Commit graph

161 commits

Author SHA1 Message Date
djerun c3cf1fec38
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7?narHash=sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ%3D' (2024-07-13)
  → 'github:nix-community/nixos-generators/d6c5d29f58acc10ea82afff1de2b28f038f572bd?narHash=sha256-HSxOQEKNZXiJe9aWnckTTCThOhcRCabwHa32IduDKLk%3D' (2024-08-08)
• Updated input 'nixos-generators/nixlib':
    'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6?narHash=sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY%3D' (2024-06-30)
  → 'github:nix-community/nixpkgs.lib/8bebd4c74f368aacb047f0141db09ec6b339733c?narHash=sha256-do2Mfm3T6SR7a5A804RhjQ%2BJTsF5hk4JTPGjCTRM/m8%3D' (2024-08-04)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171?narHash=sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0%3D' (2024-07-21)
  → 'github:nixos/nixpkgs/c306d09c1dc6492442ae4af0d1ba575869c41fc3?narHash=sha256-aA1JNhFh97BHPTXoJvcvgG4VSyjx0U1wT2EivxMp77o%3D' (2024-08-10)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/4cc8b29327bed3d52b40041f810f49734298af46?narHash=sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y%3D' (2024-07-21)
  → 'github:nixos/nixpkgs/bef98989a27429e1cb9e3d9c25701ba2da742af2?narHash=sha256-2B9qh8QBvw3kV/8cHc7ZJcrbVsRwP8wKjkwPXTSz76Y%3D' (2024-08-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/909e8cfb60d83321d85c8d17209d733658a21c95?narHash=sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU%3D' (2024-07-21)
  → 'github:Mic92/sops-nix/8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9?narHash=sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb%2BN4Ap4%3D' (2024-08-05)
2024-10-21 17:49:03 +02:00
June f128368c0c
penpot: configure penpot host using oci-containers 2024-10-21 17:49:03 +02:00
June 6c7edcc1d3
spaceapi: remove inside sensors for privacy reasons 2024-10-21 17:49:03 +02:00
June 3401265e6f
Update spaceapid to v0.1.0 2024-10-21 17:49:03 +02:00
June 94f8269d22
Configure Uptime-Kuma host 2024-10-21 17:49:03 +02:00
June fe24a029cc
Add .editorconfig for ensuring some consistency 2024-10-21 17:49:03 +02:00
June 9a0d2fc9c6
Clean up networking configs by making them all use the same layout
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-10-21 17:49:03 +02:00
June b7acd9f65d
Give esphome a static v6 and get cert directly via chal. served over v6
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-10-21 17:49:03 +02:00
June 744d17c0c7
Fix container registry image uploads for git server
Do this by disabling checking of client request body size.
2024-10-21 17:49:03 +02:00
christian 89ee6878ad
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
  → 'github:nixos/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171?narHash=sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0%3D' (2024-07-21)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/0af9d835c27984b3265145f8e3cbc6c153479196?narHash=sha256-if0qaFmAe8X01NsVRK5e9Asg9mEWVkHrA9WuqM5jB70%3D' (2024-07-14)
  → 'github:nixos/nixpkgs/4cc8b29327bed3d52b40041f810f49734298af46?narHash=sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y%3D' (2024-07-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/0703ba03fd9c1665f8ab68cc3487302475164617?narHash=sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY%3D' (2024-07-14)
  → 'github:Mic92/sops-nix/909e8cfb60d83321d85c8d17209d733658a21c95?narHash=sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU%3D' (2024-07-21)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
  → 'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171?narHash=sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0%3D' (2024-07-21)
2024-10-21 17:49:03 +02:00
June 4e095c1a85
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki 2024-10-21 17:49:03 +02:00
June 827b6b41c1
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f?narHash=sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A%3D' (2024-07-01)
  → 'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7?narHash=sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ%3D' (2024-07-13)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e?narHash=sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw%3D' (2024-07-01)
