pub-solar/infra
5
2
Fork 3
Code Issues31 Pull requests11 Projects1 Releases Packages Wiki Activity Actions
1004 commits 20 branches 0 tags 15 MiB
Commit graph

1004 commits

Author SHA1 Message Date
teutat3s
9561cc56fd
Merge pull request 'modules/nextcloud: PHP's session gc should match nextcloud session_lifetime' () from nextcloud-session-plus-tweaks into main 
Reviewed-on: 
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
 2025-04-16 10:36:50 +00:00
Akshay Mankar
05997f37fd
nextcloud/uppush: Add rewrite rule for matrix push gateway 2025-04-16 07:36:20 +02:00
Akshay Mankar
b348473220
nextcloud/uppush: Increase timeouts 
As documented here: https://codeberg.org/NextPush/uppush#installation
 2025-04-16 07:36:14 +02:00
teutat3s
bdb9b3914a
modules/nextcloud: PHP's session gc should match 
nextcloud session_lifetime.

Use webp as preview format.

Use NixOS default of 1s for opcache revalidation for quicker
updates after PHP code changes.

Enable debug logging to track down issues with Nextcloud
sessions.
 2025-04-16 03:29:39 +02:00
teutat3s
74cfa18634
trinkgenossin: fix pubsolar actions runner name 2025-04-16 00:59:40 +02:00
Akshay Mankar
5b54446970
Merge pull request 'nextcloud: Add unified push app' () from nc-unified-push into main 
Reviewed-on: 
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2025-04-15 20:45:05 +00:00
Akshay Mankar
ab376d3e5b
nextcloud: Add unified push app 2025-04-15 21:21:19 +02:00
teutat3s
3c637111c1
Merge pull request 'tankstelle: use forgejo-actions-runner module' () from tankstelle-forgejo-runner into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-14 23:35:49 +00:00
teutat3s
1ef8e2ba68
Merge pull request 'users/hakkonaut: fix uid, 998 is currently taken by sshd' () from fix-hakkonaut-uid into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-14 23:35:39 +00:00
teutat3s
7d36496f36
users/hakkonaut: fix uid, 998 is currently taken 
by sshd. Also set gid to 1100.
 2025-04-15 01:22:37 +02:00
teutat3s
ee46817301
tankstelle: use forgejo-actions-runner module 2025-04-15 00:43:40 +02:00
teutat3s
58f77bdfae
Merge pull request 'ci: add workflow for automated flake updates' () from automated-flake-lock-update into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-14 22:06:27 +00:00
teutat3s
c462a10425
Merge pull request 'docs: update systems overview' () from docs-systems-update into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-14 21:51:53 +00:00
teutat3s
3a5208898a
ci: add workflow for automated flake updates 2025-04-14 23:47:11 +02:00
teutat3s
46ea68cec5
Merge pull request 'Revert "nextcloud: attempt to fix CSRF check failed with"' () from revert-nextcloud-session into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-14 15:47:45 +00:00
teutat3s
6a930a087e
Merge pull request 'forgejo-actions-runner: init module, use it on trinkgenossin' () from actions-runner into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-14 14:08:13 +00:00
teutat3s
24ef0e1f25
Revert "nextcloud: attempt to fix CSRF check failed with" 
