Commit graph

285 commits

Author SHA1 Message Date
teutat3s 2ca0bd7c3e
style: run treefmt
All checks were successful
Flake checks / Check (pull_request) Successful in 2m36s
2024-05-08 22:57:07 +02:00
Benjamin Yule Bädorf 68278ad983
refactor: use options for config parts
All checks were successful
Flake checks / Check (pull_request) Successful in 5m52s
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00
Benjamin Yule Bädorf ef94681e11
refactor: Move all apps into modules
All checks were successful
Flake checks / Check (pull_request) Successful in 6m5s
2024-04-28 18:07:28 +02:00
Hendrik Sokolowski 10c86c6b20
nachtigall: obs-portal: remove tiles mount
All checks were successful
Flake checks / Check (pull_request) Successful in 6m8s
2024-04-28 01:07:49 +02:00
Hendrik Sokolowski 1d6c5003e8
nachtigall: obs-portal: fix dependencies of docker network unit and portal 2024-04-28 01:05:43 +02:00
Benjamin Yule Bädorf d280b29394
obs-portal: init obs-portal on nachtigall
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md

Unfortunately, the postgres database needs to have postgis enabled, so
we'll have to start a second instance. To stay close to the official
deployment instructions, this is running in docker.

The secrets were taken from the old installation instance. During
initial installation, we'll need to import data from the old instance
into this one, which might take a while.
2024-04-27 22:45:07 +02:00
teutat3s 2fa3ccf28e
Revert "matrix-appservice-irc: remove unneeded syscall override"
All checks were successful
Flake checks / Check (pull_request) Successful in 5m49s
This reverts commit a11255b433.
2024-04-27 01:44:20 +02:00
teutat3s a11255b433
matrix-appservice-irc: remove unneeded syscall override
PR was merged and backported:
https://github.com/NixOS/nixpkgs/pull/271740
2024-04-25 12:37:58 +02:00
teutat3s fa9ce9d435
gitea-actions-runner: don't run as systemd DynamicUser
Some checks failed
Flake checks / Check (pull_request) Failing after 4m55s
to enable usage of cache outside of /var/lib/private
2024-04-23 15:42:33 +02:00
teutat3s 9541e5029e
flora-6: move forgejo-runner cache directory to /data
All checks were successful
Flake checks / Check (pull_request) Successful in 13m34s
2024-04-23 15:12:11 +02:00
teutat3s c86e22b292
ci: update forgejo-runner to version 3.4.1
https://github.com/NixOS/nixpkgs/pull/301383
2024-04-23 00:38:53 +02:00
Hendrik Sokolowski a9411d05a8
set pruneOpts for restic backups to daily 7, weekly 4, monthly 3
All checks were successful
Flake checks / Check (pull_request) Successful in 12m5s
2024-04-22 20:06:49 +02:00
teutat3s c07d24f6a7
flora-6: add wg-ssh to ignored interfaces
All checks were successful
Flake checks / Check (pull_request) Successful in 21m7s
for systemd-wait-online to start successfully
2024-04-14 23:22:53 +02:00
teutat3s c768203bed
nginx: set worker_processes to number of CPU cores
All checks were successful
Flake checks / Check (pull_request) Successful in 12m4s
and set worker_connections to 1024

