Commit graph

48 commits

Author SHA1 Message Date
teutat3s dfb523133e
mastodon: remove overlay for security update, new
All checks were successful
Flake checks / Check (pull_request) Successful in 17m24s
version landed in NixOS 24.05
2024-07-08 18:36:48 +02:00
teutat3s f8f67b8908
security: update mastodon to 4.2.10
All checks were successful
Flake checks / Check (pull_request) Successful in 13m1s
https://github.com/mastodon/mastodon/releases/tag/v4.2.10
* Fix incorrect permission checking on multiple API endpoints (GHSA-58x8-3qxw-6hm7)
* Fix incorrect authorship checking when processing some activities (CVE-2024-37903, GHSA-xjvf-fm67-4qc3)
* Fix ongoing streaming sessions not being invalidated when application tokens get revoked (GHSA-vp5r-5pgw-jwqx)
2024-07-05 12:03:14 +02:00
teutat3s e90d923e91
flake: update simple-mailserver to nixos-24.05 2024-06-23 15:19:20 +02:00
teutat3s bc9ac6011e
flake: update to NixOS 24.05
Fix warnings:
trace: warning: The option `services.nextcloud.extraOptions' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings'.
trace: warning: The option `services.nextcloud.skeletonDirectory' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.skeletondirectory'.
trace: warning: The option `services.nextcloud.config.overwriteProtocol' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.nextcloud' has been renamed to `services.nextcloud.settings.overwriteprotocol'.
trace: warning: The option `services.matrix-synapse.sliding-sync' defined in `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.matrix' has been renamed to `services.matrix-sliding-sync'.

Fix errors:
loki: fix config for version 3+
keycloak: declarative-user-profile feature is now enabled by default

error: A definition for option `programs.gnupg.agent.pinentryPackage' is not of type `null or package'. Definition values:
- In `/nix/store/a53lc1l5wy9vbv1d3n93903dq0wjgvfj-source/flake.nix#nixosModules.forgejo': "curses"
2024-06-23 15:19:18 +02:00
teutat3s 6143f56c01
flake: use DNS hostnames for deploy-rs 2024-06-06 12:50:24 +02:00
teutat3s 0038be3d2c
metronom: use wireguard IP for SSH, lock down SSH
port access to wireguard only
2024-05-31 16:52:04 +02:00
Hendrik Sokolowski af233793fb
initial work on mail 2024-05-31 16:52:01 +02:00
teutat3s 866785ef47
style: format using treefmt 2024-05-30 19:04:40 +02:00
teutat3s e71cbfc461
ci: add self-hosted forgejo-actions-runner
wip: add git.pub.solar to /etc/hosts

ci: add devshell with Node.js for forgejo actions

ci: add PATH

ci: add HOME
2024-05-30 19:04:13 +02:00
Hendrik Sokolowski 946585d1ca
initial commit of tankstelle
Some checks failed
Flake checks / Check (pull_request) Failing after 1m38s
2024-05-29 14:08:59 +02:00
teutat3s 2ca0bd7c3e
style: run treefmt
All checks were successful
Flake checks / Check (pull_request) Successful in 2m36s
2024-05-08 22:57:07 +02:00
teutat3s ff9703e542
matrix: init stickerpicker
All checks were successful
Flake checks / Check (pull_request) Successful in 12m57s
2024-05-07 17:47:55 +02:00
Pablo Ovelleiro Corral 512ab12de1
Put modules into uniform folders
All checks were successful
Flake checks / Check (pull_request) Successful in 6m2s
2024-04-28 19:17:09 +02:00
Pablo Ovelleiro Corral c7b743e4dd
Add official formatter to flake
All checks were successful
Flake checks / Check (pull_request) Successful in 6m2s
Allows running `nix fmt`, which will format using the official style as
agreed upon in nixpkgs
2024-04-28 17:54:09 +02:00
Hendrik Sokolowski 9ec77e2a30
Update flake.nix (#134)
Update deploy node settinsg with wireguard ips

