is about 180GB
2024-04-05 23:50:04 +02:00
teutat3s
c5159dd66d
forgejo: enable repo search (indexer), save login
...
cookie for 365 days instead of default 7 days.
Caveat for the repo indexer is that repository size on disk will grow
by factor of 6. Forgejo repositories currently use 4.7GB on disk, with
3.3GB being a nixpkgs fork.
2024-04-05 23:29:49 +02:00
Benjamin Yule Bädorf
16c6aa3b61
forgejo: make SSH keys declarative
2024-04-05 19:35:55 +00:00
teutat3s
315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' ( #135 ) from chore/nextcloud-config-maintenance-window into main
...
Reviewed-on: pub-solar/infra#135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 18:41:17 +00:00
Hendrik Sokolowski
b6b8d69852
nachtigall: forgejo: update firewall settings
2024-04-05 18:39:43 +02:00
Benjamin Yule Bädorf
e618b9f9c2
forgejo: use iptables routing instead of ssh patch
2024-04-05 17:00:28 +02:00
Benjamin Yule Bädorf
d7c9333ff4
forgejo: allow multiple host addresses for SSH
2024-04-05 14:26:56 +00:00
teutat3s
18a62b8d35
fix(nextcloud): define a maintenance window for
...
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html
> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
2024-04-05 16:23:16 +02:00
Benjamin Yule Bädorf
9433a8aea7
mediawiki: update to v1.41.1
2024-03-30 00:10:09 +01:00
b12f
6aea728583
Merge branch 'main' into feat/security-txt
2024-03-25 15:38:30 +00:00
Benjamin Yule Bädorf
b9cffad02a
matrix: set forgotten_room_retention_period to 7d
...
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.
The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf
2bb2247716
website: add security.txt
...
Ref: pub-solar/legal#11
2024-03-23 11:07:04 +01:00
teutat3s
c49ffb2d5b
fix: nginx duplicate default server
...
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
2024-02-25 23:02:00 +01:00
Benjamin Yule Bädorf
de04556191
nginx/miom: disable logging
2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf
0e89b7f210
nginx/miom: init miom.space website
...
This adds an nginx configuration for https://miom.space/ . MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.
This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.
On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf
24b77b6de5
nginx/pub.solar: disable logging for homepage
2024-02-25 18:51:24 +01:00
teutat3s
842ec945f4
forgejo: appName option has been renamed
...
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
2024-02-07 19:02:04 +01:00
teutat3s
d67190d175
feat: init tmate-ssh-server
...
https://tmate.io
2024-02-07 19:01:36 +01:00
teutat3s
f43ba01ee6
feat: use forgejo NixOS module with gitea user
...
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
2024-02-06 12:19:45 +01:00
teutat3s
4ce188edec
metrics(matrix-synapse): enable internal MAU metrics
...
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#mau_stats_only
2024-02-01 15:51:55 +01:00
teutat3s
031bab4a4e
fix(nextcloud): interned_strings_buffer should be
...
powers of 2
2024-02-01 11:21:10 +01:00
teutat3s
576ceb6875
fix(matrix-synapse): mail hostname, missing tls
...
setting on metrics listener
2024-01-30 19:42:48 +01:00
teutat3s
69b976607f
fix(matrix-synapse): make sure to find element in
...
list of config.services.matrix-synapse.settings.listeners that sets
type = "metrics" instead of just using the first element in the list
2024-01-29 00:44:53 +01:00
teutat3s
62429bca08
fix(matrix-synapse): make sure to find element in
...
list of config.services.matrix-synapse.settings.listeners.*.resources
that sets names = "client" instead of just using the first element in the list of listeners
2024-01-29 00:44:53 +01:00
teutat3s
3cfdd9d20a
refactor(matrix-synapse): get first listener port
2024-01-29 00:44:52 +01:00
teutat3s
2f75ae7e62
feat(matrix-synapse): enable metrics
...
Following:
https://github.com/matrix-org/synapse/blob/develop/docs/metrics-howto.md
2024-01-29 00:44:13 +01:00
teutat3s
815033c764
treewide: apply nixpkgs-fmt
...
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s
b3b3725c9f
feat: php opcache tuning for nextcloud
...
https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#:~:text=opcache.jit%20%3D%201255%20opcache.jit_buffer_size%20%3D%20128m
2024-01-25 20:19:32 +01:00
teutat3s
be668fbb17
fix: nextcloud likes interned strings buffer > 8
...
7cf6f51516
made a wrong assumption
2024-01-23 22:18:58 +01:00
teutat3s
ffdf55993f
fix(nginx): [warn] could not build optimal proxy_headers_hash
...
nginx: [warn] could not build optimal proxy_headers_hash, you should
increase either proxy_headers_hash_max_size: 2048 or
proxy_headers_hash_bucket_size: 64; ignoring
proxy_headers_hash_bucket_size
2024-01-17 15:16:06 +01:00
teutat3s
94ae6c9302
fix(mastodon): use working unix sockets for streaming api
...
The streaming API is currently unusable because we still pass traffic
to the old unix socket path.
Since c82195d9e8 (diff-157b1ef68573bbec951d6e551513a555e2d1ca7a161a68f1978b11d39a0bef1eR789-R803)
there are multiple unix sockets involved.
2024-01-17 10:32:03 +01:00
teutat3s
5590b5b1b3
fix: remove QuickInstantCommons extension
...
Docker image updated in 529554b4d1
Seems currently broken:
https://wiki.pub.solar/index.php/Special:RecentChanges with the
extension enabled throws:
Internal error LogicException: Backend with name 'wikimediacommons-backend' already registered.
2024-01-08 21:53:14 +01:00
teutat3s
8d06c61d2f
fix: remove duplicate wgLogo setting
2024-01-08 17:56:48 +01:00
teutat3s
1d018ade9b
feat: enable InstantCommons
...
https://www.mediawiki.org/wiki/InstantCommons
https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#InstantCommons
2024-01-08 17:56:33 +01:00
teutat3s
05f7dbe262
feat: enable wgUseInstantCommons
...
https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#InstantCommons
2024-01-08 17:42:57 +01:00
teutat3s
a7f98c2d45
fix: ensure mediawiki logo survives updates
2024-01-08 14:35:43 +01:00
teutat3s
a59e9cb6ea
feat: update mediawiki to 1.41.0, enable extension
...
TemplateStyles
https://gerrit.wikimedia.org/g/mediawiki/core/%2B/REL1_41/RELEASE-NOTES-1.41
2024-01-08 14:14:34 +01:00
teutat3s
f2217a1409
feat: shutdown freenode IRC bridge, use shorter
...
IRC aliases, use nixos matrix-synapse service config for homeserver port
2024-01-07 20:15:16 +01:00
Hendrik Sokolowski
0fe02a9f73
fix uploads path eventually ( #92 )
...
yeah yeah
Reviewed-on: pub-solar/infra#92
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de>
Co-committed-by: Hendrik Sokolowski <hensoko@gssws.de>
2024-01-07 16:18:43 +00:00
Hendrik Sokolowski
b37ad608a4
update mediawiki config ( #91 )
...
* disable logging to /dev/stderr
* fix upload path
Reviewed-on: pub-solar/infra#91
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de>
Co-committed-by: Hendrik Sokolowski <hensoko@gssws.de>
2024-01-07 15:44:21 +00:00
teutat3s
afca5c3735
chore: bump Nextcloud to version 28
2023-12-28 17:38:41 +01:00
teutat3s
a310b414f7
fix: update well-known for sliding-sync
2023-12-16 14:57:36 +01:00