https://nginx.org/en/docs/ngx_core_module.html#worker_processes
https://nginx.org/en/docs/ngx_core_module.html#worker_connections
2024-04-14 17:39:56 +02:00
teutat3s b6a54efd9a
fix: add comment with hostnames to wireguard peers
All checks were successful
Flake checks / Check (pull_request) Successful in 12m31s
2024-04-12 22:36:17 +02:00
Benjamin Yule Bädorf 7e145040cc
wireguard: use IP addresses for wireguard endpoints
All checks were successful
Flake checks / Check (pull_request) Successful in 13m14s
Otherwise the hostnames written to the /etc/hosts file are already
pointing at the wireguard IP-addresses, so they can never connect.
2024-04-12 22:31:28 +02:00
teutat3s 8743ea7b0c
networking: add wireguard hosts to /etc/hosts
Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 19:54:09 +00:00
Benjamin Yule Bädorf 316ba9ef53
forgejo: also reroute ssh traffic for ipv6 2024-04-12 19:38:15 +00:00
teutat3s afca75441c
Merge pull request 'forgejo: enable repo search (indexer), save login cookie for 365 days' (#142) from feat/forgejo-enable-search into main
Reviewed-on: #142
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:42 +00:00
teutat3s 9698c47530
Merge pull request 'mastodon: clean media older than 7 days' (#143) from mastodon/auto-clean-7-days into main
Reviewed-on: #143
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-06 16:07:34 +00:00
teutat3s 41e4d3427c
mastodon: clean media older than 7 days
All checks were successful
Flake checks / Check (pull_request) Successful in 8m3s
Currently we keep everything for 30 days, which is about 180GB
2024-04-05 23:50:04 +02:00
teutat3s c5159dd66d
forgejo: enable repo search (indexer), save login
All checks were successful
Flake checks / Check (pull_request) Successful in 7m54s
cookie for 365 days instead of default 7 days.
Caveat for the repo indexer is that repository size on disk will grow
by factor of 6. Forgejo repositories currently use 4.7GB on disk, with
3.3GB being a nixpkgs fork.
2024-04-05 23:29:49 +02:00
Benjamin Yule Bädorf 16c6aa3b61
forgejo: make SSH keys declarative 2024-04-05 19:35:55 +00:00
teutat3s 315cbf5813
Merge pull request 'fix(nextcloud): define a maintenance window' (#135) from chore/nextcloud-config-maintenance-window into main
Reviewed-on: #135
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 18:41:17 +00:00
Hendrik Sokolowski b6b8d69852
nachtigall: forgejo: update firewall settings
All checks were successful
Flake checks / Check (pull_request) Successful in 8m11s
2024-04-05 18:39:43 +02:00
Benjamin Yule Bädorf e618b9f9c2
forgejo: use iptables routing instead of ssh patch
All checks were successful
Flake checks / Check (pull_request) Successful in 8m18s
2024-04-05 17:00:28 +02:00
Benjamin Yule Bädorf d7c9333ff4
forgejo: allow multiple host addresses for SSH
All checks were successful
Flake checks / Check (pull_request) Successful in 9m1s
2024-04-05 14:26:56 +00:00
teutat3s 18a62b8d35
fix(nextcloud): define a maintenance window for
All checks were successful
Flake checks / Check (pull_request) Successful in 4m39s
resource intensive background jobs. Docs:
https://docs.nextcloud.com/server/28/admin_manual/configuration_server/background_jobs_configuration.html

> A value of 1 e.g. will only run these background jobs between 01:00am
UTC and 05:00am UTC
2024-04-05 16:23:16 +02:00
Benjamin Yule Bädorf f7eaef0d18
wireguard: fix flora-6 address and private key
Reviewed-on: #129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
2024-04-05 11:26:38 +00:00
Benjamin Yule Bädorf 621e9336ed
wireguard: add basic keys 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
Benjamin Yule Bädorf 9433a8aea7
mediawiki: update to v1.41.1
All checks were successful
Flake checks / Check (pull_request) Successful in 7m58s
2024-03-30 00:10:09 +01:00
b12f 6aea728583
Merge branch 'main' into feat/security-txt
All checks were successful
Flake checks / Check (pull_request) Successful in 7m4s
2024-03-25 15:38:30 +00:00
Benjamin Yule Bädorf b9cffad02a
matrix: set forgotten_room_retention_period to 7d
All checks were successful
Flake checks / Check (pull_request) Successful in 7m4s
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.