  → 'github:nixos/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc?narHash=sha256-pY0wosAgcr9W4vmGML0T3BVhQiGuKoozCbs2t%2BJe1zc%3D' (2024-07-01)
  → 'github:nixos/nixpkgs/0af9d835c27984b3265145f8e3cbc6c153479196?narHash=sha256-if0qaFmAe8X01NsVRK5e9Asg9mEWVkHrA9WuqM5jB70%3D' (2024-07-14)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b5974d4331fb6c893e808977a2e1a6d34b3162d6?narHash=sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8%2BawNMyqs%3D' (2024-06-30)
  → 'github:Mic92/sops-nix/0703ba03fd9c1665f8ab68cc3487302475164617?narHash=sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY%3D' (2024-07-14)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119?narHash=sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo%3D' (2024-06-29)
  → 'github:NixOS/nixpkgs/74348da2f3a312ee25cea09b98cdba4cb9fa5d5d?narHash=sha256-6vuViC56%2BKSr%2B945bCV8akHK%2B7J5k6n/epYg/W3I5eQ%3D' (2024-07-14)
2024-10-21 17:49:03 +02:00
June 3a793a6272
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3?narHash=sha256-WZ1gdKq/9u1Ns/oXuNsDm%2BW0salonVA0VY1amw8urJ4%3D' (2024-06-10)
  → 'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f?narHash=sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A%3D' (2024-07-01)
• Updated input 'nixos-generators/nixlib':
    'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f?narHash=sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw%3D' (2024-04-07)
  → 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6?narHash=sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY%3D' (2024-06-30)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/201ed88e66f7f34d5c74e46d2e4399cc4bea1501?narHash=sha256-3vNXv4zrblZFobrxz1P3RwLpHl6X3/GzfArdTxq0%2BnI%3D' (2024-06-21)
  → 'github:nixos/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e?narHash=sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw%3D' (2024-07-01)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/1c0bec249943cd3e03f876554b8af7d1e32a09e1?narHash=sha256-uIZlOpCIi/GZ3xrkA87CAHqbTvsTbVQV1JjnP33slxs%3D' (2024-06-21)
  → 'github:nixos/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc?narHash=sha256-pY0wosAgcr9W4vmGML0T3BVhQiGuKoozCbs2t%2BJe1zc%3D' (2024-07-01)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/797ce4c1f45a85df6dd3d9abdc53f2691bea9251?narHash=sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg%3D' (2024-06-16)
  → 'github:Mic92/sops-nix/b5974d4331fb6c893e808977a2e1a6d34b3162d6?narHash=sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8%2BawNMyqs%3D' (2024-06-30)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/c884223af91820615a6146af1ae1fea25c107005?narHash=sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs%3D' (2024-06-15)
  → 'github:NixOS/nixpkgs/4a1e673523344f6ccc84b37f4413ad74ea19a119?narHash=sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo%3D' (2024-06-29)
2024-10-21 17:49:03 +02:00
June 03227f546e
Make passwordless ssh for ptouch-print-server work again
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-10-21 17:49:03 +02:00
June fb6a5444c9
Last commit didn't do, switching to Docker instead of podman does 2024-10-21 17:49:03 +02:00
June becec64020
Fix clone step failing, because git.hamburg.ccc.de could not be resolved 2024-10-21 17:49:03 +02:00
June 2b276b2c97
Use an agent token for Woodpecker agent to stop it from re-registering
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-10-21 17:49:03 +02:00
June 4ec5afa360
Disable mjolnirs verbose logging to have it not spam the management room 2024-10-21 17:49:03 +02:00
June b574cc09ab
Add woodpecker host running a woodpecker-server and -agent for CI 2024-10-21 17:49:03 +02:00
June 4e1700e8bb
flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94?narHash=sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J%2Bve1w%3D' (2024-05-20)