This reverts commit 8db9c98093.
 2025-04-14 15:46:24 +02:00
teutat3s
9a98dd7acb
style: lint 2025-04-14 01:51:15 +02:00
teutat3s
1aa3a9762c
style: fix lint 2025-04-14 01:50:46 +02:00
teutat3s
6e0479d263
docs: update systems overview 2025-04-13 23:14:19 +02:00
teutat3s
0e39b0933e
trinkgenossin: switch to forgejo-actions-runner 
module
 2025-04-13 23:12:42 +02:00
teutat3s
e2586a3099
modules/forgejo-actions-runner: init 2025-04-13 23:12:31 +02:00
teutat3s
92c5f1b6be
Merge pull request 'backups: start obs-portal backup 30m later' () from obs-portal-later into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-13 20:07:22 +00:00
teutat3s
6dee333c00
backups: start obs-portal backup 30m later 2025-04-13 22:04:58 +02:00
b12f
cecf112d95
Merge pull request 'security: update mediawiki, update synapse and others' () from updates-mediawiki into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-13 19:44:18 +00:00
teutat3s
85bcf84e9c
mediawiki: security update to 1.43.1 2025-04-13 16:11:34 +02:00
teutat3s
da68f61342
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/f6dbc8952df9e40afafbe38449751bfad12d64f2' (2025-04-01)
  → 'github:nix-community/disko/76c0a6dba345490508f36c1aa3c7ba5b6b460989' (2025-04-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/15c5f9d04fabd176f30286c8f52bbdb2c853a146' (2025-03-31)
  → 'github:nix-community/home-manager/b4e98224ad1336751a2ac7493967a4c9f6d9cb3f' (2025-04-08)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/73d59580d01e9b9f957ba749f336a272869c42dd' (2025-04-01)
  → 'github:lnl7/nix-darwin/43975d782b418ebf4969e9ccba82466728c2851b' (2025-04-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4' (2025-04-01)
  → 'github:nixos/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d' (2025-04-12)
• Updated input 'unstable':
    'github:nixos/nixpkgs/77b584d61ff80b4cef9245829a6f1dfad5afdfa3' (2025-03-31)
 2025-04-13 16:08:34 +02:00
teutat3s
39a7dd3af8
Merge pull request 'nextcloud: attempt to fix 'CSRF check failed'' () from fix-nextcloud-session into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-07 18:12:03 +00:00
teutat3s
8db9c98093
nextcloud: attempt to fix CSRF check failed with 
shorter session_lifetime
 2025-04-03 23:46:59 +02:00
teutat3s
47502667f5
Merge pull request 'core/networking: convert DNS resolved config to NixOS options' () from dns-convert-to-options into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-02 19:38:34 +00:00
teutat3s
c4374b2142
Merge pull request 'maintenance: update element-web, forgejo, restic and more' () from updates-30-03 into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-02 19:38:20 +00:00
teutat3s
8474bd6411
Merge pull request 'backups: only run restic prune on the last backup' () from backups-prune-only-once into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-02 11:51:06 +00:00
teutat3s
a08003f125
backups: only run restic prune on the last backup 
After this change, only obs-portal backup will prune the repository of
old snapshots. This is the last backup service to run at 06:00 AM UTC.

