June
51cc0097f0
netbox: integrate with CCCHH ID (Keycloak)
2024-10-21 17:49:03 +02:00
June
7e6644b112
all: setup prometheus node exporter for all hosts on Chaosknoten
...
Do that so we can have monitoring for them via prometheus, alertmanager
and grafana.
Also add a local ip for the git host for PVE firewalling.
2024-10-21 17:49:03 +02:00
June
f9052d0eac
mjolnir: allow use of deprecated, somewhat insecure libolm
...
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
2024-10-21 17:49:03 +02:00
June
539b17edc3
public-web-static: host Easterhegg 20 website static export
2024-10-21 17:49:03 +02:00
June
5e15381f81
penpot: switch to stock penpot image and version 2.1.3
...
Do that since it now has all the fixes applied we need.
2024-10-21 17:49:03 +02:00
dequis
919652f09c
spaceapid: add 3d printer state sensors (bool)
...
The schema only allows numeric values so I'm leaving the time to finish
field out of this for now.
2024-10-21 17:49:03 +02:00
June
f128368c0c
penpot: configure penpot host using oci-containers
2024-10-21 17:49:03 +02:00
June
6c7edcc1d3
spaceapi: remove inside sensors for privacy reasons
2024-10-21 17:49:03 +02:00
June
3401265e6f
Update spaceapid to v0.1.0
2024-10-21 17:49:03 +02:00
June
94f8269d22
Configure Uptime-Kuma host
2024-10-21 17:49:03 +02:00
June
9a0d2fc9c6
Clean up networking configs by making them all use the same layout
...
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-10-21 17:49:03 +02:00
June
b7acd9f65d
Give esphome a static v6 and get cert directly via chal. served over v6
...
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-10-21 17:49:03 +02:00
June
744d17c0c7
Fix container registry image uploads for git server
...
Do this by disabling checking of client request body size.
2024-10-21 17:49:03 +02:00
June
4e095c1a85
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki
2024-10-21 17:49:03 +02:00
June
03227f546e
Make passwordless ssh for ptouch-print-server work again
...
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-10-21 17:49:03 +02:00
June
fb6a5444c9
Last commit didn't do, switching to Docker instead of podman does
2024-10-21 17:49:03 +02:00
June
becec64020
Fix clone step failing, because git.hamburg.ccc.de could not be resolved
2024-10-21 17:49:03 +02:00
June
2b276b2c97
Use an agent token for Woodpecker agent to stop it from re-registering
...
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.
Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-10-21 17:49:03 +02:00
June
4ec5afa360
Disable mjolnirs verbose logging to have it not spam the management room
2024-10-21 17:49:03 +02:00
June
b574cc09ab
Add woodpecker host running a woodpecker-server and -agent for CI
2024-10-21 17:49:03 +02:00
June
024451942e
Add mjolnir host running mjolnir for Matrix moderation
...
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-10-21 17:49:02 +02:00
June
2ee045a296
Use forgejo package from stable (24.05) instead of from unstable
2024-10-21 17:47:58 +02:00
June
49a2dc6306
Upgrade to NixOS 24.05
...
Also bump the default state version to 24.05.
See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-10-21 17:47:58 +02:00
June
b6d48859cc
Add hacker.tours and a staging env. similar to the CCCHH website one
2024-10-21 17:47:58 +02:00
christian
8a6820a418
Add mqtt server (mosquitto)
...
The config was based on the exsisting mosquitto setup.
2024-10-21 17:47:58 +02:00
fi
c556475efd
Bump element-web to 1.11.68
2024-10-21 17:47:58 +02:00
June
549c9b1e33
Add ssh-to-age to the admin tooling
2024-10-21 17:47:58 +02:00
echtnurich
e24b5b6fb1
fix yate-config not pulling
2024-09-08 21:08:17 +02:00
echtnurich
fb458e244b
fix yate deploy key
2024-09-08 21:07:47 +02:00
echtnurich
f9f258a212
change yate-config repo
2024-09-08 18:52:22 +02:00
echtnurich
c62f722899
make sure source is available before deleting config
2024-08-08 20:11:42 +02:00
echtnurich
c9967f73c0
decolour the log because of blob data
2024-08-07 18:53:15 +02:00
echtnurich
3b83a5d8ab
recreate the full config everytime
2024-08-07 18:51:12 +02:00
echtnurich
149f846d32
create yate service user
2024-08-07 18:03:17 +02:00
echtnurich
fd525ee06f
make yate systemd service
2024-08-06 22:06:26 +02:00
echtnurich
1ef4c1cd48
Fix config via git
2024-08-05 20:58:09 +02:00
echtnurich
b4de5dbb53
introduce /etc/yate, clone/reset on service start
2024-06-09 18:26:27 +02:00
echtnurich
2037a1b647
add yate service for autostart
2024-06-08 23:53:52 +02:00
christian
579b63fe89
Update authorizedKeysRepo rev in common/users.nix
...
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
June
ef1710b09f
Configure basic yate host
2024-06-08 20:18:59 +02:00
June
9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs
2024-06-06 20:17:00 +02:00
June
41f04732c2
Switch from colmena to standard nixosConfigurations
...
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.
https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
June
a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts
2024-05-26 18:32:55 +02:00
June
58ec317b02
Use IP address for eh22-wiki, which isn't already in use
2024-05-26 18:00:20 +02:00
June
7c7da0db05
Add a nix box managed by June
...
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
June
3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix
2024-05-26 03:49:43 +02:00
June
dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix
2024-05-26 03:14:31 +02:00
June
154edc1972
Switch the matrix hosts secret management from colmena to sops-nix
2024-05-26 03:01:34 +02:00
June
361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix
2024-05-26 02:50:08 +02:00
June
88e3da11a6
Introduce sops and sops-nix for secret management
...
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.
https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00