The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.

https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
2024-03-24 18:24:30 +01:00
Benjamin Yule Bädorf 2bb2247716
website: add security.txt
All checks were successful
Flake checks / Check (pull_request) Successful in 6m58s
Ref: pub-solar/legal#11
2024-03-23 11:07:04 +01:00
teutat3s 45e91d7ef1
fix: drone port should bind to localhost
All checks were successful
Flake checks / Check (pull_request) Successful in 18m12s
2024-03-21 10:44:40 +01:00
teutat3s c49ffb2d5b
fix: nginx duplicate default server
All checks were successful
Flake checks / Check (pull_request) Successful in 4m53s
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
2024-02-25 23:02:00 +01:00
Benjamin Yule Bädorf de04556191
nginx/miom: disable logging
All checks were successful
Flake checks / Check (pull_request) Successful in 4m42s
2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 0e89b7f210
nginx/miom: init miom.space website
This adds an nginx configuration for https://miom.space/. MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.

This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.

On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
2024-02-25 21:41:06 +00:00
Benjamin Yule Bädorf 24b77b6de5
nginx/pub.solar: disable logging for homepage
All checks were successful
Flake checks / Check (pull_request) Successful in 4m45s
2024-02-25 18:51:24 +01:00
teutat3s 842ec945f4
forgejo: appName option has been renamed
All checks were successful
Flake checks / Check (pull_request) Successful in 10m14s
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
2024-02-07 19:02:04 +01:00
teutat3s d67190d175
feat: init tmate-ssh-server
https://tmate.io
2024-02-07 19:01:36 +01:00
teutat3s f43ba01ee6
feat: use forgejo NixOS module with gitea user
All checks were successful
Flake checks / Check (pull_request) Successful in 7m50s
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
2024-02-06 12:19:45 +01:00
teutat3s 4ce188edec
metrics(matrix-synapse): enable internal MAU metrics
All checks were successful
Flake checks / Check (pull_request) Successful in 7m55s
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#mau_stats_only
2024-02-01 15:51:55 +01:00
teutat3s 62c248348a
Merge pull request 'feat(grafana): add synapse dashboard' (#106) from feat/grafana-synapse-dashboard into main
Reviewed-on: #106
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-01 10:31:43 +00:00
teutat3s 031bab4a4e
fix(nextcloud): interned_strings_buffer should be
All checks were successful
Flake checks / Check (pull_request) Successful in 8m39s
powers of 2
2024-02-01 11:21:10 +01:00
teutat3s 33d80dc558
feat(grafana): add synapse dashboard
All checks were successful
Flake checks / Check (pull_request) Successful in 8m6s
Source:
https://github.com/element-hq/synapse/blob/master/contrib/grafana/synapse.json
2024-01-30 20:00:41 +01:00
teutat3s 576ceb6875
fix(matrix-synapse): mail hostname, missing tls
All checks were successful
Flake checks / Check (pull_request) Successful in 21m21s
setting on metrics listener
2024-01-30 19:42:48 +01:00
teutat3s 69b976607f
fix(matrix-synapse): make sure to find element in
All checks were successful
Flake checks / Check (pull_request) Successful in 8m33s
list of config.services.matrix-synapse.settings.listeners that sets
type = "metrics" instead of just using the first element in the list
2024-01-29 00:44:53 +01:00
teutat3s 62429bca08
fix(matrix-synapse): make sure to find element in
list of config.services.matrix-synapse.settings.listeners.*.resources
that sets names = "client" instead of just using the first element in the list of listeners
2024-01-29 00:44:53 +01:00
teutat3s 3cfdd9d20a
refactor(matrix-synapse): get first listener port 2024-01-29 00:44:52 +01:00
teutat3s 2f75ae7e62
feat(matrix-synapse): enable metrics
Following:
https://github.com/matrix-org/synapse/blob/develop/docs/metrics-howto.md
2024-01-29 00:44:13 +01:00
teutat3s 815033c764
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s b3b3725c9f
feat: php opcache tuning for nextcloud
All checks were successful
Flake checks / Check (pull_request) Successful in 9m19s
https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#:~:text=opcache.jit%20%3D%201255%20opcache.jit_buffer_size%20%3D%20128m
2024-01-25 20:19:32 +01:00
teutat3s be668fbb17
fix: nextcloud likes interned strings buffer > 8
All checks were successful
Flake checks / Check (pull_request) Successful in 19m28s
7cf6f51516 made a wrong assumption
2024-01-23 22:18:58 +01:00
teutat3s ffdf55993f
fix(nginx): [warn] could not build optimal proxy_headers_hash
All checks were successful
Flake checks / Check (pull_request) Successful in 10m14s
nginx: [warn] could not build optimal proxy_headers_hash, you should
increase either proxy_headers_hash_max_size: 2048 or
proxy_headers_hash_bucket_size: 64; ignoring
proxy_headers_hash_bucket_size
2024-01-17 15:16:06 +01:00
teutat3s 94ae6c9302
fix(mastodon): use working unix sockets for streaming api
All checks were successful
Flake checks / Check (pull_request) Successful in 10m35s
The streaming API is currently unusable because we still pass traffic
to the old unix socket path.
Since c82195d9e8 (diff-157b1ef68573bbec951d6e551513a555e2d1ca7a161a68f1978b11d39a0bef1eR789-R803)
there are multiple unix sockets involved.
2024-01-17 10:32:03 +01:00
teutat3s 5590b5b1b3
fix: remove QuickInstantCommons extension
All checks were successful
Flake checks / Check (pull_request) Successful in 4m34s
Docker image updated in 529554b4d1

