Commit graph

87 commits

Author SHA1 Message Date
teutat3s 37f210c96f
security: add libolm to permittedInsecurePackages 2024-10-05 13:03:40 +02:00
b12f 4831430455
chore: run nix fmt
Some checks failed
Flake checks / Check (pull_request) Has been cancelled
2024-09-10 16:02:26 +02:00
teutat3s 663ef8feb1
alerts: fix condition 2024-09-10 16:02:26 +02:00
teutat3s 63fa03e971
alerts.pub.solar: use DNS challenge for cert 2024-09-10 16:02:26 +02:00
teutat3s faa71b7797
alerts: add check for healthy garage cluster 2024-09-10 16:02:26 +02:00
teutat3s 19723f3812
monitoring: add prometheus-exporter, promtail to
delite, blue-shell

add instance labels to garage scrape jobs
2024-09-10 16:02:26 +02:00
teutat3s 47b076e0a6
loki: store logs in /var/lib/loki 2024-09-10 16:02:25 +02:00
b12f 1ec5bafa30
flora-6: remove
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s 44f708ec76
obs-portal: run backups 1h later to avoid lock conflict
Some checks failed
Flake checks / Check (pull_request) Has been cancelled
2024-09-09 17:28:57 +02:00
teutat3s cd82b83427
obs-portal: fix backups, docker command does not
All checks were successful
Flake checks / Check (pull_request) Successful in 20m28s
need a TTY
2024-08-31 22:05:11 +02:00
teutat3s 2d94ed5a0d
Merge pull request 'obs-portal: add backups' (#228) from obs-portal-backups into main
Reviewed-on: #228
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-31 19:43:10 +00:00
teutat3s 2eb54a331e
backups: add storagebox to programs.ssh.knownHosts 2024-08-29 16:36:09 +02:00
teutat3s 77b642f646
garage: increase nginx client_body_size to 64m
To make bigger garage uploads work well, avoiding error
HTTP 413 Entity Too Large
2024-08-29 16:24:32 +02:00
teutat3s 2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s e2ba1aacf4
mail: add backups to garage bucket + storagebox
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
teutat3s 27dc20dd04
obs-portal: add backups to garage bucket + storagebox
All checks were successful
Flake checks / Check (pull_request) Successful in 23m21s
Restic backups to garage S3 bucket nachtigall-backups
2024-08-29 10:09:04 +02:00
teutat3s d2389497c2
Merge pull request 'garage: initial cluster' (#222) from garage-cluster into main
Reviewed-on: #222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
teutat3s 4626fd85c0
mediawiki: add backups to garage bucket + storagebox
All checks were successful
Flake checks / Check (pull_request) Successful in 1m56s
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
teutat3s c0a3d90d63
backups: add environmentFile option 2024-08-28 17:13:34 +02:00
teutat3s 1d92ef53ca
backups: storeName -> repoName 2024-08-28 17:13:33 +02:00
teutat3s 751d82f7e3
backups: rename pub-solar-os.backups.backups -> pub-solar-os.backups.restic 2024-08-28 17:12:22 +02:00
teutat3s 88b76beb5c
keycloak: use backups module
All checks were successful
Flake checks / Check (pull_request) Successful in 19m4s
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:09:07 +02:00
teutat3s e857c6198b
modules/backup: init
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:04:10 +02:00
teutat3s 998cf4c63d
website: force HTTPS
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:03:43 +02:00
teutat3s a0b52d51e5
nachtigall: make postgres wait for zfs mount
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
teutat3s 701c62dd69
tests: create keycloak test, add working test for website
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 09:55:25 +02:00
teutat3s f236962e17
garage: add monitoring, connect to grafana + loki
All checks were successful
Flake checks / Check (pull_request) Successful in 7m10s
https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
2024-08-25 00:18:09 +02:00
teutat3s 15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
2024-08-24 21:48:48 +02:00
teutat3s 25827a97d3
modules: add unlock-luks-on-boot 2024-08-24 03:05:28 +02:00
teutat3s 4a3d3ce84b
garage: init module 2024-08-24 03:05:16 +02:00
teutat3s 7f2bfd923f
loki: move data dir to /data disk with more room
All checks were successful
Flake checks / Check (pull_request) Successful in 4m33s
2024-08-07 10:19:53 +02:00
teutat3s 79679720ff
tt-rss: lint with treefmt
All checks were successful
Flake checks / Check (pull_request) Successful in 7m11s
2024-07-18 17:49:29 +02:00
teutat3s 0fc0c6d595
tt-rss: use git.tt-rss.org instead of gitlab
gitlab repo was throwing HTTP 500 errors
2024-07-18 17:35:05 +02:00
Benjamin Yule Bädorf 13c381ff3d
rss: fix auth build, fix nginx group rights, log to stdout
Some checks failed
Flake checks / Check (pull_request) Failing after 1m12s
2024-07-17 18:50:06 +02:00
Benjamin Yule Bädorf 68be6b9303
tt-rss: fix secret paths, add plugin sha 2024-07-17 15:22:59 +02:00
Benjamin Yule Bädorf cf830a9770
tt-rss: module init 2024-07-17 15:22:57 +02:00
teutat3s 26e96dfac5
mediawiki: update to v1.42.1 2024-07-15 18:51:10 +02:00
teutat3s 7ce66f38fc
grafana: update dashboard json, select nachtigall by default
All checks were successful
Flake checks / Check (pull_request) Successful in 5m37s
2024-07-02 19:04:52 +02:00
teutat3s 2ebe4bd109
loki: fix invalid config max_look_back_period,
All checks were successful
Flake checks / Check (pull_request) Successful in 14m21s
seems no longer used in loki 3
2024-06-23 15:19:20 +02:00
teutat3s bc9ac6011e
flake: update to NixOS 24.05
Fix warnings:
trace: warning: The option `services.nextcloud.extraOptions' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings'.
trace: warning: The option `services.nextcloud.skeletonDirectory' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.skeletondirectory'.
trace: warning: The option `services.nextcloud.config.overwriteProtocol' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.overwriteprotocol'.
trace: warning: The option `services.matrix-synapse.sliding-sync' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.matrix' has been renamed to `services.matrix-sliding-sync'.

