teutat3s
6fd2903516
flora-6: add back openssh MACs that got removed
...
from defaults
NixOS default openssh MACs have changed to use "encrypt-then-mac" only.
This breaks compatibilty with clients that do not offer these MACs. For
compatibility reasons, we add back the old defaults.
See: https://github.com/NixOS/nixpkgs/pull/231165
https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
2023-07-07 12:13:57 +02:00
teutat3s
9dbfb4eaaa
flora-6: use renamed openssh settings
...
trace: warning: The option `services.openssh.permitRootLogin' defined in `/nix/store/ha98lp4l8ccspyfn5liq0k9ds3cs20zl-source/hosts/flora-6/flora-6.nix' has been renamed to `services.openssh.settings.PermitRootLogin'.
trace: warning: The option `services.openssh.passwordAuthentication' defined in `/nix/store/ha98lp4l8ccspyfn5liq0k9ds3cs20zl-source/hosts/flora-6/flora-6.nix' has been renamed to `services.openssh.settings.PasswordAuthentication'.
2023-07-02 17:55:58 +02:00
teutat3s
fc0768d353
gitea: use renamed options in gitea.settings.server
...
trace: warning: The option `services.gitea.rootUrl' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.ROOT_URL'.
trace: warning: The option `services.gitea.httpPort' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.HTTP_PORT'.
trace: warning: The option `services.gitea.httpAddress' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.HTTP_ADDR'.
trace: warning: The option `services.gitea.domain' defined in `hosts/flora-6/gitea.nix' has been renamed to `services.gitea.settings.server.DOMAIN'.
2023-07-02 17:55:58 +02:00
teutat3s
9bd45f0a10
Merge pull request 'Use forgejo instead of gitea, bump flake inputs' ( #226 ) from infra-gitea-to-forgejo-bump-flakes into infra
...
Reviewed-on: pub-solar/os#226
Reviewed-by: hensoko <hensoko@gssws.de>
2023-05-14 15:14:28 +02:00
teutat3s
7cbe86ff11
flora-6: use forgejo instead of gitea, bump flake
...
inputs:
• Updated input 'agenix':
'github:ryantm/agenix/e64961977f60388dd0b49572bb0fc453b871f896' (2023-03-31)
→ 'github:ryantm/agenix/2994d002dcff5353ca1ac48ec584c7f6589fe447' (2023-04-21)
• Updated input 'darwin':
'github:LnL7/nix-darwin/025912529dd0b31dead95519e944ea05f1ad56f2' (2023-04-10)
→ 'github:LnL7/nix-darwin/252541bd05a7f55f3704a3d014ad1badc1e3360d' (2023-05-10)
• Updated input 'deploy':
'github:serokell/deploy-rs/8c9ea9605eed20528bf60fae35a2b613b901fd77' (2023-01-19)
→ 'github:serokell/deploy-rs/c80189917086e43d49eece2bd86f56813500a0eb' (2023-05-11)
• Updated input 'latest':
'github:nixos/nixpkgs/db24d86dd8a4769c50d6b7295e81aa280cd93f35' (2023-04-10)
→ 'github:nixos/nixpkgs/897876e4c484f1e8f92009fd11b7d988a121a4e7' (2023-05-06)
• Updated input 'nixos':
'github:nixos/nixpkgs/ea96b4af6148114421fda90df33cf236ff5ecf1d' (2023-04-10)
→ 'github:nixos/nixpkgs/9656e85a15a0fe67847ee8cdb99a20d8df499962' (2023-05-12)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/3006d2860a6ed5e01b0c3e7ffb730e9b293116e2' (2023-04-07)
→ 'github:nixos/nixos-hardware/81cd886719e10d4822b2a6caa96e95d56cc915ef' (2023-05-13)
2023-05-13 17:16:35 +02:00
teutat3s
dd62bf1752
flora-6: init owncast
2023-05-13 16:50:58 +02:00
teutat3s
a6970708ad
flora-6: pub.solar webfinger should redirect to
...
mastodon, if the query parameter matches resource
See: https://docs.joinmastodon.org/spec/webfinger/
and: https://docs.joinmastodon.org/admin/config/#web_domain
2023-04-22 03:22:05 +02:00
teutat3s
894c30c0d6
flora-6: enable gitea mail notifications, update
...
gitea mailer config section, see:
https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer
2023-04-11 18:35:57 +02:00
teutat3s
d888af018c
Merge pull request 'flora-6: merge main branch' ( #178 ) from flora-6/merge-main into infra
...
Reviewed-on: pub-solar/os#178
2023-03-08 18:32:28 +01:00
teutat3s
f9e70e18dc
flora-6: move ISO images to /data
...
There is a second, bigger disk attached to flora-6, let's use it
2023-03-05 23:54:56 +01:00
teutat3s
80c1a7927a
flora-6: configure more agressive garbage
...
collection
Reason: it has already happened a few times, that flora-6 ran out of
disk space. With this fix, hopefully the garbage collection should
kick in earlier and prevent this from happening
2023-03-05 18:38:42 +01:00
teutat3s
f0caf9b5a1
gitea: re-enable serverside GPG signing
2023-03-05 16:55:14 +01:00
teutat3s
df79b8a3c9
caddy: fix formatting
2023-03-05 15:22:57 +01:00
teutat3s
d1175e82b4
Add Tailscale custom OIDC webfinger
...
