Commit graph

395 commits

Author SHA1 Message Date
b12f 6642a69ca4
Merge pull request 'fix: link to our statutes / satzung' (#56) from fix/nextcloud-link-satzung into main
Reviewed-on: #56
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-15 18:54:54 +00:00
teutat3s 25549fdc53
fix: link to our statutes / satzung
All checks were successful
Flake checks / Check (pull_request) Successful in 16m19s
2023-11-15 18:54:47 +00:00
b12f e3650e2ecd
Merge pull request 'feat: flora-6' (#48) from feat/flora-6 into main
Reviewed-on: #48
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-15 18:54:38 +00:00
teutat3s d5922ff2b8
fix: disable DNSSEC for now because of an issue in
All checks were successful
Flake checks / Check (pull_request) Successful in 16m35s
systemd https://github.com/systemd/systemd/issues/10579

Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone

❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone

; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A

;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82

;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE  rcvd: 121
2023-11-15 18:54:32 +00:00
teutat3s 3e0af35c75
wip: actions runner 2023-11-15 18:54:32 +00:00
teutat3s 9c1d19d49f
nachtigall: move SSH private key from user to host 2023-11-15 18:54:32 +00:00
teutat3s 43512ae6e7
forgejo-actions-runner: use Node.js docker images
Regenerate auth token
2023-11-15 18:54:32 +00:00
teutat3s 1bd7e5c0e7
docs: clean up 2023-11-15 18:54:32 +00:00
teutat3s f24a29196c
secrets: add drone, forgejo-actions-runner secrets and rekey 2023-11-15 18:54:32 +00:00
teutat3s 7be3567e6d
flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
b12f 7cc7517d9c
Merge pull request 'ci: run flake checks only on pull requests' (#55) from ci-on-pr-only into main
Reviewed-on: #55
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-15 18:47:13 +00:00
teutat3s 72badc7283
ci: run flake checks only on pull requests
All checks were successful
Flake checks / Check (pull_request) Successful in 17m26s
2023-11-15 18:47:00 +00:00
b12f e1827c7fc6
Merge pull request 'feat: advertise sliding sync support to matrix clients' (#54) from matrix-sliding-sync into main
All checks were successful
Flake checks / Check (push) Successful in 2m38s
Reviewed-on: #54
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-15 18:46:39 +00:00
teutat3s e041f05505
feat: advertise sliding sync support to matrix clients
All checks were successful
Flake checks / Check (push) Successful in 17m48s
2023-11-10 19:02:13 +01:00
b12f ef56e0f206
Merge pull request 'fix: CI + cachix' (#53) from fix/ci-cachix into main
All checks were successful
Flake checks / Check (push) Successful in 2m36s
Reviewed-on: #53
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-09 19:14:08 +00:00
teutat3s c66846d148
ci: nix based image
All checks were successful
Flake checks / Check (push) Successful in 16m28s
2023-11-09 20:10:40 +01:00
teutat3s dbc99864df
Bump flake flake.parts input 2023-11-09 20:10:40 +01:00
teutat3s b8e213d626
ci: try Node.js docker images 2023-11-09 20:10:08 +01:00
b12f fda21f8633
Merge pull request 'fix/add-matrix-wellknown' (#52) from fix/add-matrix-wellknown into main
Some checks failed
Flake checks / Check (push) Failing after 13s
Reviewed-on: #52
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-11-08 15:33:21 +00:00
Benjamin Bädorf b085c2e2b2
feat: add all matrix well-known data to nginx
Some checks failed
Flake checks / Check (push) Failing after 13s
2023-11-07 15:19:55 +01:00
Benjamin Bädorf 6fa03994b1
fix: add matrix well-known for pub.solar 2023-11-07 15:12:24 +01:00
b12f 8f603dad45
Merge pull request 'fix/backup-repositories-droppie' (#50) from fix/backup-repositories-droppie into main
Some checks failed
Flake checks / Check (push) Failing after 13s
Reviewed-on: #50
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-11-06 22:59:25 +00:00
Benjamin Bädorf d69e0350ef
fix: use clean new directory for backups on droppie
Some checks failed
Flake checks / Check (push) Failing after 13s
2023-11-06 22:59:17 +00:00
Benjamin Bädorf 07df547f33
fix: specify sftp storage for droppie restic backups 2023-11-06 22:59:17 +00:00
b12f 77a4460a36
Merge pull request 'fix: store forgejo sessions in DB' (#49) from fix/forgejo-store-sessions-in-db into main
