b12f
737f6ec35d
Merge pull request 'docs: add privacy hardening docs' ( #89 ) from docs/privacy-hardening into main
...
Reviewed-on: #89
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-01-07 14:51:18 +00:00
Benjamin Bädorf
9cf04fd710
docs: add privacy hardening docs
Flake checks / Check (pull_request) Successful in 4m45s
2024-01-07 00:32:59 +01:00
teutat3s
9bde9237d2
Merge pull request 'Update forgejo / drone CI' ( #86 ) from fix/drone-ci into main
...
Reviewed-on: #86
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-01-06 14:29:46 +00:00
teutat3s
e3f00b7d19
fix: update drone forgejo oauth secrets
Flake checks / Check (pull_request) Successful in 17m9s
2023-12-29 19:27:45 +01:00
teutat3s
7e8f3c8cf5
fix: update forgejo-actions-runner token, use
...
docker image from https://git.pub.solar/pub-solar/actions-base-image
2023-12-29 19:26:43 +01:00
teutat3s
92c606b28f
Merge pull request 'chore: bump flake inputs, ssh security update' ( #85 ) from chore/bump-flake-inputs into main
...
Reviewed-on: #85
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-12-28 21:17:23 +00:00
teutat3s
afca5c3735
chore: bump Nextcloud to version 28
Flake checks / Check (pull_request) Successful in 18m24s
2023-12-28 17:38:41 +01:00
teutat3s
e97ce6d40f
chore: bump flake inputs
...
• Updated input 'agenix':
'github:ryantm/agenix/13ac9ac6d68b9a0896e3d43a082947233189e247' (2023-11-29)
→ 'github:ryantm/agenix/417caa847f9383e111d1397039c9d4337d024bf0' (2023-12-24)
• Added input 'agenix/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/915327515f5fd1b7719c06e2f1eb304ee0bdd803' (2023-12-13)
→ 'github:serokell/deploy-rs/b709d63debafce9f5645a5ba550c9e0983b3d1f7' (2023-12-20)
• Updated input 'home-manager':
'github:nix-community/home-manager/1488651d02c1a7a15e284210f0d380a62d8d8cef' (2023-12-17)
→ 'github:nix-community/home-manager/d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224' (2023-12-23)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d' (2023-11-24)
→ 'github:lnl7/nix-darwin/8a8321271f0835fae2cb195e1137cb381fdbcc8e' (2023-12-27)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f' (2023-12-17)
→ 'github:nixos/nixpkgs/d02d818f22c777aa4e854efc3242ec451e5d462a' (2023-12-25)
• Updated input 'unstable':
'github:nixos/nixpkgs/a9bf124c46ef298113270b1f84a164865987a91c' (2023-12-11)
→ 'github:nixos/nixpkgs/5f64a12a728902226210bf01d25ec6cbb9d9265b' (2023-12-24)
2023-12-28 17:38:06 +01:00
teutat3s
e1cab88e3d
Merge pull request 'chore: update flake inputs home-manager
, nixpkgs
, remove temporary input release-2311
' ( #84 ) from chore/bump-flake-inputs into main
...
Reviewed-on: #84
2023-12-20 11:00:30 +00:00
teutat3s
7cc3a261ed
chore: update flake inputs home-manager, nixpkgs,
...
Flake checks / Check (pull_request) Successful in 14m46s
remove temporary input release-2311
• Updated input 'home-manager':
'github:nix-community/home-manager/6761b8188b860f374b457eddfdb05c82eef9752f' (2023-12-10)
→ 'github:nix-community/home-manager/1488651d02c1a7a15e284210f0d380a62d8d8cef' (2023-12-17)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7' (2023-12-12)
→ 'github:nixos/nixpkgs/1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f' (2023-12-17)
• Removed input 'release-2311'
2023-12-18 12:41:30 +01:00
teutat3s
2e2ca2fc82
Merge pull request 'feat(matrix): enable sliding-sync' ( #83 ) from feat/matrix-synapse-sliding-sync into main
...
Reviewed-on: #83
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-16 15:34:28 +00:00
teutat3s
a310b414f7
fix: update well-known for sliding-sync
Flake checks / Check (pull_request) Failing after 50m5s
2023-12-16 14:57:36 +01:00
teutat3s
768d4c78bc
fix: use nginx locations recommended by upstream
...
https://github.com/matrix-org/sliding-sync#same-hostname
2023-12-16 14:48:08 +01:00
teutat3s
a56f8d2a00
fix: add missing SYNCV3_SECRET env var
Flake checks / Check (pull_request) Successful in 10m39s
2023-12-16 14:33:20 +01:00
teutat3s
14fa3fdec2
feat(matrix): enable sliding-sync
...