See: https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup
2023-03-05 15:13:25 +01:00
Hendrik Sokolowski
354fd593bb
make link for satzung temporary
2023-03-01 22:16:49 +01:00
Hendrik Sokolowski
831c44fceb
Add link for satzung in caddy
2023-02-27 23:12:05 +01:00
teutat3s
a1cb071773
mailman: trigger postfix reload when caddy renews
...
TLS Let's Encrypt certificates
2023-02-25 18:21:53 +01:00
teutat3s
94cc00572e
drone: ensure docker starts before trying to
...
create docker network drone-net with systemd dependencies
2023-02-25 17:58:48 +01:00
teutat3s
1199820574
postfix: use caddy's certs for STARTTLS on port 25
2023-02-25 16:28:10 +01:00
teutat3s
5e5fb64dde
flora-6: postfix should use list.pub.solar as
...
hostname
- Send postmaster and root mails to admins@pub.solar
- Add TODO comment about django-keycloak
2023-02-25 15:55:44 +01:00
teutat3s
008e14482f
flora-6: clean up unneeded postfix config file
2023-02-25 15:55:44 +01:00
teutat3s
bea032ad99
flora-6: init mailman with NixOS module
...
Docker containers were too complicated to setup
2023-02-25 15:55:44 +01:00
teutat3s
8f948f70c7
mailman wip
2023-02-25 15:55:43 +01:00
teutat3s
93b5eab0ea
mailman: fix directory permissions
2023-02-01 13:38:10 +01:00
teutat3s
c1dcea11fa
flora-6: move docker data-root to /data
2023-02-01 13:28:49 +01:00
teutat3s
3c422fee62
mailmain: fix postfix main.cf path
2023-02-01 13:17:04 +01:00
teutat3s
b6ebd71c61
keycloak: use version 20.0.3 from nixos-22.11
...
It's the same version as on nixos-unstable
2023-02-01 13:15:30 +01:00
Benjamin Bädorf
61afca41e5
Add postfix to flora-6
2023-01-31 22:43:59 +01:00
Benjamin Bädorf
5ade1c028f
Build works
2023-01-31 21:32:16 +01:00
Benjamin Bädorf
8f0cde4c3d
Remove broken semicolon
2023-01-31 21:30:43 +01:00
Benjamin Bädorf
6c736b8684
Remove broken semicolon
2023-01-31 21:29:02 +01:00
Benjamin Bädorf
26318bcafc
feat/mailman: Add flora-6 config for mailman
2023-01-31 21:25:45 +01:00
teutat3s
997561f817
caddy: add to hakkonaut group
...
Add public SSH key to hakkonaut user
2023-01-29 17:39:34 +01:00
teutat3s
54ea93ced4
drone: fix docker runner env vars
2023-01-29 00:00:21 +01:00
teutat3s
9732e4edf1
Apply treefmt
2023-01-28 23:51:33 +01:00
teutat3s
7a7ff7b1df
flora-6: init drone docker runner
2023-01-28 23:50:31 +01:00
teutat3s
90b182e499
Merge branch 'main' into infra
2023-01-28 23:27:21 +01:00
teutat3s
f375843f43
flora-6: init drone ci
2023-01-28 21:26:13 +01:00
teutat3s
291edb6b52
flora-6: update gitea config
...
change to new responsible MX
disable signing commits etc.
2023-01-28 15:15:46 +01:00
teutat3s
6a6abc79c2
flora-6: ensure to disable NetworkManager
2023-01-28 15:15:17 +01:00
teutat3s
645b10f2b9
flora-6: update Caddyfile, add missing pub.solar
...
config for www and mastodon well-known redirect
2023-01-21 23:22:50 +01:00
teutat3s
f2c5739c97
Update flake.lock, remove fork flake input
...
gitea gpg PR got merged into nixos-unstable in
https://github.com/NixOS/nixpkgs/pull/203183
2023-01-21 23:21:16 +01:00
Benjamin Bädorf
b1710c4013
flora6: fix caddy file_server directive name typo
2023-01-07 21:31:51 +01:00
Benjamin Bädorf
f12f42827f
flora-6: Serve pub.solar website
...
Originally authored by @axeman
2023-01-07 21:26:14 +01:00
teutat3s
9ca8387d12
flora-6: redirect gitea login to keycloak
2022-11-29 00:55:18 +01:00
teutat3s
9fb726b2d7
flora-6: add obs-portal to caddy
...
auth: redirect / to pub.solar ID management page
2022-11-28 15:32:21 +01:00
Benjamin Bädorf
2b03c98cf2
Refactor flora-6 services a bit
2022-11-27 23:31:08 +01:00
teutat3s
a795bf4429
Rename flora6 -> flora-6
2022-11-27 21:56:40 +01:00
Benjamin Bädorf
1f2d56e0c9
Rename flora6 to flora-6
...
This aligns with the coming changes in hostnames in the terraform
infrastructure.
2022-11-26 02:40:51 +01:00
teutat3s
73bf158392
Run treefmt command
2022-11-20 23:28:23 +01:00