teutat3s
9e2d9a06b3
Merge pull request 'security: update mastodon to 4.2.10' ( #212 ) from mastodon-4.2.10 into main
...
Reviewed-on: #212
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-07-05 10:16:39 +00:00
teutat3s
f8f67b8908
security: update mastodon to 4.2.10
...
Flake checks / Check (pull_request) Successful in 13m1s
https://github.com/mastodon/mastodon/releases/tag/v4.2.10
* Fix incorrect permission checking on multiple API endpoints (GHSA-58x8-3qxw-6hm7)
* Fix incorrect authorship checking when processing some activities (CVE-2024-37903, GHSA-xjvf-fm67-4qc3)
* Fix ongoing streaming sessions not being invalidated when application tokens get revoked (GHSA-vp5r-5pgw-jwqx)
2024-07-05 12:03:14 +02:00
teutat3s
57a5ace727
Merge pull request 'flake updates, update grafana dashboard' ( #211 ) from flake-updates into main
...
Reviewed-on: #211
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-07-04 11:07:27 +00:00
teutat3s
7ce66f38fc
grafana: update dashboard json, select nachtigall by default
Flake checks / Check (pull_request) Successful in 5m37s
2024-07-02 19:04:52 +02:00
teutat3s
b4dd570b2d
docs: use IPv4 for ZFS remote unlocking
2024-06-27 18:39:27 +02:00
teutat3s
bdd4290e8d
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixos-flake':
'github:srid/nixos-flake/6335b2f05f007b95ac2438b0a55498f9f20e73f7' (2024-06-22)
→ 'github:srid/nixos-flake/8cefa1e7af06d366f5d3fd7c97e9edbf4d38c476' (2024-06-26)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/dd457de7e08c6d06789b1f5b88fc9327f4d96309' (2024-06-19)
→ 'github:nixos/nixpkgs/89c49874fb15f4124bf71ca5f42a04f2ee5825fd' (2024-06-26)
• Updated input 'simple-nixos-mailserver/flake-compat':
'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
→ 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'simple-nixos-mailserver/utils':
'github:numtide/flake-utils/5021eac20303a61fafe17224c087f5519baed54d' (2020-11-14)
→ 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
• Added input 'simple-nixos-mailserver/utils/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'unstable':
'github:nixos/nixpkgs/a71e967ef3694799d0c418c98332f7ff4cc5f6af' (2024-06-22)
→ 'github:nixos/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24)
2024-06-27 16:53:25 +02:00
teutat3s
0b0074a65b
Merge pull request 'flake: update to NixOS 24.05' ( #203 ) from nixos-24.05 into main
...
Reviewed-on: #203
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-27 14:47:18 +00:00
teutat3s
f5034c4e08
Merge pull request 'zfs: enable scrub once per month' ( #210 ) from zfs-enable-scrub into main
...
Reviewed-on: #210
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-23 14:21:13 +00:00
teutat3s
f0347b945c
Merge pull request 'Updates for element-web, forgejo, nextcloud, synapse and more' ( #209 ) from flake-updates into main
...
Reviewed-on: #209
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-23 14:10:12 +00:00
teutat3s
2ebe4bd109
loki: fix invalid config max_look_back_period,
...
Flake checks / Check (pull_request) Successful in 14m21s
seems no longer used in loki 3
2024-06-23 15:19:20 +02:00
teutat3s
e90d923e91
flake: update simple-mailserver to nixos-24.05
2024-06-23 15:19:20 +02:00
teutat3s
bc9ac6011e
flake: update to NixOS 24.05
...
Fix warnings:
trace: warning: The option `services.nextcloud.extraOptions' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings'.
trace: warning: The option `services.nextcloud.skeletonDirectory' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.skeletondirectory'.
trace: warning: The option `services.nextcloud.config.overwriteProtocol' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.overwriteprotocol'.
trace: warning: The option `services.matrix-synapse.sliding-sync' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.matrix' has been renamed to `services.matrix-sliding-sync'.
Fix errors:
loki: fix config for version 3+
keycloak: declarative-user-profile feature is now enabled by default
error: A definition for option `programs.gnupg.agent.pinentryPackage' is not of type `null or package'. Definition values:
- In `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.forgejo': "curses"
2024-06-23 15:19:18 +02:00
teutat3s
153ef69daf
metronom: enable ZFS auto scrub once per month
Flake checks / Check (pull_request) Successful in 6m28s
2024-06-23 15:16:04 +02:00
teutat3s
af5abfc712
nachtigall: enable ZFS auto scrub once per month
2024-06-23 15:14:30 +02:00
teutat3s
99f84268e7
nextcloud: fine tune for performance, following
...