Reviewed-on: #134
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-04-05 14:11:42 +00:00
Benjamin Yule Bädorf eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
teutat3s b76b7821a7
chore: update flake inputs
All checks were successful
Flake checks / Check (pull_request) Successful in 19m43s
• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/1776009f1f3fb2b5d236b84d9815f2edee463a9b' (2024-01-10)
  → 'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
  → 'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd' (2024-02-12)
  → 'github:lnl7/nix-darwin/daa03606dfb5296a22e842acb02b46c1c4e9f5e7' (2024-03-04)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/3891b2030114f8661402991eac9be0ed59f786ae' (2024-02-09)
  → 'github:srid/nixos-flake/50203d68b305abff2f29e555992eb55ddeffbcd5' (2024-02-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/617579a787259b9a6419492eaac670a5f7663917' (2024-03-04)
• Updated input 'unstable':
    'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
  → 'github:nixos/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
• Removed input 'nixpkgs-head'
2024-03-05 21:39:19 +01:00
Akshay Mankar f7d7964299
security: Upgrade mastodon to 4.2.7
All checks were successful
Flake checks / Check (pull_request) Successful in 19m21s
2024-02-16 13:22:39 +01:00
teutat3s 815033c764
treewide: apply nixpkgs-fmt
Used command:
nixpkgs-fmt .
2024-01-27 20:29:30 +01:00
teutat3s 7cc3a261ed
chore: update flake inputs home-manager, nixpkgs,
All checks were successful
Flake checks / Check (pull_request) Successful in 14m46s
remove temporary input release-2311

• Updated input 'home-manager':
    'github:nix-community/home-manager/6761b8188b860f374b457eddfdb05c82eef9752f' (2023-12-10)
  → 'github:nix-community/home-manager/1488651d02c1a7a15e284210f0d380a62d8d8cef' (2023-12-17)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7' (2023-12-12)
  → 'github:nixos/nixpkgs/1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f' (2023-12-17)
• Removed input 'release-2311'
2023-12-18 12:41:30 +01:00
teutat3s e6177069ab
fix(security): pull in forgejo 1.20.6-1 early
All checks were successful
Flake checks / Check (pull_request) Successful in 22m57s
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1206-1

https://github.com/NixOS/nixpkgs/pull/274026
https://nixpk.gs/pr-tracker.html?pr=274026

• Added input 'release-2311':
    'github:nixos/nixpkgs/c15f414581b4eb4113eed52ed303a1e62771fb6f' (2023-12-13)
2023-12-14 00:49:21 +01:00
teutat3s 21e620a12c
docs: add how to manage DNS records with terraform
All checks were successful
Flake checks / Check (pull_request) Successful in 20m8s
2023-12-06 18:41:23 +01:00
teutat3s 2ee4bc5682
feat: NixOS 23.11 Tapir
https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-highlights

Track nixos-23.11 branch, remove unstable overlays

This will update our services to the following versions:
nextcloud: 27.1.3 -> 27.1.4
forgejo: 1.20.5-0 -> 1.20.6-0
keycloak: 21.1.2 -> 22.0.5
matrix-synapse: 1.95.1 -> 1.97.0

Internal:
postgresql: 14.9 -> 15.5

Flake inputs diff:
• Updated input 'home-manager':
    'github:nix-community/home-manager/28535c3a34d79071f2ccb68671971ce0c0984d7e' (2023-11-19)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d2332963662edffacfddfad59ff4f709dde80ffe' (2023-11-30)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
2023-12-02 11:13:56 +01:00
Akshay Mankar a2e7adbc79
element: Add themes
All checks were successful
Flake checks / Check (pull_request) Successful in 22m49s
2023-11-19 16:03:24 +01:00
teutat3s 40ed46b05b
Merge pull request 'feat: pull in forgejo + mastodon updates early' (#64) from feat/early-forgejo-mastodon-updates into main
Reviewed-on: #64
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-18 22:13:06 +00:00
teutat3s b7657db2cb
chore: bump flake inputs, remove mastodon-fork input
• Removed input 'mastodon-fork'
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8' (2023-11-14)
  → 'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
• Updated input 'unstable':
    'github:nixos/nixpkgs/e44462d6021bfe23dfb24b775cc7c390844f773d' (2023-11-12)
  → 'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
2023-11-18 18:43:32 +01:00
teutat3s f213f93085
fix: remove nix from devshell
This caused nix version 2.13 being using in the devshell instead of
recent version 2.18, which we use by default in PubSolarOS
2023-11-18 17:33:28 +01:00
teutat3s 3e0af35c75
wip: actions runner 2023-11-15 18:54:32 +00:00
teutat3s 7be3567e6d
flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
Benjamin Bädorf 20fbcbb571
fix: two typos 2023-11-06 21:07:24 +00:00
Benjamin Bädorf e8ad662631
refactor: change file structure to use modules dir
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00
Benjamin Bädorf f013c6e3f8
feat: make docker run on zfs, add unlocking docs 2023-10-29 19:39:48 +00:00
Akshay Mankar 9cf2ba9d67
devshell: Add terraform 1.12 2023-10-29 19:39:22 +00:00
teutat3s 73f9d84b31
feat: terraform DNS for namecheap initial commit 2023-10-29 19:39:22 +00:00
Benjamin Bädorf 3cb548d77a
feat: add collabora 2023-10-29 13:42:50 +01:00
Benjamin Bädorf d27328fd1f
feat: init keycloak 2023-10-28 21:23:07 +02:00
teutat3s e43cb021ce
feat: use mastodon version 4.2.1 from our fork
This still needs updates in the NixOS module to account for the changes
in https://github.com/mastodon/mastodon/pull/24655 that change how
multiple streaming processes run. Hopefully this is fine for a single
streaming process though.

