pub-solar
/
infra
6
1
Fork 3
Code Issues 16 Pull Requests 6 Actions Packages Projects 1 Releases Wiki Activity
514 Commits
9 Branches
0 Tags
3.2 MiB
Commit Graph

514 Commits (main)

Author SHA1 Message Date
teutat3s 315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' (#135) from chore/nextcloud-config-maintenance-window into main 
Reviewed-on: #135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-04-05 18:41:17 +00:00
b12f 9191729f5c
Merge pull request 'nachtigall: forgejo: update firewall settings' (#137) from fix/git-forgejo-open-service-port-in-firewall into main 
Reviewed-on: #137
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-04-05 16:51:36 +00:00
Hendrik Sokolowski b6b8d69852
nachtigall: forgejo: update firewall settings
Flake checks / Check (pull_request) Successful in 8m11s Details
2024-04-05 18:39:43 +02:00
b12f 4380c3b0ab
Merge pull request 'forgejo: use iptables routing instead of ssh patch' (#136) from fix/forgejo-ssh-again into main 
Reviewed-on: #136
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 15:26:10 +00:00
Benjamin Yule Bädorf e618b9f9c2
forgejo: use iptables routing instead of ssh patch
Flake checks / Check (pull_request) Successful in 8m18s Details
2024-04-05 17:00:28 +02:00
b12f ae0c90e4f8
Merge pull request 'forgejo: allow multiple host addresses for SSH' (#133) from fix/forgejo-multi-host into main 
Reviewed-on: #133
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-04-05 14:27:03 +00:00
Benjamin Yule Bädorf d7c9333ff4
forgejo: allow multiple host addresses for SSH
Flake checks / Check (pull_request) Successful in 9m1s Details
2024-04-05 14:26:56 +00:00
teutat3s 18a62b8d35
fix(nextcloud): define a maintenance window for
Flake checks / Check (pull_request) Successful in 4m39s Details 
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html

> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
 2024-04-05 16:23:16 +02:00
Hendrik Sokolowski 9ec77e2a30
Update flake.nix (#134) 
Update deploy node settinsg with wireguard ips

Reviewed-on: #134
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-04-05 14:11:42 +00:00
b12f 1bcb8bb7e0
Merge pull request 'admins: Add axeman's wireguard device' (#132) from axeman-wireguard into main 
Reviewed-on: #132
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 13:41:43 +00:00
Akshay Mankar cf1e6f8134
admins: Add axeman's wireguard device
Flake checks / Check (pull_request) Successful in 8m48s Details
2024-04-05 15:41:21 +02:00
b12f 83e293016f
Merge pull request 'docs: explain admin access and secrets' (#130) from docs/admin-access into main 
Reviewed-on: #130
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 12:56:51 +00:00
Benjamin Yule Bädorf 91a2b66134
docs: explain admin access and secrets 2024-04-05 12:56:51 +00:00
b12f 2851273d18
Merge pull request 'security/close-ssh' (#128) from security/close-ssh into main 
Reviewed-on: #128
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 12:51:04 +00:00
Benjamin Yule Bädorf b1519c8f22
ssh: only allow ssh on wireguard interface
Flake checks / Check (pull_request) Successful in 8m16s Details
2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf f7eaef0d18
wireguard: fix flora-6 address and private key 
Reviewed-on: #129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
 2024-04-05 11:26:38 +00:00
b12f 51523439e7
Merge pull request 'feat/wireguard' (#126) from feat/wireguard into main 
Reviewed-on: #126
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 48845d6cf6
logins/wireguard: move teutat3s wireguard device 2024-04-05 11:09:31 +00:00
Hendrik Sokolowski c53adf51f7
logins: add judy for hensoko 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf a795f0824f
logins: fix admin login merging 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 83125ae472
logins: check for missing wireguard device attribute 2024-04-05 11:09:31 +00:00
teutat3s 147ed44b9a
wireguard: add dumpyourvms 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 621e9336ed
wireguard: add basic keys 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
b12f 6748e44824
Merge pull request 'chore: update element-desktop, matrix-synapse, nextcloud and misc' (#127) from chore/flake-updates into main 
Reviewed-on: #127
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-04-05 11:06:25 +00:00
teutat3s 815dccc0b4
chore: update flake inputs
Flake checks / Check (pull_request) Successful in 1h15m46s Details 
• Updated input 'agenix':
    'github:ryantm/agenix/8cb01a0e717311680e0cbca06a76cbceba6f3ed6' (2024-02-13)
  → 'github:ryantm/agenix/1381a759b205dff7a6818733118d02253340fd5e' (2024-04-02)
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
  → 'github:serokell/deploy-rs/88b3059b020da69cbe16526b8d639bd5e0b51c8b' (2024-04-01)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
  → 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
  → 'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
  → 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/bcc8afd06e237df060c85bad6af7128e05fd61a3' (2024-03-17)
  → 'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083' (2024-03-30)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/05f9464e282dee5a706273f50344a8201d8980b5' (2024-03-19)
  → 'github:srid/nixos-flake/7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5' (2024-03-25)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/fa9f817df522ac294016af3d40ccff82f5fd3a63' (2024-03-19)
  → 'github:nixos/nixpkgs/1487bdea619e4a7a53a4590c475deabb5a9d1bfb' (2024-04-03)
• Updated input 'unstable':
    'github:nixos/nixpkgs/b06025f1533a1e07b6db3e75151caa155d1c7eb3' (2024-03-19)
  → 'github:nixos/nixpkgs/fd281bd6b7d3e32ddfa399853946f782553163b5' (2024-04-03)
 2024-04-04 18:49:09 +02:00
b12f dda8ed6938
Merge pull request 'mediawiki: update to v1.41.1' (#125) from mediawiki/v1.41.1 into main 
Reviewed-on: #125
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
 2024-03-29 23:41:43 +00:00
Benjamin Yule Bädorf 9433a8aea7
mediawiki: update to v1.41.1
Flake checks / Check (pull_request) Successful in 7m58s Details
2024-03-30 00:10:09 +01:00
b12f 37ebcb3669
Merge pull request 'website: add security.txt' (#122) from feat/security-txt into main 
Reviewed-on: #122
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-25 16:26:17 +00:00
b12f 6aea728583
Merge branch 'main' into feat/security-txt
Flake checks / Check (pull_request) Successful in 7m4s Details
2024-03-25 15:38:30 +00:00
b12f a5e72f9cc7
Merge pull request 'matrix: set forgotten_room_retention_period to 7d' (#124) from matrix/room-retention-period into main 
Reviewed-on: #124
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-25 15:38:24 +00:00
Benjamin Yule Bädorf b9cffad02a
matrix: set forgotten_room_retention_period to 7d
Flake checks / Check (pull_request) Successful in 7m4s Details 
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.

