CCCHH/nix-infra
CCCHH/nix-infra
16
2
Fork 2
Code Issues Pull requests 3 Projects Wiki Activity
148 commits 5 branches 0 tags 647 KiB
Commit graph

148 commits

This branch
This branch
All branches
Author SHA1 Message Date
June 1ffc959ce3
Update spaceapid to v0.1.0 2024-08-04 21:03:29 +02:00
June 028b5dc9e8
Configure Uptime-Kuma host 2024-08-04 02:19:26 +02:00
June 35e5fbc8a2
Add .editorconfig for ensuring some consistency 2024-07-30 01:35:13 +02:00
June b30015fee1
Clean up networking configs by making them all use the same layout 
Also use the v6 gateway as a nameserver as well for the esphome host.
 2024-07-30 01:17:05 +02:00
June e88982d7c7
Give esphome a static v6 and get cert directly via chal. served over v6 
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
 2024-07-27 22:24:54 +02:00
June a2102b064f
Fix container registry image uploads for git server 
Do this by disabling checking of client request body size.
 2024-07-27 21:05:58 +02:00
christian 59b540c9e3
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
  → 'github:nixos/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171?narHash=sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0%3D' (2024-07-21)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/0af9d835c27984b3265145f8e3cbc6c153479196?narHash=sha256-if0qaFmAe8X01NsVRK5e9Asg9mEWVkHrA9WuqM5jB70%3D' (2024-07-14)
  → 'github:nixos/nixpkgs/4cc8b29327bed3d52b40041f810f49734298af46?narHash=sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y%3D' (2024-07-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/0703ba03fd9c1665f8ab68cc3487302475164617?narHash=sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY%3D' (2024-07-14)
  → 'github:Mic92/sops-nix/909e8cfb60d83321d85c8d17209d733658a21c95?narHash=sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU%3D' (2024-07-21)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
  → 'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171?narHash=sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0%3D' (2024-07-21)
 2024-07-21 23:03:44 +02:00
June a271fddff8
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki 2024-07-15 02:44:37 +02:00
June 1185f9bb41
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f?narHash=sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A%3D' (2024-07-01)
  → 'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7?narHash=sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ%3D' (2024-07-13)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e?narHash=sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw%3D' (2024-07-01)
  → 'github:nixos/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc?narHash=sha256-pY0wosAgcr9W4vmGML0T3BVhQiGuKoozCbs2t%2BJe1zc%3D' (2024-07-01)
  → 'github:nixos/nixpkgs/0af9d835c27984b3265145f8e3cbc6c153479196?narHash=sha256-if0qaFmAe8X01NsVRK5e9Asg9mEWVkHrA9WuqM5jB70%3D' (2024-07-14)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b5974d4331fb6c893e808977a2e1a6d34b3162d6?narHash=sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8%2BawNMyqs%3D' (2024-06-30)
  → 'github:Mic92/sops-nix/0703ba03fd9c1665f8ab68cc3487302475164617?narHash=sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY%3D' (2024-07-14)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119?narHash=sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo%3D' (2024-06-29)
  → 'github:NixOS/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
 2024-07-15 02:15:32 +02:00
June 9f56692222
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3?narHash=sha256-WZ1gdKq/9u1Ns/oXuNsDm%2BW0salonVA0VY1amw8urJ4%3D' (2024-06-10)
  → 'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f?narHash=sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A%3D' (2024-07-01)
• Updated input 'nixos-generators/nixlib':
    'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f?narHash=sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw%3D' (2024-04-07)
  → 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6?narHash=sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY%3D' (2024-06-30)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/201ed88e66f7f34d5c74e46d2e4399cc4bea1501?narHash=sha256-3vNXv4zrblZFobrxz1P3RwLpHl6X3/GzfArdTxq0%2BnI%3D' (2024-06-21)
  → 'github:nixos/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e?narHash=sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw%3D' (2024-07-01)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/1c0bec249943cd3e03f876554b8af7d1e32a09e1?narHash=sha256-uIZlOpCIi/GZ3xrkA87CAHqbTvsTbVQV1JjnP33slxs%3D' (2024-06-21)
  → 'github:nixos/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc?narHash=sha256-pY0wosAgcr9W4vmGML0T3BVhQiGuKoozCbs2t%2BJe1zc%3D' (2024-07-01)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/797ce4c1f45a85df6dd3d9abdc53f2691bea9251?narHash=sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg%3D' (2024-06-16)
  → 'github:Mic92/sops-nix/b5974d4331fb6c893e808977a2e1a6d34b3162d6?narHash=sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8%2BawNMyqs%3D' (2024-06-30)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/c884223af91820615a6146af1ae1fea25c107005?narHash=sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs%3D' (2024-06-15)
