Commit graph

162 commits

Author SHA1 Message Date
teutat3s f4a29822fb
keycloak: enable feature declarative-user-profile
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
This is useful for setting required attributes, e.g. to exclude
firstName and lastName from the required attributes in the user profile
2023-07-20 20:10:02 +02:00
teutat3s 17c76ec7b1
caddy: use module from latest to enable gracefully
All checks were successful
continuous-integration/drone/pr Build is passing
reloading upon config change instead of restarting
2023-07-13 21:16:12 +02:00
teutat3s 6fd2903516
flora-6: add back openssh MACs that got removed
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
from defaults

NixOS default openssh MACs have changed to use "encrypt-then-mac" only.
This breaks compatibilty with clients that do not offer these MACs. For
compatibility reasons, we add back the old defaults.
See: https://github.com/NixOS/nixpkgs/pull/231165

https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
2023-07-07 12:13:57 +02:00
teutat3s 9dbfb4eaaa
flora-6: use renamed openssh settings
trace: warning: The option `services.openssh.permitRootLogin' defined in `/nix/store/ha98lp4l8ccspyfn5liq0k9ds3cs20zl-source/hosts/flora-6/flora-6.nix' has been renamed to `services.openssh.settings.PermitRootLogin'.
trace: warning: The option `services.openssh.passwordAuthentication' defined in `/nix/store/ha98lp4l8ccspyfn5liq0k9ds3cs20zl-source/hosts/flora-6/flora-6.nix' has been renamed to `services.openssh.settings.PasswordAuthentication'.
2023-07-02 17:55:58 +02:00
teutat3s fc0768d353
gitea: use renamed options in gitea.settings.server
trace: warning: The option `services.gitea.rootUrl' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.ROOT_URL'.
trace: warning: The option `services.gitea.httpPort' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.HTTP_PORT'.
trace: warning: The option `services.gitea.httpAddress' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.HTTP_ADDR'.
trace: warning: The option `services.gitea.domain' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.DOMAIN'.
2023-07-02 17:55:58 +02:00
teutat3s 9bd45f0a10
Merge pull request 'Use forgejo instead of gitea, bump flake inputs' (#226) from infra-gitea-to-forgejo-bump-flakes into infra
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #226
Reviewed-by: hensoko <hensoko@gssws.de>
2023-05-14 15:14:28 +02:00
teutat3s 7cbe86ff11
flora-6: use forgejo instead of gitea, bump flake
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
inputs:

• Updated input 'agenix':
    'github:ryantm/agenix/e64961977f60388dd0b49572bb0fc453b871f896' (2023-03-31)
  → 'github:ryantm/agenix/2994d002dcff5353ca1ac48ec584c7f6589fe447' (2023-04-21)
• Updated input 'darwin':
    'github:LnL7/nix-darwin/025912529dd0b31dead95519e944ea05f1ad56f2' (2023-04-10)
  → 'github:LnL7/nix-darwin/252541bd05a7f55f3704a3d014ad1badc1e3360d' (2023-05-10)
• Updated input 'deploy':
    'github:serokell/deploy-rs/8c9ea9605eed20528bf60fae35a2b613b901fd77' (2023-01-19)
  → 'github:serokell/deploy-rs/c80189917086e43d49eece2bd86f56813500a0eb' (2023-05-11)
• Updated input 'latest':
    'github:nixos/nixpkgs/db24d86dd8a4769c50d6b7295e81aa280cd93f35' (2023-04-10)
  → 'github:nixos/nixpkgs/897876e4c484f1e8f92009fd11b7d988a121a4e7' (2023-05-06)
• Updated input 'nixos':
    'github:nixos/nixpkgs/ea96b4af6148114421fda90df33cf236ff5ecf1d' (2023-04-10)
  → 'github:nixos/nixpkgs/9656e85a15a0fe67847ee8cdb99a20d8df499962' (2023-05-12)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/3006d2860a6ed5e01b0c3e7ffb730e9b293116e2' (2023-04-07)
  → 'github:nixos/nixos-hardware/81cd886719e10d4822b2a6caa96e95d56cc915ef' (2023-05-13)
2023-05-13 17:16:35 +02:00
teutat3s dd62bf1752
flora-6: init owncast
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-05-13 16:50:58 +02:00
teutat3s a6970708ad
flora-6: pub.solar webfinger should redirect to
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
mastodon, if the query parameter matches resource

See: https://docs.joinmastodon.org/spec/webfinger/
and: https://docs.joinmastodon.org/admin/config/#web_domain
2023-04-22 03:22:05 +02:00
teutat3s 894c30c0d6
flora-6: enable gitea mail notifications, update
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
gitea mailer config section, see:

https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer
2023-04-11 18:35:57 +02:00
teutat3s d888af018c
Merge pull request 'flora-6: merge main branch' (#178) from flora-6/merge-main into infra
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #178
2023-03-08 18:32:28 +01:00
teutat3s f9e70e18dc
flora-6: move ISO images to /data
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
There is a second, bigger disk attached to flora-6, let's use it
2023-03-05 23:54:56 +01:00
teutat3s 80c1a7927a
flora-6: configure more agressive garbage
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
collection

