ad1ea4a49e
forgejo: run internal ssh server on port 22
...
Flake checks / Check (pull_request) Successful in 8m11s
The system-wide SSH server was hidden behind a wireguard proxy for
security reasons, but since forgejo was using it, git pushes and pulls
got broken for people without wireguard access.
These config changes make sure forgejo starts its built-in SSH server
on port 22, which is then allowed to be accessed from the open internet
in the firewall config.
2024-04-05 15:05:28 +02:00
2851273d18
Merge pull request 'security/close-ssh' ( #128 ) from security/close-ssh into main
...
Reviewed-on: #128
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 12:51:04 +00:00
b1519c8f22
ssh: only allow ssh on wireguard interface
Flake checks / Check (pull_request) Successful in 8m16s
2024-04-05 14:28:18 +02:00
f7eaef0d18
wireguard: fix flora-6 address and private key
...
Reviewed-on: #129
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Co-authored-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
Co-committed-by: Benjamin Yule Bädorf <git@benjaminbaedorf.eu>
2024-04-05 11:26:38 +00:00
51523439e7
Merge pull request 'feat/wireguard' ( #126 ) from feat/wireguard into main
...
Reviewed-on: #126
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 11:09:31 +00:00
48845d6cf6
logins/wireguard: move teutat3s wireguard device
2024-04-05 11:09:31 +00:00
c53adf51f7
logins: add judy for hensoko
2024-04-05 11:09:31 +00:00
a795f0824f
logins: fix admin login merging
2024-04-05 11:09:31 +00:00
83125ae472
logins: check for missing wireguard device attribute
2024-04-05 11:09:31 +00:00
147ed44b9a
wireguard: add dumpyourvms
2024-04-05 11:09:31 +00:00
621e9336ed
wireguard: add basic keys
2024-04-05 11:09:31 +00:00
eacf60974c
wireguard: initial commit
2024-04-05 11:09:31 +00:00
6748e44824
Merge pull request 'chore: update element-desktop, matrix-synapse, nextcloud and misc' ( #127 ) from chore/flake-updates into main
...
Reviewed-on: #127
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 11:06:25 +00:00
815dccc0b4
chore: update flake inputs
...
Flake checks / Check (pull_request) Successful in 1h15m46s
• Updated input 'agenix':
'github:ryantm/agenix/8cb01a0e717311680e0cbca06a76cbceba6f3ed6' (2024-02-13)
→ 'github:ryantm/agenix/1381a759b205dff7a6818733118d02253340fd5e' (2024-04-02)
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
→ 'github:serokell/deploy-rs/88b3059b020da69cbe16526b8d639bd5e0b51c8b' (2024-04-01)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
→ 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
→ 'github:NixOS/nixpkgs/d8fe5e6c92d0d190646fb9f1056741a229980089?dir=lib' (2024-03-29)
• Updated input 'home-manager':
'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
→ 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/bcc8afd06e237df060c85bad6af7128e05fd61a3' (2024-03-17)
→ 'github:lnl7/nix-darwin/36524adc31566655f2f4d55ad6b875fb5c1a4083' (2024-03-30)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/05f9464e282dee5a706273f50344a8201d8980b5' (2024-03-19)
→ 'github:srid/nixos-flake/7b19503e7f8c7cc0884fc2fbd669c0cc2e05aef5' (2024-03-25)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/fa9f817df522ac294016af3d40ccff82f5fd3a63' (2024-03-19)
→ 'github:nixos/nixpkgs/1487bdea619e4a7a53a4590c475deabb5a9d1bfb' (2024-04-03)
• Updated input 'unstable':
'github:nixos/nixpkgs/b06025f1533a1e07b6db3e75151caa155d1c7eb3' (2024-03-19)
→ 'github:nixos/nixpkgs/fd281bd6b7d3e32ddfa399853946f782553163b5' (2024-04-03)
2024-04-04 18:49:09 +02:00
dda8ed6938
Merge pull request 'mediawiki: update to v1.41.1' ( #125 ) from mediawiki/v1.41.1 into main
...
Reviewed-on: #125
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-03-29 23:41:43 +00:00
9433a8aea7
mediawiki: update to v1.41.1
Flake checks / Check (pull_request) Successful in 7m58s
2024-03-30 00:10:09 +01:00
37ebcb3669
Merge pull request 'website: add security.txt' ( #122 ) from feat/security-txt into main
...
Reviewed-on: #122
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-03-25 16:26:17 +00:00
6aea728583
Merge branch 'main' into feat/security-txt
Flake checks / Check (pull_request) Successful in 7m4s
2024-03-25 15:38:30 +00:00
a5e72f9cc7
Merge pull request 'matrix: set forgotten_room_retention_period to 7d' ( #124 ) from matrix/room-retention-period into main
...
