Commit graph

752 commits

Author SHA1 Message Date
teutat3s 633f0a4402
docs: fix IP for keycloak admin API
All checks were successful
Flake checks / Check (pull_request) Successful in 20m57s
2024-10-23 20:28:55 +02:00
teutat3s 9758aeda5d
garage: fix wildcard DNS cert renewal with wildcard
All checks were successful
Flake checks / Check (pull_request) Successful in 20m13s
CNAME records

By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
2024-10-23 20:18:57 +02:00
teutat3s 2c29d27ce7
style: remove redundant brackets
All checks were successful
Flake checks / Check (pull_request) Successful in 21m41s
2024-10-23 20:18:03 +02:00
teutat3s 31a885926b
trinkgenossin: fix network in initrd, virtio_net
kernel module was missing. Also this is a QEMU host, hyperV is not
required.
2024-10-23 20:17:32 +02:00
teutat3s 0ae6bc637b
Merge pull request 'mastodon: host media files on pub.solar garage cluster' (#239) from mastodon-media-on-garage into main
Reviewed-on: #239
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-23 15:24:28 +00:00
teutat3s 5300f381b0
nginx: use safer request_uri variable
All checks were successful
Flake checks / Check (pull_request) Successful in 21m30s
Fix >> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
2024-10-17 21:15:57 +02:00
teutat3s 8a18ee452b
garage: fix s3_api root_domain 2024-10-17 21:15:57 +02:00
teutat3s 666de2c8f4
mastodon: switch files.pub.solar from storj to garage
s3 backend
2024-10-17 21:15:55 +02:00
teutat3s b1391521b9
Merge pull request 'maintenance: update element-web, keycloak, mastodon, nextcloud' (#240) from flake-updates into main
Reviewed-on: #240
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-17 19:12:37 +00:00
teutat3s 987c0919ca
style: fix formatting
All checks were successful
Flake checks / Check (pull_request) Successful in 27m37s
2024-10-17 20:31:47 +02:00
teutat3s c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
2024-10-17 20:31:47 +02:00
teutat3s 3943f34c92
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
  → 'github:nix-community/disko/d7d57edb72e54891fa67a6f058a46b2bb405663b' (2024-10-16)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
  → 'github:lnl7/nix-darwin/a60ac02f9466f85f092e576fd8364dfc4406b5a6' (2024-10-14)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
  → 'github:nixos/nixpkgs/dc2e0028d274394f73653c7c90cc63edbb696be1' (2024-10-16)
• Updated input 'unstable':
    'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
  → 'github:nixos/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14)
2024-10-17 20:31:17 +02:00
b12f e85807a29b
Merge pull request 'nextcloud: docs how to get debug logs' (#238) from nextcloud-fix-logs into main
Reviewed-on: #238
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-10-16 15:29:26 +00:00
teutat3s c53d48384a
nextcloud: document how to get debugging logs
Some checks failed
Flake checks / Check (pull_request) Has been cancelled
2024-10-16 17:19:49 +02:00
teutat3s 9579f6adde
Merge pull request 'logins: add teutat3s secondary SSH public key' (#237) from teutat3s-add-ssh into main
Reviewed-on: #237
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-08 22:09:53 +00:00
teutat3s 01ca3b21c2
Merge pull request 'mastodon: actually use opensearch via module option' (#236) from mastodon-full-text-search into main
Reviewed-on: #236
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-10-08 21:03:39 +00:00
teutat3s d085e49925
logins: add teutat3s secondary SSH public key
Some checks failed
Flake checks / Check (pull_request) Failing after 6m51s
2024-10-08 19:10:20 +02:00
teutat3s 092a45e3bd
mastodon: actually use opensearch via module option
All checks were successful
Flake checks / Check (pull_request) Successful in 19m43s
2024-10-08 19:09:17 +02:00
teutat3s a8d865bbca
Merge pull request 'maintenance updates for element-web, forgejo, mastodon, matrix-synapse, nextcloud and others' (#235) from flake-updates into main
Reviewed-on: #235
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-10-05 12:30:07 +00:00
teutat3s df2f0d4442
flake: refactor, bye srid
All checks were successful
Flake checks / Check (pull_request) Successful in 24m21s
Refactor flake to work without nixos-flake and use native NixOS module
system. This is because of recent changes to nixos-flake, like renaming it
to nixos-unified and changing the API without a changelog or guide how
to update.
2024-10-05 14:03:40 +02:00
teutat3s 8c8a757f8f
garage: update to 1.0.1
https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.1
2024-10-05 13:03:40 +02:00
teutat3s 8600fc64c5
wireguard: fix trinkgenossin IPv4 address 2024-10-05 13:03:40 +02:00
teutat3s 37f210c96f
security: add libolm to permittedInsecurePackages 2024-10-05 13:03:40 +02:00
teutat3s d675fd8d00
flake.lock: Update
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12)
  → 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76' (2024-09-27)
• Updated input 'disko':
    'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22)
  → 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
  → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'a5d394176e.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01)
  → 'fb192fec7c.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
  → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22)
  → 'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/5734c1d9a5fe0bc8e8beaf389ad6227392ca0108' (2024-07-16)
  → 'github:srid/nixos-flake/47a26bc9118d17500bbe0c4adb5ebc26f776cc36' (2024-10-04)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21)
  → 'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21)
  → 'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
2024-10-05 13:02:20 +02:00
teutat3s 2e5a7bea4b
Merge pull request 'flora-6: remove' (#234) from remove-flora-6-sad-face into main
Reviewed-on: #234
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-09-10 15:58:58 +00:00
b12f 4831430455
chore: run nix fmt
Some checks failed
Flake checks / Check (pull_request) Has been cancelled
2024-09-10 16:02:26 +02:00
teutat3s 663ef8feb1
alerts: fix condition 2024-09-10 16:02:26 +02:00
teutat3s 63fa03e971
alerts.pub.solar: use DNS challenge for cert 2024-09-10 16:02:26 +02:00
teutat3s faa71b7797
alerts: add check for healthy garage cluster 2024-09-10 16:02:26 +02:00
teutat3s 21a1ae15cb
trinkgenossin: fix duplicate promtail, prometheus-exporter 2024-09-10 16:02:26 +02:00
teutat3s 19723f3812
monitoring: add prometheus-exporter, promtail to
delite, blue-shell

