b12f
aca1e1a737
Merge branch 'main' into feat/automated-account-deletion
Flake checks / Check (pull_request) Failing after 2m54s
2024-09-04 10:16:20 +02:00
teutat3s
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
...
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s
e2ba1aacf4
mail: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
b12f
760d6e3458
tests/keycloak: email sending works
2024-08-28 23:54:59 +02:00
teutat3s
d2389497c2
Merge pull request 'garage: initial cluster' ( #222 ) from garage-cluster into main
...
Reviewed-on: #222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
teutat3s
4626fd85c0
mediawiki: add backups to garage bucket + storagebox
...
Flake checks / Check (pull_request) Successful in 1m56s
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
b12f
6efc884353
hosts: remove nachtigall-test
2024-08-27 13:32:00 +02:00
b12f
38a34f4345
Merge branch 'main' into feat/automated-account-deletion
2024-08-27 13:31:52 +02:00
b12f
3bc699fccf
chore: run nix fmt
2024-08-27 13:17:30 +02:00
teutat3s
88b76beb5c
keycloak: use backups module
...
Flake checks / Check (pull_request) Successful in 19m4s
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:09:07 +02:00
teutat3s
e857c6198b
modules/backup: init
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:04:10 +02:00
teutat3s
a0b52d51e5
nachtigall: make postgres wait for zfs mount
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
b12f
b30dc0f7bd
test: puppeteering puppeteer from host python testScript
Flake checks / Check (pull_request) Failing after 1m43s
2024-08-26 19:00:57 +02:00
Benjamin Yule Bädorf
ec01fe5eea
test: add initial e2e test for nachtigall
Flake checks / Check (pull_request) Failing after 3m23s
2024-08-25 12:34:07 +02:00
b12f
eb337ddd47
tests/keycloak: certificate fetching with step-ca works
2024-08-25 02:38:39 +02:00
teutat3s
f236962e17
garage: add monitoring, connect to grafana + loki
...
Flake checks / Check (pull_request) Successful in 7m10s
https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
2024-08-25 00:18:09 +02:00
teutat3s
d32abd7a7f
wireguard: add trinkgenossin, delite, blue-shell
2024-08-25 00:13:53 +02:00
teutat3s
15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy
...
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
2024-08-24 21:48:48 +02:00
teutat3s
b0790876ec
style: format using nixfmt-rfc-style
Flake checks / Check (pull_request) Successful in 7m42s
2024-08-24 17:39:49 +02:00
teutat3s
83b7e3e11e
hosts: init blue-shell
2024-08-24 03:02:15 +02:00
teutat3s
4ef9781d10
hosts: init delite
2024-08-24 03:01:46 +02:00
teutat3s
ca8e578b11
hosts: init trinkgenossin
2024-08-24 03:00:01 +02:00
Benjamin Yule Bädorf
8ce50bb73b
tt-rss: add pub.solar specific configuration
2024-07-17 15:22:58 +02:00
teutat3s
153ef69daf
metronom: enable ZFS auto scrub once per month
Flake checks / Check (pull_request) Successful in 6m28s
2024-06-23 15:16:04 +02:00
teutat3s
af5abfc712
nachtigall: enable ZFS auto scrub once per month
2024-06-23 15:14:30 +02:00
teutat3s
e127c668f6
metronom, tankstelle: cleanup for SSH only via wireguard
2024-06-08 23:52:08 +02:00
teutat3s
6ea916603c
networking: set networking.domain in core module
Flake checks / Check (pull_request) Successful in 4m0s
2024-06-06 19:30:11 +02:00
teutat3s
4350cbf7c4
tankstelle: add promtail, prometheus node-exporter
...
for monitoring, configure wireguard between flora-6 and tankstelle
2024-06-06 12:53:49 +02:00
teutat3s
b93608a8fa
metronom: add promtail, prometheus node-exporter
...
configure wireguard to push logs to and scrape metrics from flora-6
open firewall for node-exporter port on wg-ssh interface
2024-06-06 12:52:55 +02:00
teutat3s
008e14f2d2
mail: add missing NixOS module to metronom
2024-06-06 12:49:58 +02:00
teutat3s
0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH
...
port access to wireguard only
2024-05-31 16:52:04 +02:00
teutat3s
9a9dccf5bb
mail: move NixOS module to modules
2024-05-31 16:52:04 +02:00
teutat3s
c5dfb472f8
style: treefmt
2024-05-31 16:52:04 +02:00
teutat3s
1ca1168d7a
mail: switch to mail.pub.solar
2024-05-31 16:52:04 +02:00
teutat3s
b6f64a1e04
mail: add more @pub.solar mail accounts
2024-05-31 16:52:03 +02:00
Hendrik Sokolowski
af233793fb
initial work on mail
2024-05-31 16:52:01 +02:00
teutat3s
941eff6d87
tankstelle: configure wireguard
Flake checks / Check (pull_request) Successful in 2m30s
2024-05-30 19:17:21 +02:00
teutat3s
5aa1276e85
ci: add nix to PATH
2024-05-30 19:04:40 +02:00
teutat3s
cc70a740a1
ci: run actions runner as normal user
2024-05-30 19:04:40 +02:00
teutat3s
866785ef47
style: format using treefmt
2024-05-30 19:04:40 +02:00
teutat3s
692c152406
gitea-actions-runner: fix PATH in systemd
2024-05-30 19:04:40 +02:00
teutat3s
e71cbfc461
ci: add self-hosted forgejo-actions-runner
...
wip: add git.pub.solar to /etc/hosts
ci: add devshell with Node.js for forgejo actions
ci: add PATH
ci: add HOME
2024-05-30 19:04:13 +02:00
Hendrik Sokolowski
946585d1ca
initial commit of tankstelle
Flake checks / Check (pull_request) Failing after 1m38s
2024-05-29 14:08:59 +02:00
teutat3s
0cb89a9fe8
fix: nachtigall wants keycloak
Flake checks / Check (pull_request) Successful in 3m24s
2024-05-15 19:20:06 +02:00
teutat3s
2ca0bd7c3e
style: run treefmt
Flake checks / Check (pull_request) Successful in 2m36s
2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf
68278ad983
refactor: use options for config parts
...
Flake checks / Check (pull_request) Successful in 5m52s
This works towards having reusable modules
* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
This is needed because `config.pub-solar-os.auth` has to be available
everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00
Benjamin Yule Bädorf
ef94681e11
refactor: Move all apps into modules
Flake checks / Check (pull_request) Successful in 6m5s
2024-04-28 18:07:28 +02:00
Hendrik Sokolowski
10c86c6b20
nachtigall: obs-portal: remove tiles mount
Flake checks / Check (pull_request) Successful in 6m8s
2024-04-28 01:07:49 +02:00
Hendrik Sokolowski
1d6c5003e8
nachtigall: obs-portal: fix dependencies of docker network unit and portal
2024-04-28 01:05:43 +02:00
Benjamin Yule Bädorf
d280b29394
obs-portal: init obs-portal on nachtigall
...
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md
Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.
The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-27 22:45:07 +02:00
b12f
teutat3s
Hendrik Sokolowski