Reviewed-on: #124
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-03-25 15:38:24 +00:00
b9cffad02a
matrix: set forgotten_room_retention_period to 7d
...
Flake checks / Check (pull_request) Successful in 7m4s
This commit sets the value for the synapse config option
`forgotten_room_retention_period` to 7 days. This was previously unset,
meaning rooms that had no more local users were never purged from the database.
The new value makes sure that 7 days after the last local user left a
room, it will be permanently deleted from the database.
https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=forgotten_room_retention_period#forgotten_room_retention_period
2024-03-24 18:24:30 +01:00
2bb2247716
website: add security.txt
...
Flake checks / Check (pull_request) Successful in 6m58s
Ref: pub-solar/legal#11
2024-03-23 11:07:04 +01:00
ef943f02e3
Merge pull request 'Update element-web, matrix-synapse' ( #121 ) from chore/flake-updates into main
...
Reviewed-on: #121
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-03-21 10:24:34 +00:00
45e91d7ef1
fix: drone port should bind to localhost
Flake checks / Check (pull_request) Successful in 18m12s
2024-03-21 10:44:40 +01:00
e33529ad4b
chore: bump flake inputs
2024-03-21 10:44:16 +01:00
1f8e53053b
Merge pull request 'public-keys: update b12f ssh keys with new yubikeys' ( #120 ) from b12f/public-keys-update into main
...
Reviewed-on: #120
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-03-20 10:51:41 +00:00
c8c10269c4
public-keys: update b12f ssh keys with new yubikeys
Flake checks / Check (pull_request) Successful in 17m39s
2024-03-20 11:27:23 +01:00
27116f053a
Merge pull request 'chore: updates for element-web, forgejo, mastodon, nextcloud' ( #119 ) from chore/updates into main
...
Reviewed-on: #119
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-03-05 22:38:52 +00:00
b76b7821a7
chore: update flake inputs
...
Flake checks / Check (pull_request) Successful in 19m43s
• Updated input 'deploy-rs':
'github:serokell/deploy-rs/1776009f1f3fb2b5d236b84d9815f2edee463a9b' (2024-01-10)
→ 'github:serokell/deploy-rs/0a0187794ac7f7a1e62cda3dabf8dc041f868790' (2024-02-16)
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
→ 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
→ 'github:NixOS/nixpkgs/1536926ef5621b09bba54035ae2bb6d806d72ac8?dir=lib' (2024-02-29)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/44f50a5ecaab72a61d5fd8e5c5717bc4bf9c25dd' (2024-02-12)
→ 'github:lnl7/nix-darwin/daa03606dfb5296a22e842acb02b46c1c4e9f5e7' (2024-03-04)
• Updated input 'nixos-flake':
'github:srid/nixos-flake/3891b2030114f8661402991eac9be0ed59f786ae' (2024-02-09)
→ 'github:srid/nixos-flake/50203d68b305abff2f29e555992eb55ddeffbcd5' (2024-02-24)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
→ 'github:nixos/nixpkgs/617579a787259b9a6419492eaac670a5f7663917' (2024-03-04)
• Updated input 'unstable':
'github:nixos/nixpkgs/a4d4fe8c5002202493e87ec8dbc91335ff55552c' (2024-02-15)
→ 'github:nixos/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
• Removed input 'nixpkgs-head'
2024-03-05 21:39:19 +01:00
14e689486b
Merge pull request 'fix: nginx duplicate default server' ( #118 ) from fix/nginx-duplicate-default-server into main
...
Reviewed-on: #118
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-25 22:07:52 +00:00
c49ffb2d5b
fix: nginx duplicate default server
...
Flake checks / Check (pull_request) Successful in 4m53s
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/nginx.conf:665
2024-02-25 23:02:00 +01:00
aa607396e4
Merge pull request 'nginx/miom: init miom.space website' ( #116 ) from feat/miom.space into main
...
Reviewed-on: #116
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-02-25 21:42:03 +00:00
de04556191
nginx/miom: disable logging
Flake checks / Check (pull_request) Successful in 4m42s
2024-02-25 21:41:06 +00:00
0e89b7f210
nginx/miom: init miom.space website
...
This adds an nginx configuration for https://miom.space/ . MiOM is a
creative collective in Cologne that frequently hosts our hakken.irl
hackathons. They're already using our cloud to organize.
This service is a bit more specific than most pub.solar services and falls
into a similar category as the obs-portal.
On the old miom website all logging was turned off, we might want to do
the same thing in nginx here as well then.
2024-02-25 21:41:06 +00:00
1878595af2
Merge pull request 'nginx/pub.solar: disable logging for homepage' ( #117 ) from privacy/website-no-logging into main
...
