Commit graph

189 commits

Author SHA1 Message Date
Tristan Daniël Maat 88494da98b
WIP: Add hetzner config 2024-03-03 01:24:32 +01:00
Tristan Daniël Maat 3e1c95797c
WIP: gitea: Migrate to forgejo 2023-12-30 22:09:32 +01:00
Tristan Daniël Maat ebc45a9af1
treewide: Upgrade to NixOS 23.11 2023-12-30 19:41:06 +01:00
Tristan Daniël Maat 4a966412b8
staging: Use a static ssh host key 2023-12-29 16:48:23 +01:00
Tristan Daniël Maat 95b5d4b3bd
nginx: Reduce number of rotated logs kept around 2023-12-15 17:04:42 +01:00
Tristan Daniël Maat eb3bd485c4
metrics: Add size limit to victoriametrics 2023-12-15 17:04:39 +01:00
Tristan Daniël Maat 759a9c7c0c
conduit: Fix acme issue
letsencrypt will prod on port 80 to verify the domain. `listen`
overrides `addSSL`, so none of the NixOS modules' setup will actually
work.

This means the conduit virtualhost never listened on port 80, and
couldn't verify letsencrypt requests.

How this *ever* worked is beyond me, but this commit resolves the
problems (don't worry, `forceSSL` does what it says on the tin and
overrides the `listen` again).
2023-10-13 06:08:26 +02:00
Tristan Daniël Maat 55a4aaf48b
metrics: Add metrics with victoriametrics + grafana 2023-10-12 20:41:04 +02:00
Tristan Daniël Maat 78a9eac9bb
sops: Sort secrets alphabetically 2023-10-12 20:27:43 +02:00
Tristan Daniël Maat 87dd9daa4f
backups: Add atomic backups with restic 2023-10-12 20:27:34 +02:00
Tristan Daniël Maat ab5e088016
conduit: Add Element X support 2023-09-18 04:17:16 +02:00
Tristan Daniël Maat 355ae4b70b
nextcloud: Update apps 2023-09-18 04:17:07 +02:00
Tristan Daniël Maat 01b0327ca0
flake.lock: Update
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/724463b5a94daa810abfc64a4f87faef4e00f984' (2023-06-14)
  → 'github:serokell/deploy-rs/31c32fb2959103a796e07bbe47e0a5e287c343a8' (2023-09-12)
• Updated input 'foundryvtt':
    'github:reckenrode/nix-foundryvtt/440d3502d17c45d8dfeee5c1833d1ff03525a07b' (2023-07-06)
  → 'github:reckenrode/nix-foundryvtt/3358ccef0ea3e06faabe8c54761fb8a0862b80d4' (2023-08-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/f3fbbc36b4e179a5985b9ab12624e9dfe7989341' (2023-07-26)
  → 'github:nixos/nixpkgs/5d017a8822e0907fb96f7700a319f9fe2434de02' (2023-09-17)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/ef99fa5c5ed624460217c31ac4271cfb5cb2502c' (2023-07-25)
  → 'github:nixos/nixpkgs/ace5093e36ab1e95cb9463863491bee90d5a4183' (2023-09-15)
• Updated input 'nvfetcher':
    'github:berberman/nvfetcher/44196458acc2c28c32e456c50277d6148e71e708' (2023-06-22)
  → 'github:berberman/nvfetcher/2bcf73dea96497ac9c36ed320b457caa705f9485' (2023-09-01)
• Updated input 'nvfetcher/flake-utils':
    'github:numtide/flake-utils/abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c' (2023-06-19)
  → 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c36df4fe4bf4bb87759b1891cab21e7a05219500' (2023-07-24)
  → 'github:Mic92/sops-nix/ea208e55f8742fdcc0986b256bdfa8986f5e4415' (2023-09-12)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/ce45b591975d070044ca24e3003c830d26fea1c8' (2023-07-22)
