514 Commits (main)

All Branches

Search

Author	SHA1	Message	Date
Hendrik Sokolowski	1d6c5003e8	nachtigall: obs-portal: fix dependencies of docker network unit and portal	2024-04-28 01:05:43 +02:00
Hendrik Sokolowski	fef1874938	update obs-portal dns target	2024-04-27 22:45:26 +02:00
Hendrik Sokolowski	c74394449d	remove git conflict heading	2024-04-27 22:45:21 +02:00
Benjamin Yule Bädorf	d280b29394	obs-portal: init obs-portal on nachtigall ... This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md Unfortunately, the postgres database needs to have postgis enabled, so we'll have to start a second instance. To stay close to the official deployment instructions, this is running in docker. The secrets were taken from the old installation instance. During initial installation, we'll need to import data from the old instance into this one, which might take a while.	2024-04-27 22:45:07 +02:00
Benjamin Yule Bädorf	c49e47dc30	Add .editorconfig file with tabs as indentation ... Just use tabs guys	2024-04-27 20:47:07 +02:00
teutat3s	5e34acd765	Merge pull request 'Revert "matrix-appservice-irc: remove unneeded syscall override"' (#171) from fix/matrix-appservice-irc into main ... Reviewed-on: #171 Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>	2024-04-27 13:50:46 +00:00
teutat3s	2fa3ccf28e	Revert "matrix-appservice-irc: remove unneeded syscall override" ... This reverts commit a11255b433.	2024-04-27 01:44:20 +02:00
teutat3s	505d0f34ea	Merge pull request 'nachtigall: synapse security update' (#153) from chore/synapse-security-update into main ... Reviewed-on: #153 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-26 20:48:19 +00:00
teutat3s	ddc5c65bf7	chore: bump flake inputs ... • Updated input 'home-manager': 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff?narHash=sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ%3D' (2024-04-06) → 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411?narHash=sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM%3D' (2024-04-25) • Updated input 'nix-darwin': 'github:lnl7/nix-darwin/9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed?narHash=sha256-olEWxacm1xZhAtpq%2BZkEyQgR4zgfE7ddpNtZNvubi3g%3D' (2024-04-19) → 'github:lnl7/nix-darwin/230a197063de9287128e2c68a7a4b0cd7d0b50a7?narHash=sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8%3D' (2024-04-24) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/bc194f70731cc5d2b046a6c1b3b15f170f05999c?narHash=sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo%3D' (2024-04-19) → 'github:nixos/nixpkgs/dd37924974b9202f8226ed5d74a252a9785aedf8?narHash=sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds%3D' (2024-04-24) • Updated input 'unstable': 'github:nixos/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f?narHash=sha256-XtTSSIB2DA6tOv%2Bl0FhvfDMiyCmhoRbNB%2B0SeInZkbk%3D' (2024-04-19) → 'github:nixos/nixpkgs/572af610f6151fd41c212f897c71f7056e3fb518?narHash=sha256-cfh1hi%2B6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U%3D' (2024-04-23)	2024-04-25 19:21:05 +02:00
teutat3s	a11255b433	matrix-appservice-irc: remove unneeded syscall override ... PR was merged and backported: https://github.com/NixOS/nixpkgs/pull/271740	2024-04-25 12:37:58 +02:00
teutat3s	d62b6cda92	Merge pull request 'ci: update forgejo runner to fix cache' (#152) from ci/update-forgejo-runner into main ... Reviewed-on: #152 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-23 18:18:39 +00:00