Reviewed-on: #117
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
2024-02-25 18:10:30 +00:00
24b77b6de5
nginx/pub.solar: disable logging for homepage
Flake checks / Check (pull_request) Successful in 4m45s
2024-02-25 18:51:24 +01:00
50fa98eebb
Merge pull request 'security: Upgrade mastodon to 4.2.7' ( #114 ) from mastodon-4.2.7 into main
...
Reviewed-on: #114
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-16 13:47:58 +00:00
f7d7964299
security: Upgrade mastodon to 4.2.7
Flake checks / Check (pull_request) Successful in 19m21s
2024-02-16 13:22:39 +01:00
afcfb4fe0f
Merge pull request 'chore: nix flake update' ( #113 ) from flake-update-16-02 into main
...
Reviewed-on: #113
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-16 09:23:32 +00:00
bbc01be474
chore: nix flake update
Flake checks / Check (pull_request) Successful in 16m40s
2024-02-16 10:13:32 +01:00
0bf113e3a9
Merge pull request 'feat: init tmate-ssh-server' ( #112 ) from feat/tmate into main
...
Reviewed-on: #112
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
2024-02-14 20:32:14 +00:00
842ec945f4
forgejo: appName option has been renamed
...
Flake checks / Check (pull_request) Successful in 10m14s
trace: warning: The option `services.forgejo.appName' defined in
`/nix/store/z68x68rbw9sg4d7mcjrjd6aq598rmrwf-source/hosts/nachtigall/apps/forgejo.nix'
has been renamed to `services.forgejo.settings.DEFAULT.APP_NAME'.
2024-02-07 19:02:04 +01:00
d67190d175
feat: init tmate-ssh-server
...
https://tmate.io
2024-02-07 19:01:36 +01:00
840a250278
Merge pull request 'chore: update element-web, keycloak, matrix-synapse, nextcloud, misc' ( #110 ) from chore/bump-flake-inputs into main
...
Reviewed-on: #110
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-07 16:46:11 +00:00
b54ff7d6bf
Merge pull request 'feat: use forgejo NixOS module with gitea user' ( #111 ) from feat/forgejo-module into main
...
Reviewed-on: #111
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-07 16:46:02 +00:00
700173a874
Merge pull request 'dns: add DKIM record to pub.solar domain' ( #109 ) from feat/dkim into main
...
Reviewed-on: #109
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
2024-02-07 16:45:26 +00:00
f43ba01ee6
feat: use forgejo NixOS module with gitea user
...
Flake checks / Check (pull_request) Successful in 7m50s
https://nixos.org/manual/nixos/stable/#module-forgejo-migration-gitea
2024-02-06 12:19:45 +01:00
fcc74784ea
fix: remove mastodon version 4.2.5 overlay
...
Flake checks / Check (pull_request) Successful in 18m42s
It's now included in nixos-23.11
2024-02-06 10:57:28 +01:00
bf0ab84979
chore: bump flake inputs
...
• Updated input 'flake-parts':
'github:hercules-ci/flake-parts/07f6395285469419cf9d078f59b5b49993198c00' (2024-01-11)
→ 'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
• Updated input 'flake-parts/nixpkgs-lib':
'github:NixOS/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9?dir=lib' (2023-12-30)
→ 'github:NixOS/nixpkgs/97b17f32362e475016f942bbdfda4a4a72a8a652?dir=lib' (2024-01-29)
• Updated input 'home-manager':
'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19)
→ 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
• Updated input 'nix-darwin':
'github:lnl7/nix-darwin/00538eecf2d1a8f98a53a71c9c84f913003ec5e8' (2024-01-29)
→ 'github:lnl7/nix-darwin/bdbae6ecff8fcc322bf6b9053c0b984912378af7' (2024-02-02)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27)
→ 'github:nixos/nixpkgs/9f2ee8c91ac42da3ae6c6a1d21555f283458247e' (2024-02-05)
• Updated input 'unstable':
'github:nixos/nixpkgs/ae5c332cbb5827f6b1f02572496b141021de335f' (2024-01-25)
→ 'github:nixos/nixpkgs/faf912b086576fd1a15fca610166c98d47bc667e' (2024-02-05)
2024-02-06 10:56:56 +01:00
4f558e8a9b
dns: add DKIM record
Flake checks / Check (pull_request) Successful in 8m50s
2024-02-05 22:27:34 +01:00
0deb8eb6be
Merge pull request 'security: update mastodon to 4.2.5' ( #108 ) from security/mastodon-4.2.5 into main
...
Reviewed-on: #108
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
2024-02-01 17:11:05 +00:00
