Commit graph

139 commits

Author SHA1 Message Date
June a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June 58ec317b02
Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00
June 7c7da0db05
Add a nix box managed by June
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
June 3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix 2024-05-26 03:49:43 +02:00
June dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix 2024-05-26 03:14:31 +02:00
June 154edc1972
Switch the matrix hosts secret management from colmena to sops-nix 2024-05-26 03:01:34 +02:00
June 361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix 2024-05-26 02:50:08 +02:00
June 88e3da11a6
Introduce sops and sops-nix for secret management
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.

https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00
June 475ab8cc66
Configure EH22 Wiki 2024-05-17 20:42:48 +02:00
June 14bbdea9dc
Add MPD to audio service module 2024-04-23 19:12:16 +02:00
June bc6af32a36
Update spaceapid to latest commit and use correct logo URL 2024-04-15 17:07:50 +02:00
June c97f169b77
Add print server for label printer to have it easily usable via SSH
Add and configure a print server for the Brother P-touch QL 500 label
printer, so that it can be easily used via SSH.

Do the following to make that work:
- Configure the print server host.
- Package printer-driver-ptouch to have a working driver for the label
  printer.
- Configure CUPS.
- Add a script "forcecommand-lpr-wrapper", which works together with the
  ForceCommand sshd_config option and wraps lpr to provide an easy
  interface to use the Brother QL 500 label printer via SSH.
- Add a print user and configure SSH to have the
  "forcecommand-lpr-wrapper" script accessible without a password using
  the print user via SSH.
2024-04-14 18:46:51 +02:00
christian 6a0218c132
Serve old easterhegg pages from public-web-static.
The old easterhegg pages from 2003, 2005, 2007, 2009, 2011 are served on the
easterhegg.eu domain and all old subdomains under hamburg.ccc.de
redirect to the corresponding pages under easterhegg.eu
2024-03-29 16:16:13 +01:00
June 1ad6ac9dc0
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00
fi a5a994f87f
Bump element-web to 1.11.59 2024-03-02 17:22:15 +01:00
June 7ab1563c88
Add entry to public-reverse-proxy for acme challenge for light-werkstatt 2024-03-02 15:40:55 +01:00
fi d8d0236870
Fix indentation 2024-01-28 22:03:15 +01:00
fi 2ae1ad3604
Configure matrix server .well-known delegation 2024-01-28 21:59:08 +01:00
fi 4c0decea4a
Update element-web to 1.11.55 2024-01-28 05:05:53 +01:00
June e18b840d20
Enable offline mode for Forgejo to disable use of CDN and Gravatar 2024-01-24 20:17:59 +01:00
June a0e92ff92a
Give Git an IPv6 2024-01-23 23:24:20 +01:00
June 7ce5c934df
Redirect old feed location to new one for CCCHH website 2024-01-23 19:57:20 +01:00
June c83f1faaa7
Use custom 404 page for hamburg.ccc.de 2024-01-22 23:32:00 +01:00
June 1dd8651bda
Update wiki links to point to wiki.hamburg.ccc.de 2024-01-22 23:15:03 +01:00
June 394f4fe562
Deploy new website under hamburg.ccc.de
Make next.hamburg.ccc.de hamburg.ccc.de and add redirects to handle URLs
of the old website deployment properly.
Also redirect the old spaceapi endpoint to the new one.

Add staging.hamburg.ccc.de for hosting upcoming changes (PRs).
Also give it a robots.txt, since its contents don't need to show up in
search engines.