  → 'github:NixOS/nixpkgs/5601118d39ca9105f8e7b39d4c221d3388c0419d' (2023-09-02)
2023-09-17 21:25:14 +02:00
Tristan Daniël Maat bb3ffbbd90
nextcloud: Configure redis caching 2023-07-29 18:17:39 +02:00
Tristan Daniël Maat 0c5755d2f0
nextcloud: Upgrade to version 27 2023-07-29 18:17:24 +02:00
Tristan Daniël Maat 88d96f198b
nextcloud: Apply recommended PHP setting 2023-07-28 12:19:00 +02:00
Tristan Daniël Maat 6b1e5dee56
deploy: Allow substituters 2023-07-28 12:05:59 +02:00
Tristan Daniël Maat 5aa7686ab5
nextcloud: Update apps 2023-07-28 11:24:15 +02:00
Tristan Daniël Maat 828d3f3878
services: Update outdated options 2023-07-28 11:23:56 +02:00
Tristan Daniël Maat ecbf382d43
Update to NixOS 23.05 2023-07-28 11:23:35 +02:00
Tristan Daniël Maat 1e1f8f1e36
flake.lock: Update
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/8c9ea9605eed20528bf60fae35a2b613b901fd77' (2023-01-19)
  → 'github:serokell/deploy-rs/724463b5a94daa810abfc64a4f87faef4e00f984' (2023-06-14)
• Updated input 'foundryvtt':
    'github:reckenrode/nix-foundryvtt/6c52bfc6824a3dba673df4894a71193ec32aa399' (2023-02-22)
  → 'github:reckenrode/nix-foundryvtt/440d3502d17c45d8dfeee5c1833d1ff03525a07b' (2023-07-06)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/f294325aed382b66c7a188482101b0f336d1d7db' (2023-04-16)
  → 'github:nixos/nixpkgs/ef99fa5c5ed624460217c31ac4271cfb5cb2502c' (2023-07-25)
• Updated input 'nvfetcher':
    'github:berberman/nvfetcher/0a9ac5fd07b52467d81163b1f8c94c12e5c9aff9' (2023-01-06)
  → 'github:berberman/nvfetcher/44196458acc2c28c32e456c50277d6148e71e708' (2023-06-22)
• Updated input 'nvfetcher/flake-compat':
    'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
  → 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
• Updated input 'nvfetcher/flake-utils':
    'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
  → 'github:numtide/flake-utils/abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c' (2023-06-19)
• Added input 'nvfetcher/flake-utils/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/de6514f8fe1b3c2b57307569a0898bc4be9ae1c5' (2023-04-17)
  → 'github:Mic92/sops-nix/c36df4fe4bf4bb87759b1891cab21e7a05219500' (2023-07-24)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/1040ce5f652b586da95dfd80d48a745e107b9eac' (2023-04-16)
  → 'github:NixOS/nixpkgs/ce45b591975d070044ca24e3003c830d26fea1c8' (2023-07-22)
• Updated input 'tlaternet-webserver':
    'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=2ca66c4fe1b8cfdd5d873cadb2735cef555dacca' (2023-04-17)
  → 'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=c573a6f81827594ceeffbfa058659e2fc20e4a1e' (2023-06-13)
• Updated input 'tlaternet-webserver/dream2nix':
    'github:nix-community/dream2nix/34a80ab215f1f24068ea9c76f3a7e5bc19478653' (2023-04-04)
  → 'github:nix-community/dream2nix/0c064fa9dd025069cc215b0a8b4eb5ea734aceb0' (2023-06-06)
• Updated input 'tlaternet-webserver/dream2nix/crane':
    'github:ipetkov/crane/59b31b41a589c0a65e4a1f86b0e5eac68081468b' (2022-12-13)
  → 'github:ipetkov/crane/445a3d222947632b5593112bb817850e8a9cf737' (2023-04-11)