Flake checks / Check (pull_request) Successful in 4m1s
https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html
2024-06-23 15:01:37 +02:00
teutat3s
f38aa289ea
matrix-synapse: enable more useful logging
2024-06-23 15:00:40 +02:00
teutat3s
aa244087d3
forgejo: use latest version from unstable for security fixes
...
Flake checks / Check (pull_request) Successful in 4m9s
error: Package ‘forgejo-1.20.6-1-unstable-2024-04-18’ in /nix/store/qk1dpz44db85rhd8lr4j6i2hkn9j5hg4-source/pkgs/applications/version-management/forgejo/default.nix:147 is marked as insecure, refusing to evaluate.
Known issues:
- Forgejo v1.20.x is EOL
- OAuth2 implementation does not always require authentication for public clients
2024-06-22 20:55:50 +02:00
teutat3s
002f6945dc
flake.lock: Update
...
Flake checks / Check (pull_request) Failing after 4m0s
Flake lock file updates:
• Updated input 'agenix':
'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
→ 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/b3ea6f333f9057b77efd9091119ba67089399ced' (2024-05-14)
→ 'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12)
• Updated input 'element-themes':
'github:aaronraimist/element-themes/6ed3a981191cbd59f03ea530f16e096b9a4c278c' (2024-05-28)
→ 'github:aaronraimist/element-themes/3bc82abc3dd468dabc933f0f9d0b443ed97554a6' (2024-06-20)
• Updated input 'maunium-stickerpicker':
'github:maunium/stickerpicker/47f17fde452b5e9f0c9e96ce0e2c878dd0574b7f?dir=web' (2024-05-18)
→ 'github:maunium/stickerpicker/333567f481e60443360aa7199d481e1a45b3a523?dir=web' (2024-06-19)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29)
→ 'github:lnl7/nix-darwin/29b3096a6e283d7e6779187244cb2a3942239fdf' (2024-06-17)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/aa9100167350cbdffaa272b0fd382d7c23606b86' (2024-05-22)
→ 'github:srid/nixos-flake/6335b2f05f007b95ac2438b0a55498f9f20e73f7' (2024-06-22)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446' (2024-05-31)
→ 'github:nixos/nixpkgs/03d771e513ce90147b65fe922d87d3a0356fc125' (2024-06-19)
• Updated input 'unstable':
'github:nixos/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
→ 'github:nixos/nixpkgs/d603719ec6e294f034936c0d0dc06f689d91b6c3' (2024-06-20)
2024-06-22 20:35:27 +02:00
teutat3s
02af5fb8c9
Merge pull request 'postgresql: tune' ( #208 ) from pg-tuning into main
...
Reviewed-on: #208
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-22 14:57:20 +00:00
teutat3s
d21ae91c3e
postgresql: tune
Flake checks / Check (pull_request) Successful in 13m50s
2024-06-22 16:42:38 +02:00
teutat3s
2a9686798f
Merge pull request 'centralize docs for SSH access' ( #206 ) from update-docs into main
...
Reviewed-on: #206
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-13 15:38:41 +00:00
teutat3s
c18a9da4e9
keycloak: update docs to use admin-cli client
...
Flake checks / Check (pull_request) Successful in 3m29s
instead of ops user
2024-06-10 20:35:40 +02:00
teutat3s
b687997390
docs: centralize SSH access docs
2024-06-10 20:35:40 +02:00
teutat3s
bc3752683b
keycloak: add docs how to delete unverified accounts
2024-06-10 20:35:36 +02:00
teutat3s
1ae6d9ecfe
Merge pull request 'loki tuning, lock down SSH for tankstelle, tweak nextcloud SMTP settings' ( #205 ) from misc-fixes into main
...
Reviewed-on: #205
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-10 10:41:57 +00:00
teutat3s
e2691988bf
nextcloud: use port 465 and TLS/SSL for mail transfer
Flake checks / Check (pull_request) Successful in 3m56s
2024-06-08 23:54:05 +02:00
teutat3s
d3fedd84e9
loki: tune settings, enable cache
2024-06-08 23:53:43 +02:00
teutat3s
d8866860d5
prometheus-node-exporter: use version 1.8.1 to fix
...
error message spamming logs
2024-06-08 23:52:53 +02:00
teutat3s
e127c668f6
metronom, tankstelle: cleanup for SSH only via wireguard
2024-06-08 23:52:08 +02:00
teutat3s
ba76973cc5
Merge pull request 'fix promtail host label' ( #204 ) from fix-promtail-label into main
...
Reviewed-on: #204
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-06 17:50:08 +00:00
teutat3s
6ea916603c
networking: set networking.domain in core module
Flake checks / Check (pull_request) Successful in 4m0s
2024-06-06 19:30:11 +02:00
teutat3s
bae41b07a8
promtail: use hostName to set label
2024-06-06 19:29:42 +02:00
teutat3s
3b865a688c
Merge pull request 'Add metronom + tankstelle to grafana + loki' ( #202 ) from monitor-metronom-tankstelle into main
...