Seems currently broken:
https://wiki.pub.solar/index.php/Special:RecentChanges with the
extension enabled throws:

Internal error LogicException: Backend with name 'wikimediacommons-backend' already registered.
2024-01-08 21:53:14 +01:00
teutat3s 8d06c61d2f
fix: remove duplicate wgLogo setting
All checks were successful
Flake checks / Check (pull_request) Successful in 4m39s
2024-01-08 17:56:48 +01:00
teutat3s 1d018ade9b
feat: enable InstantCommons
https://www.mediawiki.org/wiki/InstantCommons
https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#InstantCommons
2024-01-08 17:56:33 +01:00
teutat3s 05f7dbe262
feat: enable wgUseInstantCommons
https://commons.wikimedia.org/wiki/Commons:Reusing_content_outside_Wikimedia/technical#InstantCommons
2024-01-08 17:42:57 +01:00
teutat3s a7f98c2d45
fix: ensure mediawiki logo survives updates
All checks were successful
Flake checks / Check (pull_request) Successful in 4m28s
2024-01-08 14:35:43 +01:00
teutat3s a59e9cb6ea
feat: update mediawiki to 1.41.0, enable extension
All checks were successful
Flake checks / Check (pull_request) Successful in 4m38s
TemplateStyles

https://gerrit.wikimedia.org/g/mediawiki/core/%2B/REL1_41/RELEASE-NOTES-1.41
2024-01-08 14:14:34 +01:00
teutat3s f2217a1409
feat: shutdown freenode IRC bridge, use shorter
All checks were successful
Flake checks / Check (pull_request) Successful in 4m39s
IRC aliases, use nixos matrix-synapse service config for homeserver port
2024-01-07 20:15:16 +01:00
Hendrik Sokolowski 0fe02a9f73
fix uploads path eventually (#92)
yeah yeah

Reviewed-on: #92
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de>
Co-committed-by: Hendrik Sokolowski <hensoko@gssws.de>
2024-01-07 16:18:43 +00:00
Hendrik Sokolowski b37ad608a4
update mediawiki config (#91)
* disable logging to /dev/stderr
* fix upload path