add instance labels to garage scrape jobs
2024-09-10 16:02:26 +02:00
teutat3s ec5e9896fd
delite: use static IP in initrd, DHCP not working 2024-09-10 16:02:25 +02:00
teutat3s 47b076e0a6
loki: store logs in /var/lib/loki 2024-09-10 16:02:25 +02:00
teutat3s 02a146c507
dns: switch to opentofu + terraform-backend-git,
use opentofu encrypted state feature

https://opentofu.org/docs/language/state/encryption/#new-project
2024-09-10 16:02:25 +02:00
teutat3s 7e48428fb9
dns: remove old, unused DKIM key
We have our own mailserver now
2024-09-10 16:02:25 +02:00
teutat3s f4f6c14faa
flake: remove triton-vmtools, no longer needed
It was only used on flora-6
2024-09-10 16:02:25 +02:00
b12f 1ec5bafa30
flora-6: remove
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s 02629598aa
Merge pull request 'obs-portal: fix backups, docker command does not need a TTY' (#233) from obs-backup-fix into main
Reviewed-on: #233
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-09-09 15:43:14 +00:00
teutat3s 44f708ec76
obs-portal: run backups 1h later to avoid lock conflict
Some checks failed
Flake checks / Check (pull_request) Has been cancelled
2024-09-09 17:28:57 +02:00
teutat3s cd82b83427
obs-portal: fix backups, docker command does not
All checks were successful
Flake checks / Check (pull_request) Successful in 20m28s
need a TTY
2024-08-31 22:05:11 +02:00
teutat3s 2d94ed5a0d
Merge pull request 'obs-portal: add backups' (#228) from obs-portal-backups into main
Reviewed-on: #228
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:43:10 +00:00
teutat3s 83e4bcd2df
Merge pull request 'mail: add backups' (#226) from mail-backups into main
Reviewed-on: #226
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:39:25 +00:00
teutat3s 09804f5c25
docs: how-to add backups for new hosts
All checks were successful
Flake checks / Check (pull_request) Successful in 3m43s
2024-08-29 16:36:11 +02:00
teutat3s 2eb54a331e
backups: add storagebox to programs.ssh.knownHosts 2024-08-29 16:36:09 +02:00
teutat3s 77b642f646
garage: increase nginx client_body_size to 64m
To make bigger garage uploads work well, avoiding error
HTTP 413 Entity Too Large
2024-08-29 16:24:32 +02:00
teutat3s 2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s e2ba1aacf4
mail: add backups to garage bucket + storagebox
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
teutat3s 27dc20dd04
obs-portal: add backups to garage bucket + storagebox
All checks were successful
Flake checks / Check (pull_request) Successful in 23m21s
Restic backups to garage S3 bucket nachtigall-backups
2024-08-29 10:09:04 +02:00
teutat3s a0fb6a60c3
Merge pull request 'devshell: add terraform-ls' (#227) from terraform-devshell into main
Reviewed-on: #227
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:29 +00:00
teutat3s d2389497c2
Merge pull request 'garage: initial cluster' (#222) from garage-cluster into main
Reviewed-on: #222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00