Commit graph

289 commits

Author SHA1 Message Date
b12f b5ed810f11
hosts: use correct wireguardDevices option
Some checks failed
Flake checks / Check (pull_request) Failing after 36s
2024-11-12 20:32:00 +01:00
teutat3s 7ba5a7bdd6
matrix: disable sliding-sync proxy, it's built into
Some checks failed
Flake checks / Check (pull_request) Failing after 22s
synapse now, update synapse config to use matrix-authentication-service
2024-10-30 20:31:29 +01:00
b12f 041d311bb2
modules/matrix: rename used config options
Some checks failed
Flake checks / Check (pull_request) Failing after 23s
2024-10-30 18:37:47 +01:00
teutat3s 9d9bcf9a15
mas: move to module, add secrets for prod 2024-10-30 18:37:46 +01:00
b12f 4434a90136
modules/matrix: rename secrets to not include hostnames 2024-10-30 18:37:46 +01:00
teutat3s 9d7d251369
style: fix formatting 2024-10-30 18:37:46 +01:00
teutat3s 7775ad332e
matrix: do not change paths for nachtigall secrets 2024-10-30 18:37:46 +01:00
teutat3s d6cc9c8164
matrix-authentication-service: init host underground
to test mas, related to #242
2024-10-30 18:37:45 +01:00
teutat3s 2c29d27ce7
style: remove redundant brackets
All checks were successful
Flake checks / Check (pull_request) Successful in 21m41s
2024-10-23 20:18:03 +02:00
teutat3s 31a885926b
trinkgenossin: fix network in initrd, virtio_net
kernel module was missing. Also this is a QEMU host, hyperV is not
required.
2024-10-23 20:17:32 +02:00
teutat3s 987c0919ca
style: fix formatting
All checks were successful
Flake checks / Check (pull_request) Successful in 27m37s
2024-10-17 20:31:47 +02:00
teutat3s c39cf9c0b9
mastodon: update to version 4.3.0 from nixos-unstable
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
https://github.com/NixOS/nixpkgs/pull/337545/files
2024-10-17 20:31:47 +02:00
teutat3s df2f0d4442
flake: refactor, bye srid
All checks were successful
Flake checks / Check (pull_request) Successful in 24m21s
Refactor flake to work without nixos-flake and use native NixOS module
system. This is because of recent changes to nixos-flake, like renaming it
to nixos-unified and changing the API without a changelog or guide how
to update.
2024-10-05 14:03:40 +02:00
teutat3s 8600fc64c5
wireguard: fix trinkgenossin IPv4 address 2024-10-05 13:03:40 +02:00
teutat3s 21a1ae15cb
trinkgenossin: fix duplicate promtail, prometheus-exporter 2024-09-10 16:02:26 +02:00
teutat3s 19723f3812
monitoring: add prometheus-exporter, promtail to
delite, blue-shell