The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
 2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf 2bb2247716
website: add security.txt
Flake checks / Check (pull_request) Successful in 6m58s Details 
Ref: pub-solar/legal#11
 2024-03-23 11:07:04 +01:00
teutat3s ef943f02e3
Merge pull request 'Update element-web, matrix-synapse' (#121) from chore/flake-updates into main 
Reviewed-on: #121
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-03-21 10:24:34 +00:00
teutat3s 45e91d7ef1
fix: drone port should bind to localhost
Flake checks / Check (pull_request) Successful in 18m12s Details
2024-03-21 10:44:40 +01:00
teutat3s e33529ad4b
chore: bump flake inputs 2024-03-21 10:44:16 +01:00
b12f 1f8e53053b
Merge pull request 'public-keys: update b12f ssh keys with new yubikeys' (#120) from b12f/public-keys-update into main 
Reviewed-on: #120
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-03-20 10:51:41 +00:00
Benjamin Yule Bädorf c8c10269c4
public-keys: update b12f ssh keys with new yubikeys
Flake checks / Check (pull_request) Successful in 17m39s Details
2024-03-20 11:27:23 +01:00
teutat3s 27116f053a
Merge pull request 'chore: updates for element-web, forgejo, mastodon, nextcloud' (#119) from chore/updates into main 
Reviewed-on: #119
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-03-05 22:38:52 +00:00
teutat3s b76b7821a7
chore: update flake inputs
Flake checks / Check (pull_request) Successful in 19m43s Details 
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/1776009f1f3fb2b5d236b84d9815f2edee463a9b' (2024-01-10)
  → 'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
  → 'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd' (2024-02-12)
  → 'github:lnl7/nix-darwin/daa03606dfb5296a22e842acb02b46c1c4e9f5e7' (2024-03-04)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/3891b2030114f8661402991eac9be0ed59f786ae' (2024-02-09)
  → 'github:srid/nixos-flake/50203d68b305abff2f29e555992eb55ddeffbcd5' (2024-02-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/617579a787259b9a6419492eaac670a5f7663917' (2024-03-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
  → 'github:nixos/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
• Removed input 'nixpkgs-head'
 2024-03-05 21:39:19 +01:00
teutat3s 14e689486b
Merge pull request 'fix: nginx duplicate default server' (#118) from fix/nginx-duplicate-default-server into main 
Reviewed-on: #118
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-25 22:07:52 +00:00
teutat3s c49ffb2d5b
fix: nginx duplicate default server
Flake checks / Check (pull_request) Successful in 4m53s Details 
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
 2024-02-25 23:02:00 +01:00
b12f aa607396e4
Merge pull request 'nginx/miom: init miom.space website' (#116) from feat/miom.space into main 
Reviewed-on: #116
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-02-25 21:42:03 +00:00
Benjamin Yule Bädorf de04556191
nginx/miom: disable logging
Flake checks / Check (pull_request) Successful in 4m42s Details
2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 0e89b7f210
nginx/miom: init miom.space website 
This adds an nginx configuration for https://miom.space/. MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.

This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.

On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
 2024-02-25 21:41:06 +00:00
b12f 1878595af2
Merge pull request 'nginx/pub.solar: disable logging for homepage' (#117) from privacy/website-no-logging into main 
Reviewed-on: #117
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2024-02-25 18:10:30 +00:00
Benjamin Yule Bädorf 24b77b6de5
nginx/pub.solar: disable logging for homepage
Flake checks / Check (pull_request) Successful in 4m45s Details
2024-02-25 18:51:24 +01:00
Akshay Mankar 50fa98eebb
Merge pull request 'security: Upgrade mastodon to 4.2.7' (#114) from mastodon-4.2.7 into main 
Reviewed-on: #114
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-16 13:47:58 +00:00
Akshay Mankar f7d7964299
security: Upgrade mastodon to 4.2.7
Flake checks / Check (pull_request) Successful in 19m21s Details
2024-02-16 13:22:39 +01:00
Akshay Mankar afcfb4fe0f
Merge pull request 'chore: nix flake update' (#113) from flake-update-16-02 into main 
Reviewed-on: #113
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2024-02-16 09:23:32 +00:00