teutat3s
6519d2c395
mail(treewide): update mail.greenbaum.zone -> mail.pub.solar
2024-05-30 19:19:40 +02:00
teutat3s
941eff6d87
tankstelle: configure wireguard
Flake checks / Check (pull_request) Successful in 2m30s
2024-05-30 19:17:21 +02:00
teutat3s
e71cbfc461
ci: add self-hosted forgejo-actions-runner
...
wip: add git.pub.solar to /etc/hosts
ci: add devshell with Node.js for forgejo actions
ci: add PATH
ci: add HOME
2024-05-30 19:04:13 +02:00
teutat3s
1235a4f878
Merge pull request 'style: avoid usage of top-level "with lib;"' ( #195 ) from style-avoid-top-level-lib into main
...
Reviewed-on: #195
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-27 10:03:43 +00:00
teutat3s
708cf947de
backups: remove droppie
...
Flake checks / Check (pull_request) Successful in 3m22s
There were no backups to droppie since December 2023. We can always add
it back, if desired.
2024-05-19 15:31:20 +02:00
teutat3s
c015a1ec2e
style: avoid usage of top-level "with lib";
...
Flake checks / Check (pull_request) Successful in 3m2s
See: https://github.com/NixOS/nixpkgs/issues/208242
2024-05-19 15:27:19 +02:00
teutat3s
67b9b84e01
backups: reduce chances for lock race
...
Flake checks / Check (pull_request) Successful in 2m16s
Start one backup per hour each night
2024-05-15 21:00:41 +02:00
teutat3s
e52324209f
alertmanager: fix SMTP secret
Flake checks / Check (pull_request) Successful in 2m17s
2024-05-15 17:15:46 +02:00
teutat3s
bd4241e71d
caddy: use alerts.pub.solar domain for vhost
Flake checks / Check (pull_request) Successful in 20m47s
2024-05-15 16:17:54 +02:00
teutat3s
d1a68a7c13
secrets: fix too open permissions
2024-05-15 16:01:44 +02:00
teutat3s
9245fa6797
alertmanager: finalize init
2024-05-15 16:01:44 +02:00
teutat3s
a8a8155114
style: treefmt with nixfmt-rfc-style
2024-05-15 16:01:44 +02:00
Pablo Ovelleiro Corral
11f5557a7a
Add reverseproxy for alerts.pub.solar
...
Co-authored-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-15 16:01:43 +02:00
Pablo Ovelleiro Corral
7e2bcfc5cf
Add alertmanager config
2024-05-15 16:01:42 +02:00
teutat3s
2ca0bd7c3e
style: run treefmt
Flake checks / Check (pull_request) Successful in 2m36s
2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf
68278ad983
refactor: use options for config parts
...
Flake checks / Check (pull_request) Successful in 5m52s
This works towards having reusable modules
* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
This is needed because `config.pub-solar-os.auth` has to be available
everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00
teutat3s
ff9703e542
matrix: init stickerpicker
Flake checks / Check (pull_request) Successful in 12m57s
2024-05-07 17:47:55 +02:00
teutat3s
c738f2d41f
modules: remove leftover apps dir
Flake checks / Check (pull_request) Successful in 18m22s
2024-04-30 00:57:46 +02:00
Pablo Ovelleiro Corral
512ab12de1
Put modules into uniform folders
Flake checks / Check (pull_request) Successful in 6m2s
2024-04-28 19:17:09 +02:00
Benjamin Yule Bädorf
ef94681e11
refactor: Move all apps into modules
Flake checks / Check (pull_request) Successful in 6m5s
2024-04-28 18:07:28 +02:00
teutat3s
8743ea7b0c
networking: add wireguard hosts to /etc/hosts
...
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 19:54:09 +00:00
Benjamin Yule Bädorf
b1519c8f22
ssh: only allow ssh on wireguard interface
Flake checks / Check (pull_request) Successful in 8m16s
2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf
eacf60974c
wireguard: initial commit
2024-04-05 11:09:31 +00:00
teutat3s
815033c764
treewide: apply nixpkgs-fmt
...
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s
38a6e5e084
fix: add nix registry setting to speed up ad-hoc flake
...
Flake checks / Check (pull_request) Successful in 17m44s
usage, e.g. via nix shell nixpkgs#<flake-name>
2023-11-16 22:05:04 +01:00
b12f
f5185e5c15
feat: add mediawiki
...
Flake checks / Check (pull_request) Has been cancelled
Co-authored-by: @teutat3s <teutates@mailbox.org>
2023-11-15 21:40:29 +01:00
teutat3s
d5922ff2b8
fix: disable DNSSEC for now because of an issue in
...
Flake checks / Check (pull_request) Successful in 16m35s
systemd https://github.com/systemd/systemd/issues/10579
Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone
❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A
;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82
;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE rcvd: 121
2023-11-15 18:54:32 +00:00
teutat3s
9c1d19d49f
nachtigall: move SSH private key from user to host
2023-11-15 18:54:32 +00:00
teutat3s
7be3567e6d
flora-6: refactor to use flake.parts
2023-11-15 18:54:32 +00:00
Benjamin Bädorf
20fbcbb571
fix: two typos
2023-11-06 21:07:24 +00:00
Benjamin Bädorf
e8ad662631
refactor: change file structure to use modules dir
...
This commit changes the file structure around, so that we have the
following parts:
`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.
This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00