pub-solar/infra
5
2
Fork 3
Code Issues31 Pull requests11 Projects1 Releases Packages Wiki Activity Actions
880 commits 20 branches 0 tags 15 MiB
Commit graph

880 commits

Author SHA1 Message Date
b12f
cecf112d95
Merge pull request 'security: update mediawiki, update synapse and others' () from updates-mediawiki into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-13 19:44:18 +00:00
teutat3s
85bcf84e9c
mediawiki: security update to 1.43.1 2025-04-13 16:11:34 +02:00
teutat3s
da68f61342
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/f6dbc8952df9e40afafbe38449751bfad12d64f2' (2025-04-01)
  → 'github:nix-community/disko/76c0a6dba345490508f36c1aa3c7ba5b6b460989' (2025-04-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/15c5f9d04fabd176f30286c8f52bbdb2c853a146' (2025-03-31)
  → 'github:nix-community/home-manager/b4e98224ad1336751a2ac7493967a4c9f6d9cb3f' (2025-04-08)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/73d59580d01e9b9f957ba749f336a272869c42dd' (2025-04-01)
  → 'github:lnl7/nix-darwin/43975d782b418ebf4969e9ccba82466728c2851b' (2025-04-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4' (2025-04-01)
  → 'github:nixos/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d' (2025-04-12)
• Updated input 'unstable':
    'github:nixos/nixpkgs/77b584d61ff80b4cef9245829a6f1dfad5afdfa3' (2025-03-31)
 2025-04-13 16:08:34 +02:00
teutat3s
39a7dd3af8
Merge pull request 'nextcloud: attempt to fix 'CSRF check failed'' () from fix-nextcloud-session into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-07 18:12:03 +00:00
teutat3s
8db9c98093
nextcloud: attempt to fix CSRF check failed with 
shorter session_lifetime
 2025-04-03 23:46:59 +02:00
teutat3s
47502667f5
Merge pull request 'core/networking: convert DNS resolved config to NixOS options' () from dns-convert-to-options into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-02 19:38:34 +00:00
teutat3s
c4374b2142
Merge pull request 'maintenance: update element-web, forgejo, restic and more' () from updates-30-03 into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-04-02 19:38:20 +00:00
teutat3s
8474bd6411
Merge pull request 'backups: only run restic prune on the last backup' () from backups-prune-only-once into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-04-02 11:51:06 +00:00
teutat3s
a08003f125
backups: only run restic prune on the last backup 
After this change, only obs-portal backup will prune the repository of
old snapshots. This is the last backup service to run at 06:00 AM UTC.

This should avoid our nightly backups failing because of the exclusive
lock on the restic repo. We currently start the next backup while the
previous one is still pruning, which makes the newly started one fail
with:

repo already locked, waiting up to 0s for the lock
unable to create lock in backend: repository is already locked by PID 228…
 2025-04-02 13:17:22 +02:00
teutat3s
6d88e853c1
matrix-synapse: remove overlay, 1.127.1 reached 24.11 2025-04-02 12:29:45 +02:00
teutat3s
1de4d6bdcf
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/0d8c6ad4a43906d14abd5c60e0ffe7b587b213de' (2025-03-12)
  → 'github:nix-community/disko/f6dbc8952df9e40afafbe38449751bfad12d64f2' (2025-04-01)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07)
  → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02)
  → 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30)
• Updated input 'home-manager':
    'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff' (2025-03-22)
  → 'github:nix-community/home-manager/15c5f9d04fabd176f30286c8f52bbdb2c853a146' (2025-03-31)
• Updated input 'maunium-stickerpicker':
    'github:maunium/stickerpicker/89d3aece041c85ebe5a1ad4e620388af5227cbb0?dir=web' (2024-12-02)
  → 'github:maunium/stickerpicker/4b96d236212b1212976f4c3c60479e7aaed866cb?dir=web' (2025-03-25)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/ebb88c3428dcdd95c06dca4d49b9791a65ab777b' (2025-03-23)
  → 'github:lnl7/nix-darwin/73d59580d01e9b9f957ba749f336a272869c42dd' (2025-04-01)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092' (2025-03-23)
  → 'github:nixos/nixpkgs/02f2af8c8a8c3b2c05028936a1e84daefa1171d4' (2025-04-01)
• Updated input 'unstable':
    'github:nixos/nixpkgs/1e5b653dff12029333a6546c11e108ede13052eb' (2025-03-22)
  → 'github:nixos/nixpkgs/77b584d61ff80b4cef9245829a6f1dfad5afdfa3' (2025-03-31)
 2025-04-02 12:28:51 +02:00
teutat3s
6f195ac05a
Merge pull request 'security: matrix-synapse: update to 1.127.1' () from synapse-security into main 
Reviewed-on:
2025-03-28 14:19:40 +00:00
teutat3s
09efea6e5b
core/networking: convert DNS resolved config to NixOS options 
To help readability. Also added the default config value for DNSSEC
for visibility.