  → 'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119?narHash=sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo%3D' (2024-06-29)
 2024-07-01 15:31:10 +02:00
June 7058ec3582
Make passwordless ssh for ptouch-print-server work again 
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
 2024-06-30 21:12:28 +02:00
June 026e47d055
Last commit didn't do, switching to Docker instead of podman does 2024-06-22 18:06:39 +02:00
June be7f6e4917
Fix clone step failing, because git.hamburg.ccc.de could not be resolved 2024-06-22 17:11:11 +02:00
June f5432bd682
Use an agent token for Woodpecker agent to stop it from re-registering 
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
 2024-06-22 16:26:58 +02:00
June 1aff46745a
Disable mjolnirs verbose logging to have it not spam the management room 2024-06-22 16:07:01 +02:00
June df17b25009
Add woodpecker host running a woodpecker-server and -agent for CI 2024-06-22 04:20:38 +02:00
June dfcb961fd3
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94?narHash=sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J%2Bve1w%3D' (2024-05-20)
  → 'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3?narHash=sha256-WZ1gdKq/9u1Ns/oXuNsDm%2BW0salonVA0VY1amw8urJ4%3D' (2024-06-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/de0ae76b011bf0000d58ab71821199ce310128b2?narHash=sha256-/VAxV/4lvtOtq4Zxq0MrqTGj7g8aSR/eJQDXB37ozvs%3D' (2024-06-16)
  → 'github:nixos/nixpkgs/201ed88e66f7f34d5c74e46d2e4399cc4bea1501?narHash=sha256-3vNXv4zrblZFobrxz1P3RwLpHl6X3/GzfArdTxq0%2BnI%3D' (2024-06-21)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/2ee89d5a0167a8aa0f2a5615d2b8aefb1f299cd4?narHash=sha256-2eh7rYxQOntkUjFXtlPH7lBuUDd4isu/YHRjNJW7u1Q%3D' (2024-05-23)
  → 'github:nixos/nixpkgs/1c0bec249943cd3e03f876554b8af7d1e32a09e1?narHash=sha256-uIZlOpCIi/GZ3xrkA87CAHqbTvsTbVQV1JjnP33slxs%3D' (2024-06-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b549832718b8946e875c016a4785d204fcfc2e53?narHash=sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb%2BcyGsqOKa4c%3D' (2024-05-22)
  → 'github:Mic92/sops-nix/797ce4c1f45a85df6dd3d9abdc53f2691bea9251?narHash=sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg%3D' (2024-06-16)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/e7cc61784ddf51c81487637b3031a6dd2d6673a2?narHash=sha256-H0eCta7ahEgloGIwE/ihkyGstOGu%2BkQwAiHvwVoXaA0%3D' (2024-05-18)
  → 'github:NixOS/nixpkgs/c884223af91820615a6146af1ae1fea25c107005?narHash=sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs%3D' (2024-06-15)
 2024-06-22 02:55:54 +02:00
June 3059843e1a
Add mjolnir host running mjolnir for Matrix moderation 
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
 2024-06-20 23:45:44 +02:00
June f3f5d5a611
Use forgejo package from stable (24.05) instead of from unstable 2024-06-20 04:12:42 +02:00
June 33599951ef
Upgrade to NixOS 24.05 
Also bump the default state version to 24.05.

See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
 2024-06-17 20:59:03 +02:00
June 6411ae8b80
Add hacker.tours and a staging env. similar to the CCCHH website one 2024-06-13 22:53:06 +02:00
christian b30952a049
Add mqtt server (mosquitto) 
The config was based on the exsisting mosquitto setup.
 2024-06-11 23:03:57 +02:00
fi 8a2d406d4e
Bump element-web to 1.11.68 2024-06-09 22:51:42 +02:00
June bb2f1e1252
Mark nix code blocks as containing nix code for syntax highlighting 2024-06-09 21:24:42 +02:00
June d08007fd1c
Document where a secret is then actually available on the host 2024-06-09 21:15:14 +02:00
echtnurich 22eff92488 add yate service for autostart 2024-06-09 21:13:14 +02:00
June bc98327cda
Add ssh-to-age to the admin tooling 2024-06-09 21:10:19 +02:00
June 06e52eed74
Document how to use sops and sops-nix 2024-06-09 21:10:19 +02:00
christian 579b63fe89
Update authorizedKeysRepo rev in common/users.nix 
to add echtnurich secondary device key
 2024-06-08 21:39:24 +02:00
June ef1710b09f
Configure basic yate host 2024-06-08 20:18:59 +02:00
June 46e43e51aa
Add deployment_configuration to make deployment using infra-rebuild work 
Also document usage of infra-rebuild and its configuration file.
 2024-06-08 19:57:40 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations 
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
 2024-05-27 01:43:53 +02:00
June a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June 58ec317b02
Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00
June 7c7da0db05
Add a nix box managed by June 
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
 2024-05-26 14:39:28 +02:00
June 3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix 2024-05-26 03:49:43 +02:00
June dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix 2024-05-26 03:14:31 +02:00
June 154edc1972
Switch the matrix hosts secret management from colmena to sops-nix 2024-05-26 03:01:34 +02:00
June 361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix 2024-05-26 02:50:08 +02:00
June 88e3da11a6
Introduce sops and sops-nix for secret management 
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.