Flake checks / Check (pull_request) Successful in 16m25s
Sliding Sync is an implementation of MSC3575 and a prerequisite for
running the new (still beta) Element X clients (Element X iOS and
Element X Android).
https://github.com/matrix-org/sliding-sync
https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md
2023-12-16 13:53:34 +01:00
teutat3s
c48a405e44
Merge pull request 'fix(keycloak): NullPointerException' ( #82 ) from fix/keycloak-needs-nightly into main
...
Reviewed-on: #82
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-12-14 17:08:08 +00:00
teutat3s
4de835127f
fix(keycloak): NullPointerException
...
Flake checks / Check (pull_request) Successful in 14m47s
Use nightly to fix Cannot invoke "org.keycloak.models.RealmModel.getClientScopesStream()" because "realm" is null
Until 23.0.2 is out
https://github.com/keycloak/keycloak/pull/25313
https://github.com/keycloak/keycloak/issues/25176
https://github.com/keycloak/keycloak/issues/25183
2023-12-14 01:53:29 +01:00
teutat3s
17baf5aa2f
Merge pull request 'feat: nixpkgs updates 2023-12-13' ( #81 ) from feat/nixpkgs-updates into main
...
Reviewed-on: #81
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-12-14 00:19:21 +00:00
teutat3s
e6177069ab
fix(security): pull in forgejo 1.20.6-1 early
...
Flake checks / Check (pull_request) Successful in 22m57s
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1206-1
https://github.com/NixOS/nixpkgs/pull/274026
https://nixpk.gs/pr-tracker.html?pr=274026
• Added input 'release-2311':
'github:nixos/nixpkgs/c15f414581b4eb4113eed52ed303a1e62771fb6f' (2023-12-13)
2023-12-14 00:49:21 +01:00
teutat3s
4562bda0bf
fix(ci): avoid nix trying to use GH access-token
...
The GITHUB_TOKEN env var is set on each step by
https://code.forgejo.org/forgejo/runner , but only to communicate with
forgejo to access the repo (if it is private)
error: unable to download '4e422edf6b
': HTTP error 401
2023-12-14 00:40:38 +01:00
teutat3s
efb789d658
docs: how to show diff with nix before deploying
...
updates
2023-12-14 00:40:38 +01:00
teutat3s
294f3b7836
fix: add result to gitignore
2023-12-14 00:40:37 +01:00
teutat3s
e8bab677db
chore: update flake inputs
...
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/660180bbbeae7d60dad5a92b30858306945fd427' (2023-11-02)
→ 'github:serokell/deploy-rs/915327515f5fd1b7719c06e2f1eb304ee0bdd803' (2023-12-13)
• Updated input 'deploy-rs/flake-compat':
'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
→ 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'deploy-rs/utils':
'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
→ 'github:numtide/flake-utils/4022d587cbbfd70fe950c1e2083a02621806a725' (2023-12-04)
• Added input 'deploy-rs/utils/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'home-manager':
'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
→ 'github:nix-community/home-manager/6761b8188b860f374b457eddfdb05c82eef9752f' (2023-12-10)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/7c9168884128ed4634751b3e2f5553b09d7b8cb0' (2023-11-28)
→ 'github:srid/nixos-flake/4e422edf6b511f8e214b392cf1a0d4707a0399a4' (2023-12-09)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
→ 'github:nixos/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7' (2023-12-12)
• Updated input 'unstable':
'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
→ 'github:nixos/nixpkgs/a9bf124c46ef298113270b1f84a164865987a91c' (2023-12-11)
2023-12-14 00:40:31 +01:00
teutat3s
f0fb575c81
Merge pull request 'feat: grafana + prometheus + loki on flora-6' ( #77 ) from feat/grafana into main
...
Reviewed-on: #77
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-13 23:21:32 +00:00
teutat3s
d734adce58
fix: new Greenbaum mail server is mail.greenbaum.zone
Flake checks / Check (pull_request) Successful in 4m12s
2023-12-13 20:45:35 +01:00
teutat3s
e3d4f61a42
feat(nachtigall): send logs to loki, https+basic auth
...
