21a1ae15cb
trinkgenossin: fix duplicate promtail, prometheus-exporter
2024-09-10 16:02:26 +02:00
19723f3812
monitoring: add prometheus-exporter, promtail to
...
delite, blue-shell
add instance labels to garage scrape jobs
2024-09-10 16:02:26 +02:00
ec5e9896fd
delite: use static IP in initrd, DHCP not working
2024-09-10 16:02:25 +02:00
1ec5bafa30
flora-6: remove
...
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
...
To use a restic repository per host
2024-08-29 16:22:58 +02:00
e2ba1aacf4
mail: add backups to garage bucket + storagebox
...
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
d2389497c2
Merge pull request 'garage: initial cluster' ( #222 ) from garage-cluster into main
...
Reviewed-on: #222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
4626fd85c0
mediawiki: add backups to garage bucket + storagebox
...
Flake checks / Check (pull_request) Successful in 1m56s
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
88b76beb5c
keycloak: use backups module
...
Flake checks / Check (pull_request) Successful in 19m4s
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:09:07 +02:00
e857c6198b
modules/backup: init
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:04:10 +02:00
a0b52d51e5
nachtigall: make postgres wait for zfs mount
...
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
f236962e17
garage: add monitoring, connect to grafana + loki
...
Flake checks / Check (pull_request) Successful in 7m10s
https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
2024-08-25 00:18:09 +02:00
d32abd7a7f
wireguard: add trinkgenossin, delite, blue-shell
2024-08-25 00:13:53 +02:00
15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy
...
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
2024-08-24 21:48:48 +02:00
b0790876ec
style: format using nixfmt-rfc-style
Flake checks / Check (pull_request) Successful in 7m42s
2024-08-24 17:39:49 +02:00
83b7e3e11e
hosts: init blue-shell
2024-08-24 03:02:15 +02:00
4ef9781d10
hosts: init delite
2024-08-24 03:01:46 +02:00
ca8e578b11
hosts: init trinkgenossin
2024-08-24 03:00:01 +02:00
8ce50bb73b
tt-rss: add pub.solar specific configuration
2024-07-17 15:22:58 +02:00
153ef69daf
metronom: enable ZFS auto scrub once per month
Flake checks / Check (pull_request) Successful in 6m28s
2024-06-23 15:16:04 +02:00
af5abfc712
nachtigall: enable ZFS auto scrub once per month
2024-06-23 15:14:30 +02:00
e127c668f6
metronom, tankstelle: cleanup for SSH only via wireguard
2024-06-08 23:52:08 +02:00
6ea916603c
networking: set networking.domain in core module
Flake checks / Check (pull_request) Successful in 4m0s
2024-06-06 19:30:11 +02:00
4350cbf7c4
tankstelle: add promtail, prometheus node-exporter
...
for monitoring, configure wireguard between flora-6 and tankstelle
2024-06-06 12:53:49 +02:00
b93608a8fa
metronom: add promtail, prometheus node-exporter
...
configure wireguard to push logs to and scrape metrics from flora-6
open firewall for node-exporter port on wg-ssh interface
2024-06-06 12:52:55 +02:00
008e14f2d2
mail: add missing NixOS module to metronom
2024-06-06 12:49:58 +02:00
0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH
...
port access to wireguard only
2024-05-31 16:52:04 +02:00
9a9dccf5bb
mail: move NixOS module to modules
2024-05-31 16:52:04 +02:00
c5dfb472f8
style: treefmt
2024-05-31 16:52:04 +02:00
1ca1168d7a
mail: switch to mail.pub.solar
2024-05-31 16:52:04 +02:00
b6f64a1e04
mail: add more @pub.solar mail accounts
2024-05-31 16:52:03 +02:00
af233793fb
initial work on mail
2024-05-31 16:52:01 +02:00
941eff6d87
tankstelle: configure wireguard
Flake checks / Check (pull_request) Successful in 2m30s
2024-05-30 19:17:21 +02:00
5aa1276e85
ci: add nix to PATH
2024-05-30 19:04:40 +02:00
cc70a740a1
ci: run actions runner as normal user
2024-05-30 19:04:40 +02:00
866785ef47
style: format using treefmt
2024-05-30 19:04:40 +02:00
692c152406
gitea-actions-runner: fix PATH in systemd
2024-05-30 19:04:40 +02:00
e71cbfc461
ci: add self-hosted forgejo-actions-runner
...
wip: add git.pub.solar to /etc/hosts
ci: add devshell with Node.js for forgejo actions
ci: add PATH
ci: add HOME
2024-05-30 19:04:13 +02:00
946585d1ca
initial commit of tankstelle
Flake checks / Check (pull_request) Failing after 1m38s
2024-05-29 14:08:59 +02:00
0cb89a9fe8
fix: nachtigall wants keycloak
Flake checks / Check (pull_request) Successful in 3m24s
2024-05-15 19:20:06 +02:00
2ca0bd7c3e
style: run treefmt
Flake checks / Check (pull_request) Successful in 2m36s
2024-05-08 22:57:07 +02:00
68278ad983
refactor: use options for config parts
...
Flake checks / Check (pull_request) Successful in 5m52s
This works towards having reusable modules
* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
This is needed because `config.pub-solar-os.auth` has to be available
everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00
ef94681e11
refactor: Move all apps into modules
Flake checks / Check (pull_request) Successful in 6m5s
2024-04-28 18:07:28 +02:00
10c86c6b20
nachtigall: obs-portal: remove tiles mount
Flake checks / Check (pull_request) Successful in 6m8s
2024-04-28 01:07:49 +02:00
1d6c5003e8
nachtigall: obs-portal: fix dependencies of docker network unit and portal
2024-04-28 01:05:43 +02:00
d280b29394
obs-portal: init obs-portal on nachtigall
...
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md
Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.
The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-27 22:45:07 +02:00
2fa3ccf28e
Revert "matrix-appservice-irc: remove unneeded syscall override"
...
Flake checks / Check (pull_request) Successful in 5m49s
This reverts commit a11255b433
2024-04-27 01:44:20 +02:00
a11255b433
matrix-appservice-irc: remove unneeded syscall override
...
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
2024-04-25 12:37:58 +02:00
fa9ce9d435
gitea-actions-runner: don't run as systemd DynamicUser
...
Flake checks / Check (pull_request) Failing after 4m55s
to enable usage of cache outside of /var/lib/private
2024-04-23 15:42:33 +02:00
9541e5029e
flora-6: move forgejo-runner cache directory to /data
Flake checks / Check (pull_request) Successful in 13m34s
2024-04-23 15:12:11 +02:00