Reviewed-on: #91
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de>
Co-committed-by: Hendrik Sokolowski <hensoko@gssws.de>
2024-01-07 15:44:21 +00:00
teutat3s 7e8f3c8cf5
fix: update forgejo-actions-runner token, use
docker image from https://git.pub.solar/pub-solar/actions-base-image
2023-12-29 19:26:43 +01:00
teutat3s afca5c3735
chore: bump Nextcloud to version 28
All checks were successful
Flake checks / Check (pull_request) Successful in 18m24s
2023-12-28 17:38:41 +01:00
teutat3s a310b414f7
fix: update well-known for sliding-sync
Some checks failed
Flake checks / Check (pull_request) Failing after 50m5s
2023-12-16 14:57:36 +01:00
teutat3s 768d4c78bc
fix: use nginx locations recommended by upstream
https://github.com/matrix-org/sliding-sync#same-hostname
2023-12-16 14:48:08 +01:00
teutat3s 14fa3fdec2
feat(matrix): enable sliding-sync
All checks were successful
Flake checks / Check (pull_request) Successful in 16m25s
Sliding Sync is an implementation of MSC3575 and a prerequisite for
running the new (still beta) Element X clients (Element X iOS and
Element X Android).

https://github.com/matrix-org/sliding-sync
https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md
2023-12-16 13:53:34 +01:00
teutat3s d734adce58
fix: new Greenbaum mail server is mail.greenbaum.zone
All checks were successful
Flake checks / Check (pull_request) Successful in 4m12s
2023-12-13 20:45:35 +01:00
teutat3s e3d4f61a42
feat(nachtigall): send logs to loki, https+basic auth
All checks were successful
Flake checks / Check (pull_request) Successful in 4m5s
Use caddy as reverse proxy for loki on flora-6, add basic auth

