pub.solar infrastructure, mostly in nix and terraform
Find a file
teutat3s d5922ff2b8
All checks were successful
Flake checks / Check (pull_request) Successful in 16m35s
fix: disable DNSSEC for now because of an issue in
systemd https://github.com/systemd/systemd/issues/10579

Without this change, there are random SERVFAIL responses with Greenbaum DNS
when using allow-downgrade. Fixes DNS queries for lev-1.int.greenbaum.zone

❯ dig obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone

; <<>> DiG 9.18.19 <<>> obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1871
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. IN A

;; ANSWER SECTION:
obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone. 22 IN A 192.168.128.82

;; Query time: 105 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Nov 09 10:38:02 UTC 2023
;; MSG SIZE  rcvd: 121
2023-11-15 18:54:32 +00:00
.forgejo/workflows ci: run flake checks only on pull requests 2023-11-15 18:47:00 +00:00
docs docs: clean up 2023-11-15 18:54:32 +00:00
hosts nachtigall: move SSH private key from user to host 2023-11-15 18:54:32 +00:00
lib fix: remove unlock zfs module from lib 2023-11-06 22:09:22 +01:00
modules fix: disable DNSSEC for now because of an issue in 2023-11-15 18:54:32 +00:00
overlays flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
public-keys refactor: change file structure to use modules dir 2023-11-06 13:11:30 +01:00
secrets wip: actions runner 2023-11-15 18:54:32 +00:00
terraform chore: add search.pub.solar dns entry 2023-10-29 22:14:13 +01:00
.envrc Add dev shell 2023-10-28 12:38:14 +02:00
.gitignore feat: add terraform DNS docs 2023-10-29 19:39:22 +00:00
flake.lock flora-6: refactor to use flake.parts 2023-11-15 18:54:32 +00:00
flake.nix wip: actions runner 2023-11-15 18:54:32 +00:00
README.md docs: init docs 2023-10-29 00:52:54 +00:00

The pub.solar infrastructure

This repository contains all almost all of the configuration for the whole pub.solar infrastructure. Our goal is to have everything, from host configurations to Terraform DNS in this repository.

The architecture we are working towards is a vast simplification of what it was before: one dedicated Hetzner server running NixOS with all services. Offsite backups go to several different locations with restic.

Contributing

If you'd like to contribute, it makes sense to talk to the crew on Matrix via #hakken. We can help figuring out how things work and can make sure your ideas fit the pub.solar philosophy. Of course popping a pull request is always celebrated.

To start, see how to get a development shell.