Reason: it has already happened a few times, that flora-6 ran out of
disk space. With this fix, hopefully the garbage collection should
kick in earlier and prevent this from happening
2023-03-05 18:38:42 +01:00
teutat3s f0caf9b5a1
gitea: re-enable serverside GPG signing
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-03-05 16:55:14 +01:00
teutat3s df79b8a3c9
caddy: fix formatting
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-03-05 15:22:57 +01:00
teutat3s d1175e82b4
Add Tailscale custom OIDC webfinger
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
See: https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup
2023-03-05 15:13:25 +01:00
Hendrik Sokolowski 354fd593bb
make link for satzung temporary
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-03-01 22:16:49 +01:00
Hendrik Sokolowski 831c44fceb Add link for satzung in caddy
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-02-27 23:12:05 +01:00
teutat3s a1cb071773
mailman: trigger postfix reload when caddy renews
TLS Let's Encrypt certificates
2023-02-25 18:21:53 +01:00
teutat3s 94cc00572e
drone: ensure docker starts before trying to
create docker network drone-net with systemd dependencies
2023-02-25 17:58:48 +01:00
teutat3s 1199820574
postfix: use caddy's certs for STARTTLS on port 25 2023-02-25 16:28:10 +01:00
teutat3s 5e5fb64dde
flora-6: postfix should use list.pub.solar as
hostname

- Send postmaster and root mails to admins@pub.solar
- Add TODO comment about django-keycloak
2023-02-25 15:55:44 +01:00
teutat3s 008e14482f
flora-6: clean up unneeded postfix config file 2023-02-25 15:55:44 +01:00
teutat3s bea032ad99
flora-6: init mailman with NixOS module
Docker containers were too complicated to setup
2023-02-25 15:55:44 +01:00
teutat3s 8f948f70c7
mailman wip 2023-02-25 15:55:43 +01:00
teutat3s 93b5eab0ea
mailman: fix directory permissions
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-02-01 13:38:10 +01:00
teutat3s c1dcea11fa
flora-6: move docker data-root to /data
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-02-01 13:28:49 +01:00
teutat3s 3c422fee62
mailmain: fix postfix main.cf path
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-02-01 13:17:04 +01:00
teutat3s b6ebd71c61
keycloak: use version 20.0.3 from nixos-22.11
It's the same version as on nixos-unstable
2023-02-01 13:15:30 +01:00
Benjamin Bädorf 61afca41e5
Add postfix to flora-6 2023-01-31 22:43:59 +01:00
Benjamin Bädorf 5ade1c028f
Build works
All checks were successful
continuous-integration/drone/push Build is passing
2023-01-31 21:32:16 +01:00
Benjamin Bädorf 8f0cde4c3d
Remove broken semicolon 2023-01-31 21:30:43 +01:00
Benjamin Bädorf 6c736b8684
Remove broken semicolon 2023-01-31 21:29:02 +01:00
Benjamin Bädorf 26318bcafc
feat/mailman: Add flora-6 config for mailman 2023-01-31 21:25:45 +01:00
teutat3s 997561f817
caddy: add to hakkonaut group
All checks were successful
continuous-integration/drone/push Build is passing
Add public SSH key to hakkonaut user
2023-01-29 17:39:34 +01:00
teutat3s 54ea93ced4
drone: fix docker runner env vars 2023-01-29 00:00:21 +01:00
teutat3s 9732e4edf1
Apply treefmt 2023-01-28 23:51:33 +01:00
teutat3s 7a7ff7b1df
flora-6: init drone docker runner 2023-01-28 23:50:31 +01:00
teutat3s 90b182e499
Merge branch 'main' into infra 2023-01-28 23:27:21 +01:00
teutat3s f375843f43
flora-6: init drone ci 2023-01-28 21:26:13 +01:00
teutat3s 291edb6b52
flora-6: update gitea config
change to new responsible MX
disable signing commits etc.
2023-01-28 15:15:46 +01:00
teutat3s 6a6abc79c2
flora-6: ensure to disable NetworkManager 2023-01-28 15:15:17 +01:00
teutat3s 645b10f2b9
flora-6: update Caddyfile, add missing pub.solar
config for www and mastodon well-known redirect
2023-01-21 23:22:50 +01:00
teutat3s f2c5739c97
Update flake.lock, remove fork flake input
gitea gpg PR got merged into nixos-unstable in
https://github.com/NixOS/nixpkgs/pull/203183
2023-01-21 23:21:16 +01:00
Benjamin Bädorf b1710c4013
flora6: fix caddy file_server directive name typo 2023-01-07 21:31:51 +01:00
Benjamin Bädorf f12f42827f
flora-6: Serve pub.solar website
Originally authored by @axeman
2023-01-07 21:26:14 +01:00
teutat3s 9ca8387d12
flora-6: redirect gitea login to keycloak 2022-11-29 00:55:18 +01:00
teutat3s 9fb726b2d7
flora-6: add obs-portal to caddy
auth: redirect / to pub.solar ID management page
2022-11-28 15:32:21 +01:00
Benjamin Bädorf 2b03c98cf2
Refactor flora-6 services a bit 2022-11-27 23:31:08 +01:00
teutat3s a795bf4429
Rename flora6 -> flora-6 2022-11-27 21:56:40 +01:00