 2025-03-28 14:39:09 +01:00
teutat3s
ae2277aa21
matrix-synapse: pull in 1.127.1 early (security) 
Fixes https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
CVE-2025-30355
 2025-03-28 13:48:24 +01:00
teutat3s
cdf9819b93
Merge pull request 'updates: element-web, forgejo, keycloak, mastodon, matrix-synapse, nextcloud and more' () from updates-23-03 into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-03-25 17:46:03 +00:00
teutat3s
3cf98c1e0e
tests/keycloak: need to start acme-server 2025-03-25 18:39:26 +01:00
teutat3s
b5e6483ca4
garage: update to 1.1.0 2025-03-25 18:39:04 +01:00
teutat3s
f591ea6c65
overlays: remove matrix-authentication-service 
It's now backported to NixOS 24.11.
 2025-03-24 11:17:39 +01:00
teutat3s
e2c7808433
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/19c1140419c4f1cdf88ad4c1cfb6605597628940' (2025-02-25)
  → 'github:nix-community/disko/0d8c6ad4a43906d14abd5c60e0ffe7b587b213de' (2025-03-12)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01)
  → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07)
• Updated input 'flake-parts/nixpkgs-lib':
    '6d37022434.tar.gz?narHash=sha256-3wHafybyRfpUCLoE8M%2BuPVZinImg3xX%2BNm6gEfN3G8I%3D' (2025-03-01)
  → 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02)
• Updated input 'fork':
    'github:teutat3s/nixpkgs/e370f40b129e47b08562524ab4f053a172a94273' (2025-02-06)
  → 'github:teutat3s/nixpkgs/8a43eb74ac149c080d57d8c80d647fef74df84d8' (2025-03-05)
• Updated input 'home-manager':
    'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17)
  → 'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff' (2025-03-22)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/991bb2f6d46fc2ff7990913c173afdb0318314cb' (2025-03-04)
  → 'github:lnl7/nix-darwin/ebb88c3428dcdd95c06dca4d49b9791a65ab777b' (2025-03-23)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347' (2025-03-02)
  → 'github:nixos/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092' (2025-03-23)
• Updated input 'unstable':
    'github:nixos/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246' (2025-03-03)
  → 'github:nixos/nixpkgs/1e5b653dff12029333a6546c11e108ede13052eb' (2025-03-22)
 2025-03-24 11:17:20 +01:00
teutat3s
174d979ccc
Merge pull request 'docs: update deletion request docs' () from update-deletion-request-docs into main 
Reviewed-on: 
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2025-03-13 16:50:56 +00:00
teutat3s
5ecb8efd60
Merge pull request 'nachtigall: additional disks + docs' () from nachtigall-more-disks into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-03-13 16:50:47 +00:00
teutat3s
3caaf00239
Merge pull request 'docs: add systems overview, ZFS quickstart' () from docs-systems-overview into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-03-13 16:46:13 +00:00
b12f
664f7f06cc
docs: update deletion request docs 
* Add note on how to aquire an MAS auth token
* Update matrix cli docs URL
* Explain how to get to the forgejo cli
* Add response template
 2025-03-13 17:45:19 +01:00
teutat3s
6dfcffad4b
docs: add TOC to systems overview 2025-03-11 13:00:09 +01:00
teutat3s
7428c5e125
docs: add systems overview, ZFS quickstart 2025-03-11 12:59:52 +01:00
teutat3s
e8d92cb48f
nachtigall: add additional boot mirrors 2025-03-11 11:39:46 +01:00
teutat3s
c3e9b81719
docs: add notes about adding disks to nachtigall 2025-03-11 11:39:07 +01:00
teutat3s
e92c7c357d
Merge pull request 'backups: increase spread to 1 hour per backup' () from backups-increase-spread into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-03-08 14:01:43 +00:00
teutat3s
5de43ae03f
backups: increase spread to 1 hour per backup 2025-03-06 13:38:43 +01:00
teutat3s
2ec4637ced
Merge pull request 'security, maintenance: update keycloak, mastodon, matrix-synapse and others' () from 2025-03 into main 
Reviewed-on: 
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
 2025-03-04 21:15:17 +00:00
teutat3s
3fdc6d79ac
tests: wait for nachtigall before starting client 
to avoid a race between keycloak and test client
 2025-03-04 21:54:34 +01:00
teutat3s
2f48c853fe
tests: don't wait for acme client unit 2025-03-04 21:47:57 +01:00
teutat3s
0d637649be
Merge pull request 'mail, treewide: update password because forgejo cannot properly escape strings in 2025' () from update-admins-mail-password into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-03-04 19:37:56 +00:00
teutat3s
