Commit graph

131 commits

Author SHA1 Message Date
June 51cc0097f0
netbox: integrate with CCCHH ID (Keycloak) 2024-10-21 17:49:03 +02:00
June 7e6644b112
all: setup prometheus node exporter for all hosts on Chaosknoten
Do that so we can have monitoring for them via prometheus, alertmanager
and grafana.
Also add a local ip for the git host for PVE firewalling.
2024-10-21 17:49:03 +02:00
June f9052d0eac
mjolnir: allow use of deprecated, somewhat insecure libolm
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
2024-10-21 17:49:03 +02:00
June 539b17edc3
public-web-static: host Easterhegg 20 website static export 2024-10-21 17:49:03 +02:00
June 5e15381f81
penpot: switch to stock penpot image and version 2.1.3
Do that since it now has all the fixes applied we need.
2024-10-21 17:49:03 +02:00
dequis 919652f09c
spaceapid: add 3d printer state sensors (bool)
The schema only allows numeric values so I'm leaving the time to finish
field out of this for now.
2024-10-21 17:49:03 +02:00
June f128368c0c
penpot: configure penpot host using oci-containers 2024-10-21 17:49:03 +02:00
June 6c7edcc1d3
spaceapi: remove inside sensors for privacy reasons 2024-10-21 17:49:03 +02:00
June 3401265e6f
Update spaceapid to v0.1.0 2024-10-21 17:49:03 +02:00
June 94f8269d22
Configure Uptime-Kuma host 2024-10-21 17:49:03 +02:00
June 9a0d2fc9c6
Clean up networking configs by making them all use the same layout
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-10-21 17:49:03 +02:00
June b7acd9f65d
Give esphome a static v6 and get cert directly via chal. served over v6
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-10-21 17:49:03 +02:00
June 744d17c0c7
Fix container registry image uploads for git server
Do this by disabling checking of client request body size.
2024-10-21 17:49:03 +02:00
June 4e095c1a85
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki 2024-10-21 17:49:03 +02:00
June 03227f546e
Make passwordless ssh for ptouch-print-server work again
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-10-21 17:49:03 +02:00
June fb6a5444c9
Last commit didn't do, switching to Docker instead of podman does 2024-10-21 17:49:03 +02:00
June becec64020
Fix clone step failing, because git.hamburg.ccc.de could not be resolved 2024-10-21 17:49:03 +02:00
June 2b276b2c97
Use an agent token for Woodpecker agent to stop it from re-registering
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-10-21 17:49:03 +02:00
June 4ec5afa360
Disable mjolnirs verbose logging to have it not spam the management room 2024-10-21 17:49:03 +02:00
June b574cc09ab
Add woodpecker host running a woodpecker-server and -agent for CI 2024-10-21 17:49:03 +02:00
June 024451942e
Add mjolnir host running mjolnir for Matrix moderation
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-10-21 17:49:02 +02:00
June 2ee045a296
Use forgejo package from stable (24.05) instead of from unstable 2024-10-21 17:47:58 +02:00
June 49a2dc6306
Upgrade to NixOS 24.05
Also bump the default state version to 24.05.

See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-10-21 17:47:58 +02:00
June b6d48859cc
Add hacker.tours and a staging env. similar to the CCCHH website one 2024-10-21 17:47:58 +02:00
christian 8a6820a418
Add mqtt server (mosquitto)
The config was based on the exsisting mosquitto setup.
2024-10-21 17:47:58 +02:00
fi c556475efd
Bump element-web to 1.11.68 2024-10-21 17:47:58 +02:00
June 549c9b1e33
Add ssh-to-age to the admin tooling 2024-10-21 17:47:58 +02:00
echtnurich e24b5b6fb1
fix yate-config not pulling 2024-09-08 21:08:17 +02:00
echtnurich fb458e244b
fix yate deploy key 2024-09-08 21:07:47 +02:00
echtnurich f9f258a212
change yate-config repo 2024-09-08 18:52:22 +02:00
echtnurich c62f722899
make sure source is available before deleting config 2024-08-08 20:11:42 +02:00
echtnurich c9967f73c0
decolour the log because of blob data 2024-08-07 18:53:15 +02:00
echtnurich 3b83a5d8ab
recreate the full config everytime 2024-08-07 18:51:12 +02:00
echtnurich 149f846d32
create yate service user 2024-08-07 18:03:17 +02:00
echtnurich fd525ee06f
make yate systemd service 2024-08-06 22:06:26 +02:00
echtnurich 1ef4c1cd48
Fix config via git 2024-08-05 20:58:09 +02:00
echtnurich b4de5dbb53
introduce /etc/yate, clone/reset on service start 2024-06-09 18:26:27 +02:00
echtnurich 2037a1b647
add yate service for autostart 2024-06-08 23:53:52 +02:00
christian 579b63fe89
Update authorizedKeysRepo rev in common/users.nix
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
June ef1710b09f
Configure basic yate host 2024-06-08 20:18:59 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
June a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June 58ec317b02
Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00
June 7c7da0db05
Add a nix box managed by June
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
June 3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix 2024-05-26 03:49:43 +02:00
June dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix 2024-05-26 03:14:31 +02:00
June 154edc1972
Switch the matrix hosts secret management from colmena to sops-nix 2024-05-26 03:01:34 +02:00
June 361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix 2024-05-26 02:50:08 +02:00
June 88e3da11a6
Introduce sops and sops-nix for secret management
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.

https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00