After this has been tested successfully, root SSH login can be disabled.
The advantages of having a user for each adminstrator:
* Better security analysis: who issued executed what command, who
touched which file, who used sudo at which time.
* Possibility of granular access, e.g. person X is only allowed to
manage service Y
This commit removes the flora-6 host. All services are moved to
trinkgenossin, with the drone service being removed completely in favour
of forgejo actions.
instead of overriding IPs for existing DNS records, to reduce suprises
when DNS records are different depending on the host.
Add metronom + tankstelle internal wireguard IPs, too.
This works towards having reusable modules
* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
This is needed because `config.pub-solar-os.auth` has to be available
everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name