teutat3s	c580fe0fbb	ci: prevent flake inputs from GC as well	2024-04-23 19:10:20 +02:00
teutat3s	60aef1d038	ci: prevent nix garbage collection	2024-04-23 16:00:16 +02:00
teutat3s	fa9ce9d435	gitea-actions-runner: don't run as systemd DynamicUser ... to enable usage of cache outside of /var/lib/private	2024-04-23 15:42:33 +02:00
teutat3s	9541e5029e	flora-6: move forgejo-runner cache directory to /data	2024-04-23 15:12:11 +02:00
teutat3s	c4d0d34807	ci: revert cache-nix-action to version 4.0.3	2024-04-23 15:12:06 +02:00
teutat3s	d5fe65b60d	ci: disable cachix daemon, spams logs with ... [2024-04-22 23:46:26][Info] Skipping /nix/store/w2zp8k8yy2avv5r92w0cpq9aixkir2sp-LocalSettings.php ...	2024-04-23 15:11:59 +02:00
teutat3s	0e7dc95250	ci: remove broken purge config from check workflow	2024-04-23 01:42:04 +02:00
teutat3s	c86e22b292	ci: update forgejo-runner to version 3.4.1 ... https://github.com/NixOS/nixpkgs/pull/301383	2024-04-23 00:38:53 +02:00
Hendrik Sokolowski	4992819742	Merge pull request 'set pruneOpts for restic backups to daily 7, weekly 4, monthly 3' (#151) from feature/restic-backup-retention into main ... Reviewed-on: #151 Reviewed-by: b12f <b12f@noreply.git.pub.solar> Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>	2024-04-22 19:38:21 +00:00
Hendrik Sokolowski	a9411d05a8	set pruneOpts for restic backups to daily 7, weekly 4, monthly 3	2024-04-22 20:06:49 +02:00
teutat3s	e8530caf1d	Merge pull request 'ci: update nix-quick-install-action, cache-nix-action, cachix-action' (#150) from chore-update-ci into main ... Reviewed-on: #150 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-22 15:19:36 +00:00
teutat3s	7c492e7391	Merge pull request 'chore: forgejo security update, update matrix-synapse et al.' (#149) from chore-update-flake into main ... Reviewed-on: #149 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-22 15:18:33 +00:00
teutat3s	a0c6f0dc08	ci: fix cache-nix-action, use new config syntax	2024-04-21 20:17:03 +02:00
teutat3s	46c7c9ecb1	ci: update nix-quick-install-action, cache-nix-action, ... cachix-action	2024-04-21 19:58:58 +02:00
teutat3s	fb4004e9f0	chore: update flake inputs ... • Updated input 'nix-darwin': 'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083?narHash=sha256-sXcesZWKXFlEQ8oyGHnfk4xc9f2Ip0X/%2BYZOq3sKviI%3D' (2024-03-30) → 'github:lnl7/nix-darwin/9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed?narHash=sha256-olEWxacm1xZhAtpq%2BZkEyQgR4zgfE7ddpNtZNvubi3g%3D' (2024-04-19) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/90055d5e616bd943795d38808c94dbf0dd35abe8?narHash=sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib%2B8%3D' (2024-04-13) → 'github:nixos/nixpkgs/bc194f70731cc5d2b046a6c1b3b15f170f05999c?narHash=sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo%3D' (2024-04-19) • Updated input 'unstable': 'github:nixos/nixpkgs/cfd6b5fc90b15709b780a5a1619695a88505a176?narHash=sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM%3D' (2024-04-12) → 'github:nixos/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f?narHash=sha256-XtTSSIB2DA6tOv%2Bl0FhvfDMiyCmhoRbNB%2B0SeInZkbk%3D' (2024-04-19)	2024-04-21 19:28:02 +02:00