Fix errors:
loki: fix config for version 3+
keycloak: declarative-user-profile feature is now enabled by default

error: A definition for option `programs.gnupg.agent.pinentryPackage' is not of type `null or package'. Definition values:
- In `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.forgejo': "curses"
2024-06-23 15:19:18 +02:00
teutat3s 99f84268e7
nextcloud: fine tune for performance, following
All checks were successful
Flake checks / Check (pull_request) Successful in 4m1s
https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html
2024-06-23 15:01:37 +02:00
teutat3s f38aa289ea
matrix-synapse: enable more useful logging 2024-06-23 15:00:40 +02:00
teutat3s d21ae91c3e
postgresql: tune
All checks were successful
Flake checks / Check (pull_request) Successful in 13m50s
2024-06-22 16:42:38 +02:00
teutat3s e2691988bf
nextcloud: use port 465 and TLS/SSL for mail transfer
All checks were successful
Flake checks / Check (pull_request) Successful in 3m56s
2024-06-08 23:54:05 +02:00
teutat3s d3fedd84e9
loki: tune settings, enable cache 2024-06-08 23:53:43 +02:00
teutat3s 6ea916603c
networking: set networking.domain in core module
All checks were successful
Flake checks / Check (pull_request) Successful in 4m0s
2024-06-06 19:30:11 +02:00
teutat3s bae41b07a8
promtail: use hostName to set label 2024-06-06 19:29:42 +02:00
teutat3s eaed05c834
style: apply treefmt
All checks were successful
Flake checks / Check (pull_request) Successful in 4m41s
2024-06-06 12:56:55 +02:00
teutat3s 4350cbf7c4
tankstelle: add promtail, prometheus node-exporter
for monitoring, configure wireguard between flora-6 and tankstelle
2024-06-06 12:53:49 +02:00
teutat3s b93608a8fa
metronom: add promtail, prometheus node-exporter
configure wireguard to push logs to and scrape metrics from flora-6

open firewall for node-exporter port on wg-ssh interface
2024-06-06 12:52:55 +02:00