Some checks failed
Flake checks / Check (push) Failing after 13s
Reviewed-on: #49
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-06 22:58:50 +00:00
teutat3s 428fcab009
fix: store forgejo sessions in DB
Some checks failed
Flake checks / Check (push) Failing after 14s
See:
https://docs.gitea.com/administration/config-cheat-sheet#session-session
2023-11-06 22:34:51 +01:00
teutat3s f576c7385d
Merge pull request 'backups' (#47) from feat/backups into main
Reviewed-on: #47
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-11-06 21:24:03 +00:00
Benjamin Bädorf c8233cf6a7
chore: simplify sudo command for backups 2023-11-06 22:22:36 +01:00
Benjamin Bädorf 052d752d27
feat: add settings_local.json to mailman-web backup 2023-11-06 22:20:29 +01:00
Benjamin Bädorf e8f72b6cf7
fix: remove unlock zfs module from lib 2023-11-06 22:09:22 +01:00
Benjamin Bädorf 20fbcbb571
fix: two typos 2023-11-06 21:07:24 +00:00
Benjamin Bädorf 841757517f
refactor: small backup refactoring 2023-11-06 21:07:24 +00:00
Benjamin Bädorf 42fbde31e5
feat: droppie backups for all nachtigall services 2023-11-06 21:07:24 +00:00
Benjamin Bädorf e7c70c6cd0
fix: nachtigall root ssh key config fixes 2023-11-06 21:07:24 +00:00
teutat3s a63e0e2154
Merge pull request 'feat: enable gitea actions in forgejo' (#40) from feat/gitea-actions into main
Reviewed-on: #40
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2023-11-06 21:07:01 +00:00
teutat3s 487e12015a
ci: add pub-solar cachix
https://app.cachix.org
2023-11-06 22:06:32 +01:00
teutat3s 6a96345760
feat: enable gitea actions in forgejo
See: https://docs.gitea.com/usage/actions/quickstart
2023-11-06 22:06:16 +01:00
b12f 62e1e0cddc
Merge pull request 'refactor: change file structure to use modules dir' (#41) from refactor/file-structure into main
Reviewed-on: #41
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-11-06 12:11:46 +00:00
Benjamin Bädorf e8ad662631
refactor: change file structure to use modules dir
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
2023-11-06 13:11:30 +01:00
b12f 65a660117a
Merge pull request 'feat: add declarative root ssh key on nachtigall' (#46) from feat/declarative-root-ssh-nachtigall into main
Reviewed-on: #46
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2023-11-05 20:54:39 +00:00
Benjamin Bädorf d011cb04e1
feat: add declarative root ssh key on nachtigall 2023-11-05 19:35:37 +01:00
Akshay Mankar a9beccc31f
Merge pull request 'fix: keep forgejo email addresses private by default' (#45) from feat/hide-forgejo-email-by-default into main
Reviewed-on: #45
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2023-11-05 14:08:44 +00:00
Benjamin Bädorf 633549159e
fix: keep forgejo email addresses private by default 2023-11-05 15:06:30 +01:00
b12f 90b0fb53e6
Merge pull request 'fix: enable websockets for collabora' (#43) from fix/collabora-websockets into main
Reviewed-on: #43
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-11-03 17:12:45 +00:00
b12f b8fb9fd867
Merge pull request 'fix: keycloak nginx buffer size' (#44) from fix/keycloak-nginx-buffer-size into main
Reviewed-on: #44
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-11-03 17:12:24 +00:00
teutat3s b9e18a167c
fix: keycloak nginx buffer size
Tune according to
https://www.getpagespeed.com/server-setup/nginx/tuning-proxy_buffer_size-in-nginx
2023-11-03 13:54:11 +01:00
teutat3s cd1fa3daef
fix: enable websockets for collabora
Adopt upstream recommended nginx config
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-nginx-webserver
2023-11-03 12:52:32 +01:00
teutat3s 7a7e4ba4b4
Merge pull request 'fix: tune nextcloud / php-fpm pool settings' (#42) from fix/nextcloud-tuning into main
Reviewed-on: #42
Reviewed-by: b12f <hello@benjaminbaedorf.eu>
2023-10-31 22:35:37 +00:00
teutat3s 9fc42c44a8
fix: tune nextcloud / php-fpm pool settings
Calculated on https://spot13.com/pmcalculator/
with 4GiB RAM available, average php-fpm process size 80MiB

Original settings are
pm = dynamic
pm.max_children = 32
pm.max_requests = 500
pm.max_spare_servers = 4
pm.min_spare_servers = 2
pm.start_servers = 2
2023-10-31 21:24:27 +01:00
teutat3s 92996fb0c0
Merge pull request 'fix: Searx is running' (#39) from fix/searx into main
Reviewed-on: #39
Reviewed-by: teutat3s <teutates@mailbox.org>
2023-10-29 22:51:58 +00:00