  → 'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3?narHash=sha256-WZ1gdKq/9u1Ns/oXuNsDm%2BW0salonVA0VY1amw8urJ4%3D' (2024-06-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/de0ae76b011bf0000d58ab71821199ce310128b2?narHash=sha256-/VAxV/4lvtOtq4Zxq0MrqTGj7g8aSR/eJQDXB37ozvs%3D' (2024-06-16)
  → 'github:nixos/nixpkgs/201ed88e66f7f34d5c74e46d2e4399cc4bea1501?narHash=sha256-3vNXv4zrblZFobrxz1P3RwLpHl6X3/GzfArdTxq0%2BnI%3D' (2024-06-21)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/2ee89d5a0167a8aa0f2a5615d2b8aefb1f299cd4?narHash=sha256-2eh7rYxQOntkUjFXtlPH7lBuUDd4isu/YHRjNJW7u1Q%3D' (2024-05-23)
  → 'github:nixos/nixpkgs/1c0bec249943cd3e03f876554b8af7d1e32a09e1?narHash=sha256-uIZlOpCIi/GZ3xrkA87CAHqbTvsTbVQV1JjnP33slxs%3D' (2024-06-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b549832718b8946e875c016a4785d204fcfc2e53?narHash=sha256-0lMkIk9h3AzOHs1dCL9RXvvN4PM8VBKb%2BcyGsqOKa4c%3D' (2024-05-22)
  → 'github:Mic92/sops-nix/797ce4c1f45a85df6dd3d9abdc53f2691bea9251?narHash=sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg%3D' (2024-06-16)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/e7cc61784ddf51c81487637b3031a6dd2d6673a2?narHash=sha256-H0eCta7ahEgloGIwE/ihkyGstOGu%2BkQwAiHvwVoXaA0%3D' (2024-05-18)
  → 'github:NixOS/nixpkgs/c884223af91820615a6146af1ae1fea25c107005?narHash=sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs%3D' (2024-06-15)
2024-10-21 17:49:03 +02:00
June 024451942e
Add mjolnir host running mjolnir for Matrix moderation
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-10-21 17:49:02 +02:00
June 2ee045a296
Use forgejo package from stable (24.05) instead of from unstable 2024-10-21 17:47:58 +02:00
June 49a2dc6306
Upgrade to NixOS 24.05
Also bump the default state version to 24.05.

See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-10-21 17:47:58 +02:00
June b6d48859cc
Add hacker.tours and a staging env. similar to the CCCHH website one 2024-10-21 17:47:58 +02:00
christian 8a6820a418
Add mqtt server (mosquitto)
The config was based on the exsisting mosquitto setup.
2024-10-21 17:47:58 +02:00
fi c556475efd
Bump element-web to 1.11.68 2024-10-21 17:47:58 +02:00
June 2492eb970f
Mark nix code blocks as containing nix code for syntax highlighting 2024-10-21 17:47:58 +02:00
June 903725dc18
Document where a secret is then actually available on the host 2024-10-21 17:47:58 +02:00
June 549c9b1e33
Add ssh-to-age to the admin tooling 2024-10-21 17:47:58 +02:00
June a355321979
Document how to use sops and sops-nix 2024-10-21 17:47:58 +02:00
echtnurich e24b5b6fb1
fix yate-config not pulling 2024-09-08 21:08:17 +02:00
echtnurich fb458e244b
fix yate deploy key 2024-09-08 21:07:47 +02:00
echtnurich f9f258a212
change yate-config repo 2024-09-08 18:52:22 +02:00
echtnurich c62f722899
make sure source is available before deleting config 2024-08-08 20:11:42 +02:00
echtnurich c9967f73c0
decolour the log because of blob data 2024-08-07 18:53:15 +02:00
echtnurich 3b83a5d8ab
recreate the full config everytime 2024-08-07 18:51:12 +02:00
echtnurich 149f846d32
create yate service user 2024-08-07 18:03:17 +02:00
echtnurich fd525ee06f
make yate systemd service 2024-08-06 22:06:26 +02:00
echtnurich 1ef4c1cd48
Fix config via git 2024-08-05 20:58:09 +02:00
echtnurich b4de5dbb53
introduce /etc/yate, clone/reset on service start 2024-06-09 18:26:27 +02:00
echtnurich 2037a1b647
add yate service for autostart 2024-06-08 23:53:52 +02:00
christian 579b63fe89
Update authorizedKeysRepo rev in common/users.nix
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
June ef1710b09f
Configure basic yate host 2024-06-08 20:18:59 +02:00
June 46e43e51aa
Add deployment_configuration to make deployment using infra-rebuild work
Also document usage of infra-rebuild and its configuration file.
2024-06-08 19:57:40 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
June a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June 58ec317b02
Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00
June 7c7da0db05
Add a nix box managed by June
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
June 3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix 2024-05-26 03:49:43 +02:00