teutat3s	3030b0f84d	Merge pull request 'flora-6: add wg-ssh to ignored systemd-wait-online interfaces' (#148) from flora-6/fix-network-wait-online into main ... Reviewed-on: #148 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-14 21:53:33 +00:00
teutat3s	c07d24f6a7	flora-6: add wg-ssh to ignored interfaces ... for systemd-wait-online to start successfully	2024-04-14 23:22:53 +02:00
teutat3s	0f297c4711	Merge pull request 'chore: security update PHP, update element-web, misc updates' (#147) from chore-update-flake into main ... Reviewed-on: #147 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-14 20:29:39 +00:00
teutat3s	679d9b236f	Merge pull request 'nginx: set worker_processes to number of CPU cores' (#146) from feat/nginx-tuning into main ... Reviewed-on: #146 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-14 20:22:08 +00:00
teutat3s	78d5e5a4f0	chore: update flake inputs ... ❯ nix store diff-closures $OLD_CLOSURE $NEW_CLOSURE cpupower: 6.1.84 → 6.1.86 element-web: 1.11.63 → 1.11.64, +148.0 KiB element-web-wrapped: 1.11.63 → 1.11.64 initrd-linux: 6.1.84 → 6.1.86 linux: 6.1.84, 6.1.84-modules → 6.1.86, 6.1.86-modules, +24.3 KiB linux-firmware: 20240312 → 20240410, +493.3 KiB nixos-system-nachtigall: 23.11.20240410.b2cf36f → 23.11.20240413.90055d5 owncast: 0.1.2 → 0.1.3, -376.1 KiB php: 8.2.17 → 8.2.18 php-bcmath: 8.2.17 → 8.2.18 php-bz2: 8.2.17 → 8.2.18 php-calendar: 8.2.17 → 8.2.18 php-ctype: 8.2.17 → 8.2.18 php-curl: 8.2.17 → 8.2.18 php-dom: 8.2.17 → 8.2.18 php-exif: 8.2.17 → 8.2.18 php-extra-init: 8.2.17.ini → 8.2.18.ini php-fileinfo: 8.2.17 → 8.2.18 php-filter: 8.2.17 → 8.2.18 php-ftp: 8.2.17 → 8.2.18 php-gd: 8.2.17 → 8.2.18 php-gettext: 8.2.17 → 8.2.18 php-gmp: 8.2.17 → 8.2.18 php-iconv: 8.2.17 → 8.2.18 php-imap: 8.2.17 → 8.2.18 php-intl: 8.2.17 → 8.2.18 php-ldap: 8.2.17 → 8.2.18 php-mbstring: 8.2.17 → 8.2.18 php-mysqli: 8.2.17 → 8.2.18 php-mysqlnd: 8.2.17 → 8.2.18 php-opcache: 8.2.17 → 8.2.18 php-openssl: 8.2.17 → 8.2.18 php-pcntl: 8.2.17 → 8.2.18 php-pdo: 8.2.17 → 8.2.18 php-pdo_mysql: 8.2.17 → 8.2.18 php-pdo_odbc: 8.2.17 → 8.2.18 php-pdo_pgsql: 8.2.17 → 8.2.18 php-pdo_sqlite: 8.2.17 → 8.2.18 php-pgsql: 8.2.17 → 8.2.18 php-posix: 8.2.17 → 8.2.18 php-readline: 8.2.17 → 8.2.18 php-session: 8.2.17 → 8.2.18 php-simplexml: 8.2.17 → 8.2.18 php-soap: 8.2.17 → 8.2.18 php-sockets: 8.2.17 → 8.2.18 php-sodium: 8.2.17 → 8.2.18 php-sqlite3: 8.2.17 → 8.2.18 php-sysvsem: 8.2.17 → 8.2.18 php-tokenizer: 8.2.17 → 8.2.18 php-with-extensions: 8.2.17 → 8.2.18 php-xmlreader: 8.2.17 → 8.2.18 php-xmlwriter: 8.2.17 → 8.2.18 php-zip: 8.2.17 → 8.2.18 php-zlib: 8.2.17 → 8.2.18 searxng: ∅ → 0-unstable-2024-03-08, +15337.5 KiB searxng-unstable: 2023-10-31 → ∅, -14965.6 KiB source: +470.3 KiB uwsgi: 2.0.23 → 2.0.24 zfs-kernel: 2.2.3-6.1.84 → 2.2.3-6.1.86	2024-04-14 22:09:37 +02:00
teutat3s	c768203bed	nginx: set worker_processes to number of CPU cores ... and set worker_connections to 1024 https://nginx.org/en/docs/ngx_core_module.html#worker_processes https://nginx.org/en/docs/ngx_core_module.html#worker_connections	2024-04-14 17:39:56 +02:00
teutat3s	b0c466869e	Merge pull request 'wireguard: use IP addresses for wireguard endpoints' (#145) from fix/use-ip-for-wireguard into main ... Reviewed-on: #145 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>	2024-04-12 20:40:39 +00:00
teutat3s	b6a54efd9a	fix: add comment with hostnames to wireguard peers	2024-04-12 22:36:17 +02:00
