pub-solar/infra
6
1
Fork 3
Code Issues 27 Pull requests 11 Projects 1 Releases Packages Wiki Activity Actions
402 commits 18 branches 0 tags 7.7 MiB
Commit graph

11 commits

Author SHA1 Message Date
Benjamin Yule Bädorf
ad1ea4a49e
forgejo: run internal ssh server on port 22
All checks were successful
Flake checks / Check (pull_request) Successful in 8m11s
Details 
The system-wide SSH server was hidden behind a wireguard proxy for
security reasons, but since forgejo was using it, git pushes and pulls
got broken for people without wireguard access.

These config changes make sure forgejo starts its built-in SSH server
on port 22, which is then allowed to be accessed from the open internet
in the firewall config.
 2024-04-05 15:05:28 +02:00
Benjamin Yule Bädorf
b1519c8f22
ssh: only allow ssh on wireguard interface
All checks were successful
Flake checks / Check (pull_request) Successful in 8m16s
Details
2024-04-05 14:28:18 +02:00
Benjamin Yule Bädorf
eacf60974c
wireguard: initial commit 2024-04-05 11:09:31 +00:00
teutat3s
815033c764
treewide: apply nixpkgs-fmt 
Used command:
nixpkgs-fmt .
 2024-01-27 20:29:30 +01:00
teutat3s
38a6e5e084
fix: add nix registry setting to speed up ad-hoc flake
All checks were successful
Flake checks / Check (pull_request) Successful in 17m44s
Details 
usage, e.g. via nix shell nixpkgs#<flake-name>
 2023-11-16 22:05:04 +01:00
b12f
f5185e5c15
feat: add mediawiki
Some checks reported warnings
Flake checks / Check (pull_request) Has been cancelled
Details 
Co-authored-by: @teutat3s <teutates@mailbox.org>
 2023-11-15 21:40:29 +01:00
teutat3s
d5922ff2b8
fix: disable DNSSEC for now because of an issue in
All checks were successful
Flake checks / Check (pull_request) Successful in 16m35s
Details 
systemd https://github.com/systemd/systemd/issues/10579

Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone

❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone

; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A

;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82

;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE  rcvd: 121
 2023-11-15 18:54:32 +00:00
teutat3s
9c1d19d49f
nachtigall: move SSH private key from user to host 2023-11-15 18:54:32 +00:00
teutat3s
7be3567e6d
flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
Benjamin Bädorf
20fbcbb571
fix: two typos 2023-11-06 21:07:24 +00:00
Benjamin Bädorf
e8ad662631
refactor: change file structure to use modules dir 
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
 2023-11-06 13:11:30 +01:00