pub.solar infrastructure, mostly in nix and terraform
Find a file
b12f daf2a34274
Some checks failed
Flake checks / Check (pull_request) Failing after 25s
auth: add user for each administrator
After this has been tested successfully, root SSH login can be disabled.

The advantages of having a user for each adminstrator:

* Better security analysis: who issued executed what command, who
  touched which file, who used sudo at which time.
* Possibility of granular access, e.g. person X is only allowed to
  manage service Y
2024-11-12 20:22:25 +01:00
.forgejo/workflows ci: use treefmt2 with flag --ci 2024-10-24 15:43:00 +02:00
docs Merge pull request 'docs: more garage CLI usage, avoid leaking secret' (#246) from docs-garage into main 2024-11-06 14:39:53 +00:00
hosts matrix: disable sliding-sync proxy, it's built into 2024-10-30 20:31:29 +01:00
lib docs: add metronom to deploy docs, style: format 2024-05-31 16:52:03 +02:00
logins auth: add user for each administrator 2024-11-12 20:22:25 +01:00
modules auth: add user for each administrator 2024-11-12 20:22:25 +01:00
overlays matrix-authentication-service: init host underground 2024-10-30 18:37:45 +01:00
secrets matrix: disable sliding-sync proxy, it's built into 2024-10-30 20:31:29 +01:00
terraform dns: list.pub.solar should be A / AAAA records 2024-10-30 18:37:46 +01:00
tests tests: create keycloak test, add working test for website 2024-08-27 09:55:25 +02:00
.editorconfig secrets: ensure no final newline 2024-08-21 16:39:14 +02:00
.envrc Add dev shell 2023-10-28 12:38:14 +02:00
.git-blame-ignore-revs style: update git-blame-ignore-revs 2024-05-08 23:14:34 +02:00
.gitignore chore: add results to gitignore 2024-05-06 19:39:30 +02:00
CONTRIBUTING.md docs: add CONTRIBUTING 2024-05-08 22:29:11 +02:00
flake.lock fix: passkey support in pub.solar keycloak theme 2024-10-30 18:37:46 +01:00
flake.nix Merge pull request 'ci: use treefmt2 with flag --ci' (#248) from ci-treefmt into main 2024-11-06 14:40:03 +00:00
LICENSE.md Add AGPL LICENSE 2024-05-08 22:28:45 +02:00
README.md docs: add CONTRIBUTING 2024-05-08 22:29:11 +02:00
treefmt.toml style: check formatting using nixpkgs standard and 2024-05-08 22:56:28 +02:00

The pub.solar infrastructure

This repository contains almost all of the configuration for the whole pub.solar infrastructure. Our goal is to have everything, from host configurations to Terraform DNS in this repository.

The architecture we are working towards is a vast simplification of what it was before: one dedicated Hetzner server running NixOS with all services. Offsite backups go to several different locations with restic.

Contributing

If you'd like to contribute, it makes sense to talk to the crew on Matrix via #hakken. We can help figuring out how things work and can make sure your ideas fit the pub.solar philosophy. Of course popping a pull request is always celebrated.

To start, check our contributing guide.