Benjamin Yule Bädorf	7e145040cc	wireguard: use IP addresses for wireguard endpoints ... Otherwise the hostnames written to the /etc/hosts file are already pointing at the wireguard IP-addresses, so they can never connect.	2024-04-12 22:31:28 +02:00
b12f	9d94b888ae	Merge pull request 'networking: add wireguard hosts to /etc/hosts' (#144) from wireguard/add-etc-hosts into main ... Reviewed-on: #144 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-12 19:54:09 +00:00
teutat3s	8a9fe3b8fe	chore: update flake inputs ... • Updated input 'nixpkgs': 'github:nixos/nixpkgs/d272ca50d1f7424fbfcd1e6f1c9e01d92f6da167' (2024-04-08) → 'github:nixos/nixpkgs/b2cf36f43f9ef2ded5711b30b1f393ac423d8f72' (2024-04-10) • Updated input 'unstable': 'github:nixos/nixpkgs/4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6' (2024-04-08) → 'github:nixos/nixpkgs/1042fd8b148a9105f3c0aca3a6177fd1d9360ba5' (2024-04-10)	2024-04-12 19:54:09 +00:00
teutat3s	8743ea7b0c	networking: add wireguard hosts to /etc/hosts ... Also re-enable DNSSEC, it's reported fixed in systemd-resolved	2024-04-12 19:54:09 +00:00
b12f	8743b50f7f	Merge pull request 'forgejo: also reroute ssh traffic for ipv6' (#139) from forgejo/reroute-ssh-ipv6 into main ... Reviewed-on: #139 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-12 19:38:15 +00:00
Benjamin Yule Bädorf	316ba9ef53	forgejo: also reroute ssh traffic for ipv6	2024-04-12 19:38:15 +00:00
teutat3s	afca75441c	Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' (#142) from feat/forgejo-enable-search into main ... Reviewed-on: #142 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-06 16:07:42 +00:00
teutat3s	9698c47530	Merge pull request 'mastodon: clean media older than 7 days' (#143) from mastodon/auto-clean-7-days into main ... Reviewed-on: #143 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-06 16:07:34 +00:00
teutat3s	ccb029dde3	Merge pull request 'wireguard: add ryzensun to teutat3s' hosts' (#141) from wireguard/add-ryzensun-host into main ... Reviewed-on: #141 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-06 16:07:21 +00:00
teutat3s	41e4d3427c	mastodon: clean media older than 7 days ... Currently we keep everything for 30 days, which is about 180GB	2024-04-05 23:50:04 +02:00
teutat3s	16e9d476cb	Merge pull request 'docs: include notes regarding rollback in deploy docs, misc updates' (#140) from docs/update-deployment-docs into main ... Reviewed-on: #140 Reviewed-by: b12f <b12f@noreply.git.pub.solar>	2024-04-05 21:39:46 +00:00
teutat3s	3caf085d0b	wireguard: add ryzensun to teutat3s' hosts	2024-04-05 23:32:59 +02:00
teutat3s	c5159dd66d	forgejo: enable repo search (indexer), save login ... cookie for 365 days instead of default 7 days. Caveat for the repo indexer is that repository size on disk will grow by factor of 6. Forgejo repositories currently use 4.7GB on disk, with 3.3GB being a nixpkgs fork.	2024-04-05 23:29:49 +02:00
teutat3s	b27f8c1380	docs: include notes regarding rollback in deploy ... docs, misc updates	2024-04-05 23:03:43 +02:00
b12f	76ca43142a	Merge pull request 'forgejo: make SSH keys declarative' (#138) from forgejo/ssh-keys-declarative into main ... Reviewed-on: #138 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-05 19:35:55 +00:00
Benjamin Yule Bädorf	16c6aa3b61	forgejo: make SSH keys declarative	2024-04-05 19:35:55 +00:00