51cc0097f0
netbox: integrate with CCCHH ID (Keycloak)
2024-10-21 17:49:03 +02:00
7e6644b112
all: setup prometheus node exporter for all hosts on Chaosknoten
...
Do that so we can have monitoring for them via prometheus, alertmanager
and grafana.
Also add a local ip for the git host for PVE firewalling.
2024-10-21 17:49:03 +02:00
f9052d0eac
mjolnir: allow use of deprecated, somewhat insecure libolm
...
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
2024-10-21 17:49:03 +02:00
539b17edc3
public-web-static: host Easterhegg 20 website static export
2024-10-21 17:49:03 +02:00
5e15381f81
penpot: switch to stock penpot image and version 2.1.3
...
Do that since it now has all the fixes applied we need.
2024-10-21 17:49:03 +02:00
919652f09c
spaceapid: add 3d printer state sensors (bool)
...
The schema only allows numeric values so I'm leaving the time to finish
field out of this for now.
2024-10-21 17:49:03 +02:00
f128368c0c
penpot: configure penpot host using oci-containers
2024-10-21 17:49:03 +02:00
6c7edcc1d3
spaceapi: remove inside sensors for privacy reasons
2024-10-21 17:49:03 +02:00
3401265e6f
Update spaceapid to v0.1.0
2024-10-21 17:49:03 +02:00
94f8269d22
Configure Uptime-Kuma host
2024-10-21 17:49:03 +02:00
9a0d2fc9c6
Clean up networking configs by making them all use the same layout
...
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-10-21 17:49:03 +02:00
b7acd9f65d
Give esphome a static v6 and get cert directly via chal. served over v6
...
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-10-21 17:49:03 +02:00
744d17c0c7
Fix container registry image uploads for git server
...
Do this by disabling checking of client request body size.
2024-10-21 17:49:03 +02:00
4e095c1a85
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki
2024-10-21 17:49:03 +02:00
03227f546e
Make passwordless ssh for ptouch-print-server work again
...
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-10-21 17:49:03 +02:00
fb6a5444c9
Last commit didn't do, switching to Docker instead of podman does
2024-10-21 17:49:03 +02:00
becec64020
Fix clone step failing, because git.hamburg.ccc.de could not be resolved
2024-10-21 17:49:03 +02:00
2b276b2c97
Use an agent token for Woodpecker agent to stop it from re-registering
...
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.
Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-10-21 17:49:03 +02:00
4ec5afa360
Disable mjolnirs verbose logging to have it not spam the management room
2024-10-21 17:49:03 +02:00
b574cc09ab
Add woodpecker host running a woodpecker-server and -agent for CI
2024-10-21 17:49:03 +02:00
024451942e
Add mjolnir host running mjolnir for Matrix moderation
...
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-10-21 17:49:02 +02:00
2ee045a296
Use forgejo package from stable (24.05) instead of from unstable
2024-10-21 17:47:58 +02:00
49a2dc6306
Upgrade to NixOS 24.05
...
Also bump the default state version to 24.05.
See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-10-21 17:47:58 +02:00
b6d48859cc
Add hacker.tours and a staging env. similar to the CCCHH website one
2024-10-21 17:47:58 +02:00
8a6820a418
Add mqtt server (mosquitto)
...
The config was based on the exsisting mosquitto setup.
2024-10-21 17:47:58 +02:00
c556475efd
Bump element-web to 1.11.68
2024-10-21 17:47:58 +02:00
549c9b1e33
Add ssh-to-age to the admin tooling
2024-10-21 17:47:58 +02:00
e24b5b6fb1
fix yate-config not pulling
2024-09-08 21:08:17 +02:00
fb458e244b
fix yate deploy key
2024-09-08 21:07:47 +02:00
f9f258a212
change yate-config repo
2024-09-08 18:52:22 +02:00
c62f722899
make sure source is available before deleting config
2024-08-08 20:11:42 +02:00
c9967f73c0
decolour the log because of blob data
2024-08-07 18:53:15 +02:00
3b83a5d8ab
recreate the full config everytime
2024-08-07 18:51:12 +02:00
149f846d32
create yate service user
2024-08-07 18:03:17 +02:00
fd525ee06f
make yate systemd service
2024-08-06 22:06:26 +02:00
1ef4c1cd48
Fix config via git
2024-08-05 20:58:09 +02:00
b4de5dbb53
introduce /etc/yate, clone/reset on service start
2024-06-09 18:26:27 +02:00
2037a1b647
add yate service for autostart
2024-06-08 23:53:52 +02:00
579b63fe89
Update authorizedKeysRepo rev in common/users.nix
...
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
ef1710b09f
Configure basic yate host
2024-06-08 20:18:59 +02:00
9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs
2024-06-06 20:17:00 +02:00
41f04732c2
Switch from colmena to standard nixosConfigurations
...
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.
https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts
2024-05-26 18:32:55 +02:00
58ec317b02
Use IP address for eh22-wiki, which isn't already in use
2024-05-26 18:00:20 +02:00
7c7da0db05
Add a nix box managed by June
...
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix
2024-05-26 03:49:43 +02:00
dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix
2024-05-26 03:14:31 +02:00
154edc1972
Switch the matrix hosts secret management from colmena to sops-nix
2024-05-26 03:01:34 +02:00
361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix
2024-05-26 02:50:08 +02:00
88e3da11a6
Introduce sops and sops-nix for secret management
...
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.
https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00