pub-solar/infra
6
1
Fork 3
Code Issues 24 Pull requests 10 Actions Packages Projects 1 Releases Wiki Activity
402 commits 14 branches 0 tags 3.5 MiB
Commit graph

5 commits

Author SHA1 Message Date
Benjamin Yule Bädorf ad1ea4a49e
forgejo: run internal ssh server on port 22
All checks were successful
Flake checks / Check (pull_request) Successful in 8m11s
Details 
The system-wide SSH server was hidden behind a wireguard proxy for
security reasons, but since forgejo was using it, git pushes and pulls
got broken for people without wireguard access.

These config changes make sure forgejo starts its built-in SSH server
on port 22, which is then allowed to be accessed from the open internet
in the firewall config.
 2024-04-05 15:05:28 +02:00
Benjamin Yule Bädorf b1519c8f22
ssh: only allow ssh on wireguard interface
All checks were successful
Flake checks / Check (pull_request) Successful in 8m16s
Details
2024-04-05 14:28:18 +02:00
teutat3s d5922ff2b8
fix: disable DNSSEC for now because of an issue in
All checks were successful
Flake checks / Check (pull_request) Successful in 16m35s
Details 
systemd https://github.com/systemd/systemd/issues/10579

Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone

❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone

; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A

;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82

;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE  rcvd: 121
 2023-11-15 18:54:32 +00:00
teutat3s 7be3567e6d
flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
Benjamin Bädorf e8ad662631
refactor: change file structure to use modules dir 
This commit changes the file structure around, so that we have the
following parts:

`/modules` contains reusable logic blocks for hosts.
`/hosts` contains host configurations.
`/lib` contains nix library functions.
`/overlays` contains overlay files.
`/public-keys` contains all information regarding public keys.

This change reduces the complexity of flake.nix, instead delegating this
out to the `default.nix` files in the above directories.
 2023-11-06 13:11:30 +01:00