Add www.hamburg.ccc.de and let it redirect to hamburg.ccc.de.
2024-01-22 23:08:38 +01:00
June 485ed0fec2
Use opensearch for code and issue search 2024-01-22 17:59:01 +01:00
June 12c38aac8b
Add CO2 sensors to spaceapid response 2024-01-22 02:05:48 +01:00
June 7fd115ca22
Use new infrastructure-authorized-keys url and latest commit 2024-01-21 04:55:57 +01:00
June aa25b300e3
Fix temperature unit in spaceapid response
See:
https://github.com/SpaceApi/directory/pull/247#pullrequestreview-1825757336
CCCHH/spaceapid#26
https://spaceapi.io/docs/#schema-key-sensors-temperature-unit
2024-01-21 03:54:01 +01:00
June 598e110641
Don't keep artifacts for so long
Keep them for 30 days instead of the default 90.
2024-01-20 21:39:22 +01:00
June f6567bffb2
Use Forgejo 1.21 from NixOS unstable to make Actions work properly
1.21 has scheduled Actions for example, which we need.
2024-01-20 21:34:09 +01:00
June 85c059c75c
Configure new forgejo-actions-runner host
Configure it to host a forgejo-actions-runner capable of handling CI
workloads running on Docker.
2024-01-18 05:03:21 +01:00
June 4970f59052
Enable Forgejo Actions for our Forgejo 2024-01-18 05:02:47 +01:00
June 8faf83158f Disable HTTP Basic authentication and set default repo units for Forgejo 2024-01-16 20:35:56 +01:00
Bendodroid 7cef911b61 Set -ldflags for spaceapid to set version string
Co-authored-by: June <june@jsts.xyz>
2024-01-16 02:46:09 +01:00
June b5ec5fd763 Update spaceapid 2024-01-16 02:33:13 +01:00
June eea98d66c4 Update spaceapid 2024-01-15 23:39:09 +01:00
June 1c54a7b316 Update spaceapid 2024-01-15 22:38:00 +01:00
June 001740df0b Link to new Git host (Forgejo) in spaceapi response 2024-01-15 03:30:34 +01:00
June 5b61a31904 Use new spaceapid version and configure temp. and humid. sensors 2024-01-15 03:25:48 +01:00
June ec5430ee34 Add and configure new Git server using Forgejo 2024-01-14 23:19:41 +01:00
June 26132b1526 Use latest version of infrastructure-authorized-keys repo 2024-01-14 21:04:03 +01:00
June 34f5a8b229 Give NixOS template 16G of additional space using new option
See here for the PR introducing the option:
https://github.com/NixOS/nixpkgs/pull/238735
2024-01-13 20:17:40 +01:00
June 4ef0a6a02d Add c3cat.de virtualHost config for forwarding c3cat.de to wiki 2024-01-13 18:21:01 +01:00
June 0b433a2fa7 Set PostgreSQL package to PostgreSQL 15 for netbox host
Also remove the upgrade script again.

Bascially do steps 4 and 5 of the following section of the manual:
https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
2023-12-06 01:11:25 +01:00
June 49f7ed8d60 Add and run script for upgrading PostgreSQL of netbox host
The script is a modified version of the script shown in the PostgreSQL
Upgrading section of the NixOS manual. Our version is for upgrading
PostgreSQL 14 to 15.
Basically do steps 1-3 of the section.

Link to the section:
https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
2023-12-06 01:06:43 +01:00
June f9fc034556 Set PostgreSQL package to PostgreSQL 15 for matrix host
Also remove the upgrade script again.

Bascially do steps 4 and 5 of the following section of the manual:
https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
2023-12-06 00:52:05 +01:00
June 0944a1749c Add and run script for upgrading PostgreSQL of matrix host
The script is a modified version of the script shown in the PostgreSQL
Upgrading section of the NixOS manual. Our version is for upgrading
PostgreSQL 14 to 15.
Basically do steps 1-3 of the section.