This should avoid our nightly backups failing because of the exclusive
lock on the restic repo. We currently start the next backup while the
previous one is still pruning, which makes the newly started one fail
with:

repo already locked, waiting up to 0s for the lock
unable to create lock in backend: repository is already locked by PID 228…
 2025-04-02 13:17:22 +02:00
teutat3s
6d88e853c1
matrix-synapse: remove overlay, 1.127.1 reached 24.11 2025-04-02 12:29:45 +02:00
teutat3s
1de4d6bdcf
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/0d8c6ad4a43906d14abd5c60e0ffe7b587b213de' (2025-03-12)
  → 'github:nix-community/disko/f6dbc8952df9e40afafbe38449751bfad12d64f2' (2025-04-01)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07)
  → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02)
  → 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30)
• Updated input 'home-manager':
    'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff' (2025-03-22)
  → 'github:nix-community/home-manager/15c5f9d04fabd176f30286c8f52bbdb2c853a146' (2025-03-31)
• Updated input 'maunium-stickerpicker':
    'github:maunium/stickerpicker/89d3aece041c85ebe5a1ad4e620388af5227cbb0?dir=web' (2024-12-02)
  → 'github:maunium/stickerpicker/4b96d236212b1212976f4c3c60479e7aaed866cb?dir=web' (2025-03-25)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/ebb88c3428dcdd95c06dca4d49b9791a65ab777b' (2025-03-23)
  → 'github:lnl7/nix-darwin/73d59580d01e9b9f957ba749f336a272869c42dd' (2025-04-01)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092' (2025-03-23)
  → 'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4' (2025-04-01)
• Updated input 'unstable':
    'github:nixos/nixpkgs/1e5b653dff12029333a6546c11e108ede13052eb' (2025-03-22)
  → 'github:nixos/nixpkgs/77b584d61ff80b4cef9245829a6f1dfad5afdfa3' (2025-03-31)
 2025-04-02 12:28:51 +02:00
teutat3s
6f195ac05a
Merge pull request 'security: matrix-synapse: update to 1.127.1' () from synapse-security into main 
Reviewed-on:
2025-03-28 14:19:40 +00:00
teutat3s
09efea6e5b
core/networking: convert DNS resolved config to NixOS options 
To help readability. Also added the default config value for DNSSEC
for visibility.
 2025-03-28 14:39:09 +01:00
teutat3s
ae2277aa21
matrix-synapse: pull in 1.127.1 early (security) 
Fixes https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
CVE-2025-30355
 2025-03-28 13:48:24 +01:00
teutat3s
cdf9819b93
Merge pull request 'updates: element-web, forgejo, keycloak, mastodon, matrix-synapse, nextcloud and more' () from updates-23-03 into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-03-25 17:46:03 +00:00
teutat3s
3cf98c1e0e
tests/keycloak: need to start acme-server 2025-03-25 18:39:26 +01:00
teutat3s
b5e6483ca4
garage: update to 1.1.0 2025-03-25 18:39:04 +01:00
teutat3s
f591ea6c65
overlays: remove matrix-authentication-service 
It's now backported to NixOS 24.11.
 2025-03-24 11:17:39 +01:00
teutat3s
e2c7808433
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/19c1140419c4f1cdf88ad4c1cfb6605597628940' (2025-02-25)
  → 'github:nix-community/disko/0d8c6ad4a43906d14abd5c60e0ffe7b587b213de' (2025-03-12)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01)
  → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07)
• Updated input 'flake-parts/nixpkgs-lib':
    '6d37022434.tar.gz?narHash=sha256-3wHafybyRfpUCLoE8M%2BuPVZinImg3xX%2BNm6gEfN3G8I%3D' (2025-03-01)
  → 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02)
• Updated input 'fork':
    'github:teutat3s/nixpkgs/e370f40b129e47b08562524ab4f053a172a94273' (2025-02-06)
  → 'github:teutat3s/nixpkgs/8a43eb74ac149c080d57d8c80d647fef74df84d8' (2025-03-05)
• Updated input 'home-manager':
    'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17)
  → 'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff' (2025-03-22)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/991bb2f6d46fc2ff7990913c173afdb0318314cb' (2025-03-04)
  → 'github:lnl7/nix-darwin/ebb88c3428dcdd95c06dca4d49b9791a65ab777b' (2025-03-23)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347' (2025-03-02)
  → 'github:nixos/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092' (2025-03-23)
• Updated input 'unstable':
    'github:nixos/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246' (2025-03-03)
  → 'github:nixos/nixpkgs/1e5b653dff12029333a6546c11e108ede13052eb' (2025-03-22)
 2025-03-24 11:17:20 +01:00
teutat3s
174d979ccc
Merge pull request 'docs: update deletion request docs' () from update-deletion-request-docs into main 
Reviewed-on: 
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2025-03-13 16:50:56 +00:00
teutat3s
5ecb8efd60
Merge pull request 'nachtigall: additional disks + docs' () from nachtigall-more-disks into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-03-13 16:50:47 +00:00
teutat3s
3caaf00239
Merge pull request 'docs: add systems overview, ZFS quickstart' () from docs-systems-overview into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-03-13 16:46:13 +00:00
b12f
664f7f06cc
docs: update deletion request docs 
* Add note on how to aquire an MAS auth token
* Update matrix cli docs URL
* Explain how to get to the forgejo cli
* Add response template
 2025-03-13 17:45:19 +01:00
teutat3s
6dfcffad4b
docs: add TOC to systems overview 2025-03-11 13:00:09 +01:00
teutat3s
7428c5e125
docs: add systems overview, ZFS quickstart 2025-03-11 12:59:52 +01:00
teutat3s
e8d92cb48f
nachtigall: add additional boot mirrors 2025-03-11 11:39:46 +01:00