Add promtail to nachtigall, push logs to flora-6
2023-12-13 19:18:56 +01:00
teutat3s 10bb3295de
fix: grafana editor role is unused for now
All checks were successful
Flake checks / Check (pull_request) Successful in 4m21s
2023-12-13 17:52:01 +01:00
teutat3s e8cf4dceb0
fix(flora-6): allow traffic from br-+ interfaces 2023-12-13 17:51:34 +01:00
teutat3s 1b9a6bb0c2
fix: don't ignore interfaces that can change 2023-12-13 02:12:12 +01:00
teutat3s 219b67df20
fix: add 4 logs retention for loki 2023-12-13 02:12:12 +01:00
teutat3s 6c1fa290e8
feat(prometheus): add job to scrape nachtigall.pub.solar 2023-12-13 02:12:12 +01:00
teutat3s d5b59ea18a
feat(prometheus): add node-exporter to nachtigall,
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
2023-12-13 02:12:11 +01:00
teutat3s fdda65eea9
feat: init loki 2023-12-13 02:12:11 +01:00
teutat3s 0e290f080e
feat(grafana): provision node-exporter dashboard 2023-12-13 02:12:11 +01:00
teutat3s 6b15d72d85
fix: systemd-networkd-wait-online timing out 2023-12-13 02:12:11 +01:00
teutat3s 2f7eccc970
fix: grafana root_url needs https://, role mapping 2023-12-13 02:12:11 +01:00
teutat3s 8dc908aabd
feat(flora-6): init grafana + prometheus on
grafana.pub.solar
2023-12-13 02:12:10 +01:00
teutat3s 6bfeb835c2
fix: type INI atom (null, bool, int, float or string)
All checks were successful
Flake checks / Check (pull_request) Successful in 18m0s
option `services.gitea.settings.webhook.ALLOWED_HOST_LIST' is not of
type `INI atom (null, bool, int, float or string)'
2023-12-08 17:37:28 +01:00
Benjamin Bädorf 97a592a53e
forgejo: allow webhooks to all pub.solar subdomains
Some checks failed
Flake checks / Check (pull_request) Failing after 1m54s
This should fix the following error that was occuring while trying to post
notices to matrix channels:

```
Delivery: Put "https://matrix.pub.solar/_matrix/client/r0/rooms/[...]": dial tcp [::1]:443: webhook can only call allowed HTTP servers (check your webhook.ALLOWED_HOST_LIST setting), deny 'matrix.pub.solar([::1]:443)'
```
2023-12-08 17:12:02 +01:00
teutat3s a3ce107c73
Merge pull request 'feat: backup matrix-synapse, matrix-appservice-irc, mautrix-telegram to storagebox' (#76) from feat/matrix-backups into main
Reviewed-on: #76
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-08 15:36:10 +00:00
teutat3s caaab0e14d
fix: new Greenbaum mail server is mail.greenbaum.zone
All checks were successful
Flake checks / Check (pull_request) Successful in 19m16s
2023-12-05 20:57:26 +01:00
teutat3s 3ac327a750
feat: backup matrix-synapse, matrix-appservice-irc,
All checks were successful
Flake checks / Check (pull_request) Successful in 17m55s
mautrix-telegram to storagebox
2023-12-03 13:11:25 +01:00
Akshay Mankar 75270321d5
fix: Allow matrix-appservice-irc to chown things
All checks were successful
Flake checks / Check (pull_request) Successful in 16m20s
@chown is part of @privileged. It is used by sed which is used to manage the
registration.yaml
2023-12-02 17:22:28 +01:00
teutat3s becaa9d649
fix: revert mautrix-telegram changes
All checks were successful
Flake checks / Check (pull_request) Successful in 16m9s
2023-12-02 16:09:15 +01:00
teutat3s 37528c0874
fix: mautrix-telegram ExecStart missing \
All checks were successful
Flake checks / Check (pull_request) Successful in 16m3s
2023-12-02 15:44:40 +01:00
teutat3s 1cfe140e77
fix: mkForce mautrix-telegram ExecStart
Some checks reported warnings
Flake checks / Check (pull_request) Has been cancelled
2023-12-02 15:43:52 +01:00
teutat3s f911ac7bad
fix(matrix-synapse): needs to defince oidc extras
after NixOS module updates
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights
2023-12-02 15:35:02 +01:00
teutat3s 904a73b51d
fix(mautrix-telegram): should not try to update config
See: https://github.com/mautrix/python/pull/152
2023-12-02 15:33:58 +01:00
teutat3s 35a4ac5619
Merge pull request 'feat: NixOS 23.11 Tapir' (#74) from feat/nixos-23.11 into main
Reviewed-on: #74
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-02 12:53:18 +00:00
teutat3s 7cf6f51516
fix: nextcloud interned strings buffer defaults to 23 now
All checks were successful
Flake checks / Check (pull_request) Successful in 22m24s
2023-12-02 11:58:48 +01:00
teutat3s 2ee4bc5682
feat: NixOS 23.11 Tapir
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights

Track nixos-23.11 branch, remove unstable overlays

This will update our services to the following versions:
nextcloud: 27.1.3 -> 27.1.4
forgejo: 1.20.5-0 -> 1.20.6-0
keycloak: 21.1.2 -> 22.0.5
matrix-synapse: 1.95.1 -> 1.97.0

Internal:
postgresql: 14.9 -> 15.5

Flake inputs diff:
• Updated input 'home-manager':
    'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d2332963662edffacfddfad59ff4f709dde80ffe' (2023-11-30)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
2023-12-02 11:13:56 +01:00
Benjamin Bädorf 1d3934693b
nextcloud: add skeleton directory that adds a good readme for new users
All checks were successful
Flake checks / Check (pull_request) Successful in 16m18s
Co-authored-by: teutat3s <teutates@mailbox.org>
2023-12-02 11:11:16 +01:00
Akshay Mankar 2cbc46c154
matrix: Move the whole email section into the secret
All checks were successful
Flake checks / Check (pull_request) Successful in 15m27s
Matrix doesn't deep merge the secrets, so this is necessary
2023-11-25 23:37:58 +01:00