Link to the section:
https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
2023-12-06 00:46:47 +01:00
June 87e6735662 Switch to new proxyProtocol option instead of using extraParameters 2023-12-05 18:26:16 +01:00
June df9b76528d Switch to pkgs from stable
I think we used pkgs from unstable (as pkgs-unstable), because the Go
version in NixOS 23.05 was too old. But now that we're on 23.11, which
has a newer Go version, we can use pkgs from stable.
2023-12-05 17:51:52 +01:00
yuri b030b10055 Update netbox host to NixOS 23.11 and netbox to v3.6.3 2023-12-01 21:53:58 +01:00
June 25cab7982b Update spaceapid
Also set StateDirectory in the systemd service to persist state.
2023-11-10 21:56:25 +01:00
June b1b34c54ba Update spaceapid 2023-11-09 22:15:35 +01:00
June a8379c3cf2 Update spaceapid 2023-11-09 19:59:08 +01:00
June c2e46406e1 Introduce spaceapid running at spaceapi.hamburg.ccc.de 2023-11-05 00:07:19 +01:00
yuri 26a1fe0e84 Add esphome host 2023-11-04 22:20:49 +01:00
June 5803c6ddc6 Configure Audio-Hauptraum-Tafel 2023-11-04 20:49:02 +01:00
June ed4b43ebfd Rename Audio to Audio Hauptraum Küche 2023-11-02 23:26:55 +01:00
June c9310374af Move audio configuration into a service module
- Move audio configuration into a service module to make it easily
  usable by multiple hosts.
- Allow configuration of AirPlay 2 name.
- Don't set MQTT topic of Shairport-Sync (AirPlay 2) explictly. Defaults
  to hostname now.
- Don't set sound.enable anymore, since its not needed.
2023-11-02 21:57:08 +01:00
June e2cd652cb6 Also set Restart to on-failure for nqptp service for good measure 2023-10-26 21:30:21 +02:00
June 616f65c6ca Set Restart to on-failure for shairport-sync service
Do that, since it recently crashed for some reason and just restarting
should probably work pretty well.
2023-10-26 21:08:57 +02:00
June b0995784fc Add next.hamburg.ccc.de virtualHost config for hosting the new website
In the future next.hamburg.ccc.de might also be used for hosting website
builds of branches or MRs.
2023-10-25 02:17:21 +02:00
June ae11e1f3da Move PipeWire configuration into own file
Also add link to documentation.
2023-10-16 22:52:35 +02:00
June 28cd59c957 Add Spotify Connect receiver using librespot 2023-10-16 22:29:09 +02:00
June abce3dee7a Use Pipewire and switch to Pipewire audio backend 2023-10-16 16:59:14 +02:00
June c72b30aa6a Make AirPlay 2 work for Shairport Sync on Audio host
- use nqptp
- use Shairport Sync and nqptp versions, which work
- disable IPv6, since Shairport Sync doesn't work with it for some
  reason
- configure firewall for AirPlay 2
- use correct subnet
2023-10-15 21:44:25 +02:00
June 534db2a68f Configure IPv6 (and static IPs) for audio host 2023-10-09 23:49:41 +02:00
yuri 3ee198bc10 Change Content-Security-Policy "frame-ancestors" to "self"
This allows for downloading files as the download button
spawns an iframe when clicking it.
2023-10-07 05:43:18 +02:00
June c3a9e56437 Fix synapse systemd service by allowing access to the media store 2023-10-07 05:38:47 +02:00
June ddcf4eff0d Introduce branding-resources site and brand Element welcome/auth page 2023-10-07 05:17:53 +02:00
yuri 02411bb800 Configure public-web-static host for Element Web hosting
Co-authored-by: julian <julian@jsts.xyz>
2023-10-07 04:29:08 +02:00
yuri 3053eb9b2f Proxy to IPv4 local address
Only proxy to the local host on IPv4, because localhost doesn't seem to work
even if matrix-synapse is listening on ::1 as well.
2023-10-07 03:30:24 +02:00
June 95ac75c355 Add configuration for Chaosknoten NixOS Proxmox image 2023-10-07 03:13:22 +02:00
yuri 58d529d0ba Configure Matrix host
Co-authored-by: julian <julian@jsts.xyz>
2023-10-06 05:33:28 +02:00
June 01a6d189f2 Migrate NetBox to Chaosknoten and hamburg.ccc.de domain 2023-09-21 19:09:28 +02:00
June 2e3e8c7031 Configure NetBox 2023-09-14 23:52:20 +02:00
June e0c7180ecf Add common acme configuration for upcoming use of acme 2023-09-14 23:51:40 +02:00
June b680cbbd0b Actually import common nginx configuration 2023-09-14 23:50:46 +02:00
June cd13c189b1 Configure Public-Reverse-Proxy 2023-09-14 22:12:38 +02:00
June 30b4139d23 Add common nginx configuration for upcoming nginx hosts 2023-09-14 21:43:20 +02:00
June 1803025193 Introduce colmena-deploy user 2023-09-14 20:19:49 +02:00
June bd1d59e8b4 Give the Proxmox VM template a nicer name 2023-09-14 20:14:35 +02:00
June c427ff934a Switch from BIOS and GRUB to UEFI and systemd-boot for Proxmox VMs 2023-09-14 20:12:09 +02:00
June 5bfa655d3e Add config for fstrim 2023-09-14 20:09:51 +02:00
June 79def99252 Enable Shairport Sync metadata and MQTT support 2023-09-11 23:20:41 +02:00
yuri c1dd3f6011 Remove super verbose output parameter 2023-09-11 23:20:41 +02:00
yuri 096f2ffa91 Introduce colmena config and add shairport-sync host 2023-09-11 23:20:41 +02:00
yuri 10702979f1 Add nix configuration
Make wheel group trusted users in preparation for colmena.
2023-09-11 23:20:41 +02:00
June 4193e65a04 Initial commit. Add configuration for NixOS Proxmox image 2023-09-11 23:20:34 +02:00