https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
 2024-05-25 16:47:34 +02:00
June eab3523033
Make MPD be put into pause mode instead of start. playback after startup 2024-05-23 22:25:32 +02:00
June ca816ba50b
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e?narHash=sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE%2B9ytRWxsA5aWtmyI%3D' (2024-04-22)
  → 'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94?narHash=sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J%2Bve1w%3D' (2024-05-20)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/8a4282c38b6cbea9f0989c0eafc6ce1837a26442?narHash=sha256-t1t39%2B9F0NSrUQQsvrQ0Ym/BfnOtjgXnJVn8daI3968%3D' (2024-05-13)
  → 'github:nixos/nixpkgs/dff68ababdd2c2616d03f26546ba632f5f09d3c6?narHash=sha256-e4pjcLqe1Dexz7enk/%2Bui0aVdcoSiWnrTGjk7KLtAPw%3D' (2024-05-22)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/7ed944be63682d0c5bc37e66f3c997390d0bbd8e?narHash=sha256-ncgLV/zSzXGx8XXEM8QlovDftzzcV11MnLeRUL63Szw%3D' (2024-05-13)
  → 'github:nixos/nixpkgs/2ee89d5a0167a8aa0f2a5615d2b8aefb1f299cd4?narHash=sha256-2eh7rYxQOntkUjFXtlPH7lBuUDd4isu/YHRjNJW7u1Q%3D' (2024-05-23)
 2024-05-23 21:25:22 +02:00
June 475ab8cc66
Configure EH22 Wiki 2024-05-17 20:42:48 +02:00
June 320f4afb4a
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d4df7c26d03e94dbdabbd350cb89c9565cae07bb?narHash=sha256-TFRzgAjRgwXpDucaPZfVz9mRyH2wGM6oYABe1q/20iI%3D' (2024-04-22)
  → 'github:nixos/nixpkgs/8a4282c38b6cbea9f0989c0eafc6ce1837a26442?narHash=sha256-t1t39%2B9F0NSrUQQsvrQ0Ym/BfnOtjgXnJVn8daI3968%3D' (2024-05-13)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/de52a47e961d45f6a8c7f9f086c60ff89ecdddaf?narHash=sha256-HLpr4EgxIRB1UJCpupvF%2BAi8pFa93BJh8anPJ68FwOI%3D' (2024-04-22)
  → 'github:nixos/nixpkgs/7ed944be63682d0c5bc37e66f3c997390d0bbd8e?narHash=sha256-ncgLV/zSzXGx8XXEM8QlovDftzzcV11MnLeRUL63Szw%3D' (2024-05-13)
 2024-05-14 03:46:01 +02:00
June c378fc64c6
Deploy shairport-sync with more verbosity for easier debugging 2024-04-28 19:51:45 +02:00
June c96486aa91
Let MPD mix the audio itself to work around PW/WP restore bug 
jtbx discovered that MPD is using the Pipewire stream volume for volume
control, but that when Pipewire/Wireplumber restores the stream volumes
on restart, it wrongly assigns the MPD stream volume to the Shaireport
Sync stream as well.
Work around that bug by making MPD mix itself and not through
Pipewire/Wireplumber.
 2024-04-27 23:28:31 +02:00
June 14bbdea9dc
Add MPD to audio service module 2024-04-23 19:12:16 +02:00
June 856c4ac696
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/d942db8df8ee860556a38754f15b8d03bf7e6933?narHash=sha256-yYlxv1sg/TNl6hghjAe0ct%2B/p5PwXiT1mpuaExjhR88%3D' (2024-04-08)
  → 'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e?narHash=sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE%2B9ytRWxsA5aWtmyI%3D' (2024-04-22)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/6ec8515bc79f396159a67b2ed8012b2e988d9dc6?narHash=sha256-x4RVSeo0qq099PEdCOGHrJ/mpUKIhTCJDTy4hI1U%2BGs%3D' (2024-04-14)
  → 'github:nixos/nixpkgs/d4df7c26d03e94dbdabbd350cb89c9565cae07bb?narHash=sha256-TFRzgAjRgwXpDucaPZfVz9mRyH2wGM6oYABe1q/20iI%3D' (2024-04-22)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/bc59f72803cf40fb50f05cb73068d85b5ce21297?narHash=sha256-goBKZ4CKodTfkKaEGhpYOz545gnXmLfmn8gjiq7PLpU%3D' (2024-04-14)
  → 'github:nixos/nixpkgs/de52a47e961d45f6a8c7f9f086c60ff89ecdddaf?narHash=sha256-HLpr4EgxIRB1UJCpupvF%2BAi8pFa93BJh8anPJ68FwOI%3D' (2024-04-22)
 2024-04-22 21:13:11 +02:00
June bc6af32a36
Update spaceapid to latest commit and use correct logo URL 2024-04-15 17:07:50 +02:00