da8e2bbbf4
Update element to 1.11.80
2024-10-10 20:50:20 +02:00
05b96b8fae
netbox: integrate with CCCHH ID (Keycloak)
2024-10-09 02:18:46 +02:00
c54b655b0e
all: setup prometheus node exporter for all hosts on Chaosknoten
...
Do that so we can have monitoring for them via prometheus, alertmanager
and grafana.
Also add a local ip for the git host for PVE firewalling.
2024-10-03 16:09:42 +02:00
68f11ad955
mjolnir: allow use of deprecated, somewhat insecure libolm
...
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
2024-09-30 23:20:06 +02:00
445bf05842
public-web-static: host Easterhegg 20 website static export
2024-09-28 05:00:31 +02:00
b26320f999
penpot: switch to stock penpot image and version 2.1.3
...
Do that since it now has all the fixes applied we need.
2024-08-27 00:00:55 +02:00
9b751fa1ed
spaceapid: add 3d printer state sensors (bool)
...
The schema only allows numeric values so I'm leaving the time to finish
field out of this for now.
2024-08-17 00:15:27 +02:00
178777007f
penpot: configure penpot host using oci-containers
2024-08-10 22:38:05 +02:00
faffcb7d54
spaceapi: remove inside sensors for privacy reasons
2024-08-04 21:05:43 +02:00
1ffc959ce3
Update spaceapid to v0.1.0
2024-08-04 21:03:29 +02:00
028b5dc9e8
Configure Uptime-Kuma host
2024-08-04 02:19:26 +02:00
b30015fee1
Clean up networking configs by making them all use the same layout
...
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-07-30 01:17:05 +02:00
e88982d7c7
Give esphome a static v6 and get cert directly via chal. served over v6
...
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-07-27 22:24:54 +02:00
a2102b064f
Fix container registry image uploads for git server
...
Do this by disabling checking of client request body size.
2024-07-27 21:05:58 +02:00
a271fddff8
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki
2024-07-15 02:44:37 +02:00
7058ec3582
Make passwordless ssh for ptouch-print-server work again
...
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-06-30 21:12:28 +02:00
026e47d055
Last commit didn't do, switching to Docker instead of podman does
2024-06-22 18:06:39 +02:00
be7f6e4917
Fix clone step failing, because git.hamburg.ccc.de could not be resolved
2024-06-22 17:11:11 +02:00
f5432bd682
Use an agent token for Woodpecker agent to stop it from re-registering
...
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.
Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-06-22 16:26:58 +02:00
1aff46745a
Disable mjolnirs verbose logging to have it not spam the management room
2024-06-22 16:07:01 +02:00
df17b25009
Add woodpecker host running a woodpecker-server and -agent for CI
2024-06-22 04:20:38 +02:00
3059843e1a
Add mjolnir host running mjolnir for Matrix moderation
...
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-06-20 23:45:44 +02:00
f3f5d5a611
Use forgejo package from stable (24.05) instead of from unstable
2024-06-20 04:12:42 +02:00
33599951ef
Upgrade to NixOS 24.05
...
Also bump the default state version to 24.05.
See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-06-17 20:59:03 +02:00
6411ae8b80
Add hacker.tours and a staging env. similar to the CCCHH website one
2024-06-13 22:53:06 +02:00
b30952a049
Add mqtt server (mosquitto)
...
The config was based on the exsisting mosquitto setup.
2024-06-11 23:03:57 +02:00
8a2d406d4e
Bump element-web to 1.11.68
2024-06-09 22:51:42 +02:00
22eff92488
add yate service for autostart
2024-06-09 21:13:14 +02:00
bc98327cda
Add ssh-to-age to the admin tooling
2024-06-09 21:10:19 +02:00
579b63fe89
Update authorizedKeysRepo rev in common/users.nix
...
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
ef1710b09f
Configure basic yate host
2024-06-08 20:18:59 +02:00
9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs
2024-06-06 20:17:00 +02:00
41f04732c2
Switch from colmena to standard nixosConfigurations
...
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.
https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts
2024-05-26 18:32:55 +02:00
58ec317b02
Use IP address for eh22-wiki, which isn't already in use
2024-05-26 18:00:20 +02:00
7c7da0db05
Add a nix box managed by June
...
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix
2024-05-26 03:49:43 +02:00
dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix
2024-05-26 03:14:31 +02:00
154edc1972
Switch the matrix hosts secret management from colmena to sops-nix
2024-05-26 03:01:34 +02:00
361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix
2024-05-26 02:50:08 +02:00
88e3da11a6
Introduce sops and sops-nix for secret management
...
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.
https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00
475ab8cc66
Configure EH22 Wiki
2024-05-17 20:42:48 +02:00
14bbdea9dc
Add MPD to audio service module
2024-04-23 19:12:16 +02:00
bc6af32a36
Update spaceapid to latest commit and use correct logo URL
2024-04-15 17:07:50 +02:00
c97f169b77
Add print server for label printer to have it easily usable via SSH
...
Add and configure a print server for the Brother P-touch QL 500 label
printer, so that it can be easily used via SSH.
Do the following to make that work:
- Configure the print server host.
- Package printer-driver-ptouch to have a working driver for the label
printer.
- Configure CUPS.
- Add a script "forcecommand-lpr-wrapper", which works together with the
ForceCommand sshd_config option and wraps lpr to provide an easy
interface to use the Brother QL 500 label printer via SSH.
- Add a print user and configure SSH to have the
"forcecommand-lpr-wrapper" script accessible without a password using
the print user via SSH.
2024-04-14 18:46:51 +02:00
6a0218c132
Serve old easterhegg pages from public-web-static.
...
The old easterhegg pages from 2003, 2005, 2007, 2009, 2011 are served on the
easterhegg.eu domain and all old subdomains under hamburg.ccc.de
redirect to the corresponding pages under easterhegg.eu
2024-03-29 16:16:13 +01:00
1ad6ac9dc0
Run "nix fmt" to format this entire flake
2024-03-06 22:50:32 +01:00
a5a994f87f
Bump element-web to 1.11.59
2024-03-02 17:22:15 +01:00
7ab1563c88
Add entry to public-reverse-proxy for acme challenge for light-werkstatt
2024-03-02 15:40:55 +01:00
d8d0236870
Fix indentation
2024-01-28 22:03:15 +01:00