Flake checks / Check (pull_request) Successful in 4m5s
Use caddy as reverse proxy for loki on flora-6, add basic auth
Add promtail to nachtigall, push logs to flora-6
2023-12-13 19:18:56 +01:00
teutat3s
10bb3295de
fix: grafana editor role is unused for now
Flake checks / Check (pull_request) Successful in 4m21s
2023-12-13 17:52:01 +01:00
teutat3s
e8cf4dceb0
fix(flora-6): allow traffic from br-+ interfaces
2023-12-13 17:51:34 +01:00
teutat3s
1b9a6bb0c2
fix: don't ignore interfaces that can change
2023-12-13 02:12:12 +01:00
teutat3s
219b67df20
fix: add 4 logs retention for loki
2023-12-13 02:12:12 +01:00
teutat3s
6c1fa290e8
feat(prometheus): add job to scrape nachtigall.pub.solar
2023-12-13 02:12:12 +01:00
teutat3s
d5b59ea18a
feat(prometheus): add node-exporter to nachtigall,
...
protect endpoint https://nachtigall.pub.solar/metrics
with TLS and basic auth
2023-12-13 02:12:11 +01:00
teutat3s
fdda65eea9
feat: init loki
2023-12-13 02:12:11 +01:00
teutat3s
0e290f080e
feat(grafana): provision node-exporter dashboard
2023-12-13 02:12:11 +01:00
teutat3s
6b15d72d85
fix: systemd-networkd-wait-online timing out
2023-12-13 02:12:11 +01:00
teutat3s
35487b53c7
fix: DNS record for grafana.pub.solar
2023-12-13 02:12:11 +01:00
teutat3s
2f7eccc970
fix: grafana root_url needs https://, role mapping
2023-12-13 02:12:11 +01:00
teutat3s
630723516d
fix: remove DNS ttl until we need it again
2023-12-13 02:12:11 +01:00
teutat3s
8dc908aabd
feat(flora-6): init grafana + prometheus on
...
grafana.pub.solar
2023-12-13 02:12:10 +01:00
teutat3s
6f0801d419
Merge pull request 'forgejo: allow webhooks to all pub.solar subdomains' ( #80 ) from fix/forgejo-matrix-webhook into main
...
Reviewed-on: #80
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-12-13 01:11:48 +00:00
teutat3s
efe31cadd9
Merge pull request 'ci: cache nix-store using nix-community/cache-nix-action' ( #65 ) from ci/enable-cache into main
...
Reviewed-on: #65
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-13 00:59:09 +00:00
teutat3s
ebc7abf685
ci: dependencies now included in actions-base-image
...
Flake checks / Check (pull_request) Successful in 3m24s
https://git.pub.solar/pub-solar/actions-base-image
2023-12-13 01:52:01 +01:00
teutat3s
e4c4644a8e
ci: cache using nix-community/cache-nix-action
...
Flake checks / Check (pull_request) Successful in 3m30s
https://github.com/nix-community/cache-nix-action
2023-12-13 01:42:15 +01:00
teutat3s
6bfeb835c2
fix: type INI atom (null, bool, int, float or string)
...
Flake checks / Check (pull_request) Successful in 18m0s
option `services.gitea.settings.webhook.ALLOWED_HOST_LIST' is not of
type `INI atom (null, bool, int, float or string)'
2023-12-08 17:37:28 +01:00
Benjamin Bädorf
97a592a53e
forgejo: allow webhooks to all pub.solar subdomains
...
Flake checks / Check (pull_request) Failing after 1m54s
This should fix the following error that was occuring while trying to post
notices to matrix channels:
```
Delivery: Put "https://matrix.pub.solar/_matrix/client/r0/rooms/[...] ": dial tcp [::1]:443: webhook can only call allowed HTTP servers (check your webhook.ALLOWED_HOST_LIST setting), deny 'matrix.pub.solar([::1]:443)'
```
2023-12-08 17:12:02 +01:00
teutat3s
a3ce107c73
Merge pull request 'feat: backup matrix-synapse, matrix-appservice-irc, mautrix-telegram to storagebox' ( #76 ) from feat/matrix-backups into main
...
Reviewed-on: #76
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-08 15:36:10 +00:00
teutat3s
ac582d3f6f
Merge pull request 'docs: add how to manage DNS records with terraform' ( #79 ) from docs-terraform-dns into main
...
Reviewed-on: #79
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-12-08 15:35:55 +00:00
teutat3s
75e4179f42
Merge pull request 'fix: new Greenbaum mail hostname is mail.greenbaum.zone' ( #78 ) from fix/mail-server into main
...
Reviewed-on: #78
2023-12-06 18:19:18 +00:00
teutat3s
21e620a12c
docs: add how to manage DNS records with terraform
Flake checks / Check (pull_request) Successful in 20m8s
2023-12-06 18:41:23 +01:00
teutat3s
caaab0e14d
fix: new Greenbaum mail server is mail.greenbaum.zone
Flake checks / Check (pull_request) Successful in 19m16s
2023-12-05 20:57:26 +01:00