Reviewed-on: #202
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-06 16:41:22 +00:00
teutat3s
eaed05c834
style: apply treefmt
Flake checks / Check (pull_request) Successful in 4m41s
2024-06-06 12:56:55 +02:00
teutat3s
9707edf2de
docs: add example for wireguard client config
Flake checks / Check (pull_request) Failing after 38s
2024-06-06 12:54:31 +02:00
teutat3s
2fdfd3b80e
docs: fix syntax in example
2024-06-06 12:54:14 +02:00
teutat3s
4350cbf7c4
tankstelle: add promtail, prometheus node-exporter
...
for monitoring, configure wireguard between flora-6 and tankstelle
2024-06-06 12:53:49 +02:00
teutat3s
b93608a8fa
metronom: add promtail, prometheus node-exporter
...
configure wireguard to push logs to and scrape metrics from flora-6
open firewall for node-exporter port on wg-ssh interface
2024-06-06 12:52:55 +02:00
teutat3s
6143f56c01
flake: use DNS hostnames for deploy-rs
2024-06-06 12:50:24 +02:00
teutat3s
008e14f2d2
mail: add missing NixOS module to metronom
2024-06-06 12:49:58 +02:00
teutat3s
509a40b829
Merge pull request 'update mastodon, matrix-synapse, nextcloud, php, ruby, and others' ( #201 ) from chore/updates into main
...
Reviewed-on: #201
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-06-06 09:21:12 +00:00
teutat3s
6aa18b0a2c
flake: update inputs
...
Flake checks / Check (pull_request) Successful in 14m32s
• Updated input 'element-themes':
'github:aaronraimist/element-themes/2368b58c16d2c4aabb82a245f036d228cbb6e5f5' (2024-02-12)
→ 'github:aaronraimist/element-themes/6ed3a981191cbd59f03ea530f16e096b9a4c278c' (2024-05-28)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/8dc45382d5206bd292f9c2768b8058a8fd8311d9' (2024-05-16)
→ 'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01)
• Updated input 'flake-parts/nixpkgs-lib':
'50eb7ecf4c
.tar.gz?narHash=sha256-QBx10%2Bk6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94%3D' (2024-05-02)
→ 'eb9ceca17d
.tar.gz?narHash=sha256-lIbdfCsf8LMFloheeE6N31%2BBMIeixqyQWbSr2vk79EQ%3D' (2024-06-01)
• Updated input 'home-manager':
'github:nix-community/home-manager/2c78a57c544dd19b07442350727ced097e1aa6e6' (2024-05-26)
→ 'github:nix-community/home-manager/095ef64aa3b2ab4a4f1bf07f29997e21e3a5576a' (2024-06-04)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/0bea8222f6e83247dd13b055d83e64bce02ee532' (2024-05-24)
→ 'github:lnl7/nix-darwin/c0d5b8c54d6828516c97f6be9f2d00c63a363df4' (2024-05-29)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22)
→ 'github:nixos/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446' (2024-05-31)
• Updated input 'unstable':
'github:nixos/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24)
→ 'github:nixos/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
2024-06-05 02:08:13 +02:00
teutat3s
10ed117dfe
Merge pull request 'loki, prometheus, promtail should connect via wireguard' ( #200 ) from loki-prometheus-via-wireguard into main
...
Reviewed-on: #200
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-06-05 00:04:40 +00:00
teutat3s
e93a56e594
nginx: use square brackets for IPv6 address
Flake checks / Check (pull_request) Successful in 4m0s
2024-06-05 01:59:54 +02:00
teutat3s
27c239b985
loki: allow port 3100 in firewall for wg-ssh interface
2024-06-05 01:59:44 +02:00
teutat3s
61ea0ad7c2
networking: add internal IPv6 wireguard IPs to /etc/hosts
Flake checks / Check (pull_request) Successful in 3m8s
2024-06-03 12:33:51 +02:00
teutat3s
8f1b932fdc
docs: update unlocking ZFS pool
Flake checks / Check (pull_request) Successful in 3m43s
2024-06-03 12:30:08 +02:00
teutat3s
56f692740e
networking: use *.wg.pub.solar in /etc/hosts
...
instead of overriding IPs for existing DNS records, to reduce suprises
when DNS records are different depending on the host.
Add metronom + tankstelle internal wireguard IPs, too.
2024-06-03 12:28:33 +02:00
teutat3s
0286719dce
dns: add internal *.wg.pub.solar VPN records
2024-06-01 16:51:49 +02:00
teutat3s
20ebf92f1f
loki, promtail, prometheus: remove basic auth, use
...
wireguard to secure connections
2024-06-01 16:51:14 +02:00