Commit graph

137 commits

Author SHA1 Message Date
christian 575351daf8
revert: useing pkgs.fetchGit for authorized keys
reverts the changes from ec64eebfd6
it brakes the flake eval process and other things ?,
setting 'allow-import-from-derivation' doesn't seem like a good fix to me and doesn't work in all cases.
I couldn't find any other solution to fix it for now.
2024-11-17 03:02:17 +01:00
June cf46da9df7
public-web-static: make c3cat.de and www work as well as staging 2024-11-12 23:06:01 +01:00
fi c84d9e7d0a
Update element to 1.11.84 2024-11-11 02:43:08 +01:00
christian afb4fc71ce
Update infrastructure-authorized-keys rev 2024-11-10 23:10:50 +01:00
June 2ba371f8cd
git: disable making org users auto watch new repos on creation
Also explicitly disable making users auto watch repos after their first
commit to it.
2024-11-10 19:38:05 +01:00
June c8e7bd1ccf
git: enable sending of e-mails to watchers of repositories 2024-11-10 19:26:26 +01:00
June 4f789adb21
hydra: configure hydra host 2024-10-30 01:44:12 +01:00
June ec64eebfd6
common: use pkgs.fetchgit and git commit hash for authorized keys repo
Do this to be in line with other places, where resources get fetched
using git and to hopefully avoid errors such as:
Cannot find Git revision 'da9d3ead9d97ce0fef7538638326264957e2f1b4' in ref 'trunk' of repository 'ssh://forgejo@git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys.git'! Please make sure that the rev exists on the ref you've specified or add allRefs = true; to fetchGit.
This issue was discovered while trying to make the new hydra work.
2024-10-29 23:17:31 +01:00
dequis 9d1521c485
spaceapid: adjustments to 3d printer state sensors
- Prefix sensor names with ext_ as the spec says we should use that for
  extensions (this also improves attribute access for tools that don't
  like fields starting with a number)
- Rename printer state to printer busy state, to make it clearer.
- Add ext_3d_printer_minutes_remaining sensors
2024-10-24 16:25:40 +02:00
June accd31173b
public-web-static: turn off ports to prevent broken redirects to 8443 2024-10-21 21:35:10 +02:00
June 8165d22159
public-web-static: prevent staging ht ccchh from search machine indexing 2024-10-21 21:30:36 +02:00
June ecdaa2d5f6
public-web-static: redirect EH20 doku.php?id=$pagename to new format
See:
CCCHH/easterhegg-eh20-website#2 (comment)
2024-10-13 22:09:20 +02:00
Stefan Bethke de2390c78d
public-web-static: redirect old hackertours 37C3 urls to proper url 2024-10-13 20:59:04 +02:00
June 2fe65b0513
public-web-static: add staging for hackertours.hamburg.ccc.de 2024-10-12 22:14:42 +02:00
June 804094aaeb
public-web-static: add hackertours.hamburg.ccc.de static web host
It can be deployed using a corresponding deploy key in the same manner
hacker.tours and hamburg.ccc.de can be deployed.
2024-10-12 20:03:04 +02:00
christian da8e2bbbf4
Update element to 1.11.80 2024-10-10 20:50:20 +02:00
June 05b96b8fae
netbox: integrate with CCCHH ID (Keycloak) 2024-10-09 02:18:46 +02:00
June c54b655b0e
all: setup prometheus node exporter for all hosts on Chaosknoten
Do that so we can have monitoring for them via prometheus, alertmanager
and grafana.
Also add a local ip for the git host for PVE firewalling.
2024-10-03 16:09:42 +02:00
June 68f11ad955
mjolnir: allow use of deprecated, somewhat insecure libolm
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
2024-09-30 23:20:06 +02:00
June 445bf05842
public-web-static: host Easterhegg 20 website static export 2024-09-28 05:00:31 +02:00
June b26320f999
penpot: switch to stock penpot image and version 2.1.3
Do that since it now has all the fixes applied we need.
2024-08-27 00:00:55 +02:00
dequis 9b751fa1ed
spaceapid: add 3d printer state sensors (bool)
The schema only allows numeric values so I'm leaving the time to finish
field out of this for now.
2024-08-17 00:15:27 +02:00
June 178777007f
penpot: configure penpot host using oci-containers 2024-08-10 22:38:05 +02:00
June faffcb7d54
spaceapi: remove inside sensors for privacy reasons 2024-08-04 21:05:43 +02:00
June 1ffc959ce3
Update spaceapid to v0.1.0 2024-08-04 21:03:29 +02:00
June 028b5dc9e8
Configure Uptime-Kuma host 2024-08-04 02:19:26 +02:00
June b30015fee1
Clean up networking configs by making them all use the same layout
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-07-30 01:17:05 +02:00
June e88982d7c7
Give esphome a static v6 and get cert directly via chal. served over v6
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-07-27 22:24:54 +02:00
June a2102b064f
Fix container registry image uploads for git server
Do this by disabling checking of client request body size.
2024-07-27 21:05:58 +02:00
June a271fddff8
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki 2024-07-15 02:44:37 +02:00
June 7058ec3582
Make passwordless ssh for ptouch-print-server work again
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-06-30 21:12:28 +02:00
June 026e47d055
Last commit didn't do, switching to Docker instead of podman does 2024-06-22 18:06:39 +02:00
June be7f6e4917
Fix clone step failing, because git.hamburg.ccc.de could not be resolved 2024-06-22 17:11:11 +02:00
June f5432bd682
Use an agent token for Woodpecker agent to stop it from re-registering
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-06-22 16:26:58 +02:00
June 1aff46745a
Disable mjolnirs verbose logging to have it not spam the management room 2024-06-22 16:07:01 +02:00
June df17b25009
Add woodpecker host running a woodpecker-server and -agent for CI 2024-06-22 04:20:38 +02:00
June 3059843e1a
Add mjolnir host running mjolnir for Matrix moderation
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-06-20 23:45:44 +02:00
June f3f5d5a611
Use forgejo package from stable (24.05) instead of from unstable 2024-06-20 04:12:42 +02:00
June 33599951ef
Upgrade to NixOS 24.05
Also bump the default state version to 24.05.

See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-06-17 20:59:03 +02:00
June 6411ae8b80
Add hacker.tours and a staging env. similar to the CCCHH website one 2024-06-13 22:53:06 +02:00
christian b30952a049
Add mqtt server (mosquitto)
The config was based on the exsisting mosquitto setup.
2024-06-11 23:03:57 +02:00
fi 8a2d406d4e
Bump element-web to 1.11.68 2024-06-09 22:51:42 +02:00
echtnurich 22eff92488 add yate service for autostart 2024-06-09 21:13:14 +02:00
June bc98327cda
Add ssh-to-age to the admin tooling 2024-06-09 21:10:19 +02:00
christian 579b63fe89
Update authorizedKeysRepo rev in common/users.nix
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
June ef1710b09f
Configure basic yate host 2024-06-08 20:18:59 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
June a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June 58ec317b02
Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00