c54c14cc60
Merge pull request 'mediawiki: allow svg, pdf file type uploads' () from mediawiki-allow-svg-uploads into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-03-04 19:23:38 +00:00
teutat3s
5dca2382e1
tests: wait for acme_server before starting nachtigall 
to avoid a race between step-ca and acme-client
 2025-03-04 20:21:54 +01:00
teutat3s
db94060b22
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0' (2025-02-18)
  → 'github:nix-community/disko/19c1140419c4f1cdf88ad4c1cfb6605597628940' (2025-02-25)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd' (2025-02-01)
  → 'github:hercules-ci/flake-parts/3876f6b87db82f33775b1ef5ea343986105db764' (2025-03-01)
• Updated input 'flake-parts/nixpkgs-lib':
    '072a6db25e.tar.gz?narHash=sha256-vJzFZGaCpnmo7I6i416HaBLpC%2BhvcURh/BQwROcGIp8%3D' (2025-02-01)
  → '6d37022434.tar.gz?narHash=sha256-3wHafybyRfpUCLoE8M%2BuPVZinImg3xX%2BNm6gEfN3G8I%3D' (2025-03-01)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/6ab392f626a19f1122d1955c401286e1b7cf6b53' (2025-02-19)
  → 'github:lnl7/nix-darwin/991bb2f6d46fc2ff7990913c173afdb0318314cb' (2025-03-04)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/36864ed72f234b9540da4cf7a0c49e351d30d3f1' (2025-02-19)
  → 'github:nixos/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347' (2025-03-02)
• Updated input 'unstable':
    'github:nixos/nixpkgs/73cf49b8ad837ade2de76f87eb53fc85ed5d4680' (2025-02-18)
  → 'github:nixos/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246' (2025-03-03)
 2025-03-04 20:02:20 +01:00
teutat3s
4aedc5aed8
mediawiki: allow svg, pdf file type uploads 2025-03-04 19:43:48 +01:00
teutat3s
ba80bb98a2
mail: update admins@pub.solar password because forgejo 
cannot properly escape strings in 2025
 2025-03-04 19:41:04 +01:00
teutat3s
c87cac28bc
Merge pull request 'nextcloud: update skeleton, add german version' () from nextcloud-skeleton into main 
Reviewed-on: 
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
 2025-02-28 12:47:00 +00:00
teutat3s
ca60c9fd66
tests: wait for default.target, add check for acme 2025-02-28 13:46:04 +01:00
teutat3s
f4a2e7b165
Merge pull request 'nextcloud: make all apps declarative' () from nextcloud-declarative-apps into main 
Reviewed-on: 
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
 2025-02-28 12:06:33 +00:00
teutat3s
d519db0b0e
style: fix formatting 2025-02-28 13:06:04 +01:00
teutat3s
474549fc7a
nextcloud-skeleton: en should be default 
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory
 2025-02-28 13:05:01 +01:00
teutat3s
711cd3c1ae
nextcloud: make all apps declarative to avoid 
downtime caused by failing auto updates
 2025-02-28 12:44:08 +01:00
teutat3s
b4c5a25da0
nextcloud-skeleton: remove fs.trace 2025-02-28 12:33:39 +01:00
teutat3s
df4444b015
Merge branch 'main' into nextcloud-skeleton 2025-02-25 13:55:09 +01:00
teutat3s
453e3d96d1
nextcloud: initial skeleton directory derivation 
for English and German
 2025-02-24 22:31:55 +01:00
teutat3s
9b921f6c07
Merge pull request 'Update docs/nixos-anywhere.md' () from hensoko-docs-nixos-anywhere into main 
Reviewed-on: 
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
 2025-02-24 20:54:37 +00:00
teutat3s
a18e1ff86c
Merge pull request 'security update for ssh, update nextcloud' () from security-update-ssh into main 
Reviewed-on: 
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
 2025-02-20 13:17:48 +00:00
teutat3s
7ed692f6c2
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/fa5746ecea1772cf59b3f34c5816ab3531478142' (2025-02-15)
  → 'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0' (2025-02-18)
• Updated input 'home-manager':
    'github:nix-community/home-manager/254d47082e23dbf72fdeca1da6fe1da420f478d8' (2025-02-14)
  → 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17)
• Updated input 'nix-darwin':
    'github:lnl7/nix-darwin/678b22642abde2ee77ae2218ab41d802f010e5b0' (2025-02-14)
  → 'github:lnl7/nix-darwin/6ab392f626a19f1122d1955c401286e1b7cf6b53' (2025-02-19)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/0b73e36b1962620a8ac551a37229dd8662dac5c8' (2025-02-13)
  → 'github:nixos/nixpkgs/36864ed72f234b9540da4cf7a0c49e351d30d3f1' (2025-02-19)
• Updated input 'unstable':
    'github:nixos/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0' (2025-02-13)
  → 'github:nixos/nixpkgs/73cf49b8ad837ade2de76f87eb53fc85ed5d4680' (2025-02-18)
 2025-02-20 12:14:01 +01:00