add instance labels to garage scrape jobs
2024-09-10 16:02:26 +02:00
teutat3s ec5e9896fd
delite: use static IP in initrd, DHCP not working 2024-09-10 16:02:25 +02:00
b12f 1ec5bafa30
flora-6: remove
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
2024-09-10 16:02:24 +02:00
teutat3s 2e16c77956
secrets: rename restic-repo-storagebox{,-nachtigall}
To use a restic repository per host
2024-08-29 16:22:58 +02:00
teutat3s e2ba1aacf4
mail: add backups to garage bucket + storagebox
Restic backups to garage S3 bucket metronom-backups
2024-08-29 16:19:24 +02:00
teutat3s d2389497c2
Merge pull request 'garage: initial cluster' (#222) from garage-cluster into main
Reviewed-on: #222
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-28 15:55:16 +00:00
teutat3s 4626fd85c0
mediawiki: add backups to garage bucket + storagebox
All checks were successful
Flake checks / Check (pull_request) Successful in 1m56s
Restic backups to garage S3 bucket nachtigall-backups
https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic
2024-08-28 17:13:34 +02:00
teutat3s 88b76beb5c
keycloak: use backups module
All checks were successful
Flake checks / Check (pull_request) Successful in 19m4s
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:09:07 +02:00
teutat3s e857c6198b
modules/backup: init
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:04:10 +02:00
teutat3s a0b52d51e5
nachtigall: make postgres wait for zfs mount
Co-authored-by: b12f <b12f@noreply.git.pub.solar>
Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-08-27 10:00:42 +02:00
teutat3s f236962e17
garage: add monitoring, connect to grafana + loki
All checks were successful
Flake checks / Check (pull_request) Successful in 7m10s
https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
2024-08-25 00:18:09 +02:00
teutat3s d32abd7a7f
wireguard: add trinkgenossin, delite, blue-shell 2024-08-25 00:13:53 +02:00
teutat3s 15b507904f
garage: init buckets.pub.solar, use nginx as reverse proxy
https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/
2024-08-24 21:48:48 +02:00
teutat3s b0790876ec
style: format using nixfmt-rfc-style
All checks were successful
Flake checks / Check (pull_request) Successful in 7m42s
2024-08-24 17:39:49 +02:00
teutat3s 83b7e3e11e
hosts: init blue-shell 2024-08-24 03:02:15 +02:00
teutat3s 4ef9781d10
hosts: init delite 2024-08-24 03:01:46 +02:00
teutat3s ca8e578b11
hosts: init trinkgenossin 2024-08-24 03:00:01 +02:00
Benjamin Yule Bädorf 8ce50bb73b
tt-rss: add pub.solar specific configuration 2024-07-17 15:22:58 +02:00
teutat3s 153ef69daf
metronom: enable ZFS auto scrub once per month
All checks were successful
Flake checks / Check (pull_request) Successful in 6m28s
2024-06-23 15:16:04 +02:00
teutat3s af5abfc712
nachtigall: enable ZFS auto scrub once per month 2024-06-23 15:14:30 +02:00
teutat3s e127c668f6
metronom, tankstelle: cleanup for SSH only via wireguard 2024-06-08 23:52:08 +02:00
teutat3s 6ea916603c
networking: set networking.domain in core module
All checks were successful
Flake checks / Check (pull_request) Successful in 4m0s
2024-06-06 19:30:11 +02:00
teutat3s 4350cbf7c4
tankstelle: add promtail, prometheus node-exporter
for monitoring, configure wireguard between flora-6 and tankstelle
2024-06-06 12:53:49 +02:00
teutat3s b93608a8fa
metronom: add promtail, prometheus node-exporter
configure wireguard to push logs to and scrape metrics from flora-6

open firewall for node-exporter port on wg-ssh interface
2024-06-06 12:52:55 +02:00
teutat3s 008e14f2d2
mail: add missing NixOS module to metronom 2024-06-06 12:49:58 +02:00
teutat3s 0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH
port access to wireguard only
2024-05-31 16:52:04 +02:00
teutat3s 9a9dccf5bb
mail: move NixOS module to modules 2024-05-31 16:52:04 +02:00
teutat3s c5dfb472f8
style: treefmt 2024-05-31 16:52:04 +02:00
teutat3s 1ca1168d7a
mail: switch to mail.pub.solar 2024-05-31 16:52:04 +02:00
teutat3s b6f64a1e04
mail: add more @pub.solar mail accounts 2024-05-31 16:52:03 +02:00
Hendrik Sokolowski af233793fb
initial work on mail 2024-05-31 16:52:01 +02:00
teutat3s 941eff6d87
tankstelle: configure wireguard
All checks were successful
Flake checks / Check (pull_request) Successful in 2m30s
2024-05-30 19:17:21 +02:00
teutat3s 5aa1276e85
ci: add nix to PATH 2024-05-30 19:04:40 +02:00
teutat3s cc70a740a1
ci: run actions runner as normal user 2024-05-30 19:04:40 +02:00
teutat3s 866785ef47
style: format using treefmt 2024-05-30 19:04:40 +02:00