Commit graph

31 commits

Author SHA1 Message Date
teutat3s 6519d2c395
mail(treewide): update mail.greenbaum.zone -> mail.pub.solar 2024-05-30 19:19:40 +02:00
teutat3s 941eff6d87
tankstelle: configure wireguard
All checks were successful
Flake checks / Check (pull_request) Successful in 2m30s
2024-05-30 19:17:21 +02:00
teutat3s e71cbfc461
ci: add self-hosted forgejo-actions-runner
wip: add git.pub.solar to /etc/hosts

ci: add devshell with Node.js for forgejo actions

ci: add PATH

ci: add HOME
2024-05-30 19:04:13 +02:00
teutat3s 1235a4f878
Merge pull request 'style: avoid usage of top-level "with lib;"' (#195) from style-avoid-top-level-lib into main
Reviewed-on: #195
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-05-27 10:03:43 +00:00
teutat3s 708cf947de
backups: remove droppie
All checks were successful
Flake checks / Check (pull_request) Successful in 3m22s
There were no backups to droppie since December 2023. We can always add
it back, if desired.
2024-05-19 15:31:20 +02:00
teutat3s c015a1ec2e
style: avoid usage of top-level "with lib";
All checks were successful
Flake checks / Check (pull_request) Successful in 3m2s
See: https://github.com/NixOS/nixpkgs/issues/208242
2024-05-19 15:27:19 +02:00
teutat3s 67b9b84e01
backups: reduce chances for lock race
All checks were successful
Flake checks / Check (pull_request) Successful in 2m16s
Start one backup per hour each night
2024-05-15 21:00:41 +02:00
teutat3s e52324209f
alertmanager: fix SMTP secret
All checks were successful
Flake checks / Check (pull_request) Successful in 2m17s
2024-05-15 17:15:46 +02:00
teutat3s bd4241e71d
caddy: use alerts.pub.solar domain for vhost
All checks were successful
Flake checks / Check (pull_request) Successful in 20m47s
2024-05-15 16:17:54 +02:00
teutat3s d1a68a7c13
secrets: fix too open permissions 2024-05-15 16:01:44 +02:00
teutat3s 9245fa6797
alertmanager: finalize init 2024-05-15 16:01:44 +02:00
teutat3s a8a8155114
style: treefmt with nixfmt-rfc-style 2024-05-15 16:01:44 +02:00
Pablo Ovelleiro Corral 11f5557a7a
Add reverseproxy for alerts.pub.solar
Co-authored-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-05-15 16:01:43 +02:00
Pablo Ovelleiro Corral 7e2bcfc5cf
Add alertmanager config 2024-05-15 16:01:42 +02:00
teutat3s 2ca0bd7c3e
style: run treefmt
All checks were successful
Flake checks / Check (pull_request) Successful in 2m36s
2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf 68278ad983
refactor: use options for config parts
All checks were successful
Flake checks / Check (pull_request) Successful in 5m52s
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00
teutat3s ff9703e542
matrix: init stickerpicker
All checks were successful
Flake checks / Check (pull_request) Successful in 12m57s
2024-05-07 17:47:55 +02:00
teutat3s c738f2d41f
modules: remove leftover apps dir
All checks were successful
Flake checks / Check (pull_request) Successful in 18m22s
2024-04-30 00:57:46 +02:00
Pablo Ovelleiro Corral 512ab12de1
Put modules into uniform folders
All checks were successful
Flake checks / Check (pull_request) Successful in 6m2s
2024-04-28 19:17:09 +02:00
Benjamin Yule Bädorf ef94681e11
refactor: Move all apps into modules
All checks were successful
Flake checks / Check (pull_request) Successful in 6m5s
2024-04-28 18:07:28 +02:00
teutat3s 8743ea7b0c
networking: add wireguard hosts to /etc/hosts
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 19:54:09 +00:00
Benjamin Yule Bädorf b1519c8f22
ssh: only allow ssh on wireguard interface
All checks were successful
Flake checks / Check (pull_request) Successful in 8m16s
2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
teutat3s 815033c764
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s 38a6e5e084
fix: add nix registry setting to speed up ad-hoc flake
All checks were successful
Flake checks / Check (pull_request) Successful in 17m44s
usage, e.g. via nix shell nixpkgs#<flake-name>
2023-11-16 22:05:04 +01:00
b12f f5185e5c15
feat: add mediawiki
Some checks reported warnings
Flake checks / Check (pull_request) Has been cancelled
Co-authored-by: @teutat3s <teutates@mailbox.org>
2023-11-15 21:40:29 +01:00
teutat3s d5922ff2b8
fix: disable DNSSEC for now because of an issue in
All checks were successful
Flake checks / Check (pull_request) Successful in 16m35s
systemd https://github.com/systemd/systemd/issues/10579

Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone

❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone

; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A

;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82

;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE  rcvd: 121
2023-11-15 18:54:32 +00:00
teutat3s 9c1d19d49f
nachtigall: move SSH private key from user to host 2023-11-15 18:54:32 +00:00
teutat3s 7be3567e6d
flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
Benjamin Bädorf 20fbcbb571
fix: two typos 2023-11-06 21:07:24 +00:00
Benjamin Bädorf e8ad662631
refactor: change file structure to use modules dir
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00