https://github.com/NixOS/nixpkgs/pull/251950
https://github.com/teutat3s/nixpkgs/tree/mastodon-4.2.1
2023-10-28 16:57:24 +02:00
teutat3s a5b32302c1
fix: use caddy module from nixos-unstable 2023-10-28 15:06:57 +02:00
teutat3s 3c9f9c9fc7
fix: use deploy-rs overlay to force usage of nixpkgs 2023-10-28 15:06:57 +02:00
Akshay Mankar 41d6c334bc
Merge pull request 'Use nixos-23.05 instead of unstable' (#14) from use-nixos-stable into main
Reviewed-on: pub-solar/infra-new#14
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-28 14:00:29 +02:00
teutat3s e7febf5403
chore: remove darwin systems 2023-10-28 13:48:56 +02:00
Akshay Mankar c23bc00f19
Use nixos-23.05 instead of unstable 2023-10-28 13:47:10 +02:00
Akshay Mankar 5a7d81d787
flake.nix: Fix usage of self.nixos-flake.lib.mkLinuxSystem 2023-10-28 13:46:05 +02:00
teutat3s 3ceec80aab
chore: pin more inputs and bump flake lock
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/8e8d955c22df93dbe24f19ea04f47a74adbdc5ec' (2023-07-04)
  → 'github:hercules-ci/flake-parts/c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4' (2023-10-03)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/4bc72cae107788bf3f24f30db2e2f685c9298dc9?dir=lib' (2023-06-29)
  → 'github:NixOS/nixpkgs/f5892ddac112a1e9b3612c39af1b72987ee5783a?dir=lib' (2023-09-29)
• Updated input 'home-manager':
    'github:nix-community/home-manager/f58889c07efa8e1328fdf93dc1796ec2a5c47f38' (2023-07-29)
  → 'github:nix-community/home-manager/f92a54fef4eacdbe86b0a2054054dd58b0e2a2a4' (2023-10-28)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/16c07487ac9bc59f58b121d13160c67befa3342e' (2023-07-27)
  → 'github:lnl7/nix-darwin/afe83cbc2e673b1f08d32dd0f70df599678ff1e7' (2023-10-27)
• Updated input 'nixos-flake':
    'github:srid/nixos-flake/df6fe273ff64dc29de2c93805045b5348d70bc26' (2023-07-27)
  → 'github:srid/nixos-flake/2c25190ceacdaaae7e8afbecfa87096bb499a431' (2023-08-22)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28' (2023-07-28)
  → 'github:nixos/nixpkgs/63678e9f3d3afecfeafa0acead6239cdb447574c' (2023-10-26)
• Updated input 'terranix':
    'github:terranix/terranix/c0dd15076856c6cb425795b8c7d5d37d3a1e922a' (2023-05-24)
  → 'github:terranix/terranix/fc9077ca02ab5681935dbf0ecd725c4d889b9275' (2023-09-22)
2023-10-28 13:36:43 +02:00
Akshay Mankar b788a9f383
Add dev shell 2023-10-28 12:38:14 +02:00
Akshay Mankar e0c6530d97
Disable Password authentication in SSH 2023-10-28 12:01:48 +02:00
Akshay Mankar 5554b5191e
Add NixOS config for nachtigall 2023-10-28 00:58:13 +02:00
Benjamin Bädorf 61fb32d92d
Initial commit 2023-07-30 16:50:11 +02:00