CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues 1 Pull requests 1 Wiki Activity
174 commits 7 branches 0 tags 807 KiB
Commit graph

135 commits

Author SHA1 Message Date
Stefan Bethke
e2dc43ede9
 		public-web-static: redirect old hackertours 37C3 urls to proper url 2024-10-21 17:49:04 +02:00
June
905b7dd3ba
 		public-web-static: add staging for hackertours.hamburg.ccc.de 2024-10-21 17:49:04 +02:00
June
4906d71540
 		public-web-static: add hackertours.hamburg.ccc.de static web host 
It can be deployed using a corresponding deploy key in the same manner
hacker.tours and hamburg.ccc.de can be deployed.
 2024-10-21 17:49:04 +02:00
c6ristian
dfd6506e1c
 		Update element to 1.11.80 2024-10-21 17:49:03 +02:00
June
51cc0097f0
 		netbox: integrate with CCCHH ID (Keycloak) 2024-10-21 17:49:03 +02:00
June
7e6644b112
 		all: setup prometheus node exporter for all hosts on Chaosknoten 
Do that so we can have monitoring for them via prometheus, alertmanager
and grafana.
Also add a local ip for the git host for PVE firewalling.
 2024-10-21 17:49:03 +02:00
June
f9052d0eac
 		mjolnir: allow use of deprecated, somewhat insecure libolm 
Do this to be able to update the moderation bot and because the security
issues apparently aren't real world exploitable:
https://matrix.org/blog/2024/08/libolm-deprecation/
 2024-10-21 17:49:03 +02:00
June
539b17edc3
 		public-web-static: host Easterhegg 20 website static export 2024-10-21 17:49:03 +02:00
June
5e15381f81
 		penpot: switch to stock penpot image and version 2.1.3 
Do that since it now has all the fixes applied we need.
 2024-10-21 17:49:03 +02:00
dequis
919652f09c
 		spaceapid: add 3d printer state sensors (bool) 
The schema only allows numeric values so I'm leaving the time to finish
field out of this for now.
 2024-10-21 17:49:03 +02:00
June
f128368c0c
 		penpot: configure penpot host using oci-containers 2024-10-21 17:49:03 +02:00
June
6c7edcc1d3
 		spaceapi: remove inside sensors for privacy reasons 2024-10-21 17:49:03 +02:00
June
3401265e6f
 		Update spaceapid to v0.1.0 2024-10-21 17:49:03 +02:00
June
94f8269d22
 		Configure Uptime-Kuma host 2024-10-21 17:49:03 +02:00
June
9a0d2fc9c6
 		Clean up networking configs by making them all use the same layout 
Also use the v6 gateway as a nameserver as well for the esphome host.
 2024-10-21 17:49:03 +02:00
June
b7acd9f65d
 		Give esphome a static v6 and get cert directly via chal. served over v6 
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
 2024-10-21 17:49:03 +02:00
June
744d17c0c7
 		Fix container registry image uploads for git server 
Do this by disabling checking of client request body size.
 2024-10-21 17:49:03 +02:00
June
4e095c1a85
 		Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki 2024-10-21 17:49:03 +02:00
June
03227f546e
 		Make passwordless ssh for ptouch-print-server work again 
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
 2024-10-21 17:49:03 +02:00
June
fb6a5444c9
 		Last commit didn't do, switching to Docker instead of podman does 2024-10-21 17:49:03 +02:00
June
becec64020
 		Fix clone step failing, because git.hamburg.ccc.de could not be resolved 2024-10-21 17:49:03 +02:00
June
2b276b2c97
 		Use an agent token for Woodpecker agent to stop it from re-registering 
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
 2024-10-21 17:49:03 +02:00
June
4ec5afa360
 		Disable mjolnirs verbose logging to have it not spam the management room 2024-10-21 17:49:03 +02:00
June
b574cc09ab
 		Add woodpecker host running a woodpecker-server and -agent for CI 2024-10-21 17:49:03 +02:00
June
024451942e
 		Add mjolnir host running mjolnir for Matrix moderation 
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
 2024-10-21 17:49:02 +02:00
June
2ee045a296
 		Use forgejo package from stable (24.05) instead of from unstable 2024-10-21 17:47:58 +02:00
June
49a2dc6306
 		Upgrade to NixOS 24.05 
Also bump the default state version to 24.05.

See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
 2024-10-21 17:47:58 +02:00
June
b6d48859cc
 		Add hacker.tours and a staging env. similar to the CCCHH website one 2024-10-21 17:47:58 +02:00
c6ristian
8a6820a418
 		Add mqtt server (mosquitto) 
The config was based on the exsisting mosquitto setup.
 2024-10-21 17:47:58 +02:00
fi
c556475efd
 		Bump element-web to 1.11.68 2024-10-21 17:47:58 +02:00
June
549c9b1e33
 		Add ssh-to-age to the admin tooling 2024-10-21 17:47:58 +02:00
echtnurich
e24b5b6fb1
 		fix yate-config not pulling 2024-09-08 21:08:17 +02:00
echtnurich
fb458e244b
 		fix yate deploy key 2024-09-08 21:07:47 +02:00
echtnurich
f9f258a212
 		change yate-config repo 2024-09-08 18:52:22 +02:00
echtnurich
c62f722899
 		make sure source is available before deleting config 2024-08-08 20:11:42 +02:00
echtnurich
c9967f73c0
 		decolour the log because of blob data 2024-08-07 18:53:15 +02:00
echtnurich
3b83a5d8ab
 		recreate the full config everytime 2024-08-07 18:51:12 +02:00
echtnurich
149f846d32
 		create yate service user 2024-08-07 18:03:17 +02:00
echtnurich
fd525ee06f
 		make yate systemd service 2024-08-06 22:06:26 +02:00
echtnurich
1ef4c1cd48
 		Fix config via git 2024-08-05 20:58:09 +02:00
echtnurich
b4de5dbb53
 		introduce /etc/yate, clone/reset on service start 2024-06-09 18:26:27 +02:00
echtnurich
2037a1b647
 		add yate service for autostart 2024-06-08 23:53:52 +02:00
c6ristian
579b63fe89
 		Update authorizedKeysRepo rev in common/users.nix 
to add echtnurich secondary device key
 2024-06-08 21:39:24 +02:00
June
ef1710b09f
 		Configure basic yate host 2024-06-08 20:18:59 +02:00
June
9d7f9d0ec8
 		Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June
41f04732c2
 		Switch from colmena to standard nixosConfigurations 
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
 2024-05-27 01:43:53 +02:00
June
a7541eefa8
 		Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June
58ec317b02
 		Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00
June
7c7da0db05
 		Add a nix box managed by June 
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
 2024-05-26 14:39:28 +02:00
June
3aae597752
 		Switch the public-web-static hosts secret mngmt from colmena to sops-nix 2024-05-26 03:49:43 +02:00