• Updated input 'tlaternet-webserver/dream2nix/drv-parts':
    'github:davhau/drv-parts/ced8a52f62b0a94244713df2225c05c85b416110' (2023-03-30)
  → 'github:davhau/drv-parts/e8c2ec1157dc1edb002989669a0dbd935f430201' (2023-04-05)
• Updated input 'tlaternet-webserver/fenix':
    'github:nix-community/fenix/0d8c0d08db5fe6e5d995f4584f991ad60bbb1673' (2023-04-17)
  → 'github:nix-community/fenix/6fbeedcd2fc1fba77152e13fd7492824d77a4060' (2023-06-13)
• Updated input 'tlaternet-webserver/fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/bab80dae445fd576cb4cc22ba208e9fbc39dc18d' (2023-04-16)
  → 'github:rust-lang/rust-analyzer/1f1fe81f0db301124b3026bd2940294526cdd852' (2023-06-12)
2023-07-28 11:03:25 +02:00
Tristan Daniël Maat a3e2d2931c
services: Add FoundryVTT service 2023-05-11 22:22:30 +01:00
Tristan Daniël Maat 14d29fa49d
services: Add wireguard service 2023-05-11 22:09:39 +01:00
Tristan Daniël Maat acd7cc802b
networking: Set up static IP address 2023-05-11 22:09:32 +01:00
Tristan Daniël Maat 317cdf0039
nextcloud: Update nextcloud apps 2023-04-17 23:35:28 +01:00
Tristan Daniël Maat 663054c293
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/8bd260eb578e3fea6bce158b24c93ab158d031e7' (2023-02-26)
  → 'github:nixos/nixpkgs/de66115c552acc4e0c0f92c5a5efb32e37dfa216' (2023-04-17)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/7f5639fa3b68054ca0b062866dc62b22c3f11505' (2023-02-26)
  → 'github:nixos/nixpkgs/f294325aed382b66c7a188482101b0f336d1d7db' (2023-04-16)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/83fe25c8019db8216f5c6ffc65b394707784b4f3' (2023-02-26)
  → 'github:Mic92/sops-nix/de6514f8fe1b3c2b57307569a0898bc4be9ae1c5' (2023-04-17)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/ea736343e4d4a052e023d54b23334cf685de479c' (2023-02-25)
  → 'github:NixOS/nixpkgs/1040ce5f652b586da95dfd80d48a745e107b9eac' (2023-04-16)
• Updated input 'tlaternet-webserver':
    'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=d142e98788c2476b7df0a5c1e621f3f5c65c130f' (2023-01-21)
  → 'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=2ca66c4fe1b8cfdd5d873cadb2735cef555dacca' (2023-04-17)
• Updated input 'tlaternet-webserver/dream2nix':
    'github:nix-community/dream2nix/9f6911c78dcb0832f7fcc955e847db1a5a9ce29a' (2023-01-02)
  → 'github:nix-community/dream2nix/34a80ab215f1f24068ea9c76f3a7e5bc19478653' (2023-04-04)
• Removed input 'tlaternet-webserver/dream2nix/alejandra'
• Removed input 'tlaternet-webserver/dream2nix/alejandra/fenix'
• Removed input 'tlaternet-webserver/dream2nix/alejandra/fenix/nixpkgs'
• Removed input 'tlaternet-webserver/dream2nix/alejandra/fenix/rust-analyzer-src'
• Removed input 'tlaternet-webserver/dream2nix/alejandra/flakeCompat'
• Removed input 'tlaternet-webserver/dream2nix/alejandra/nixpkgs'
• Added input 'tlaternet-webserver/dream2nix/drv-parts':
    'github:davhau/drv-parts/ced8a52f62b0a94244713df2225c05c85b416110' (2023-03-30)
• Added input 'tlaternet-webserver/dream2nix/drv-parts/flake-compat':
    follows 'tlaternet-webserver/dream2nix/flake-compat'
• Added input 'tlaternet-webserver/dream2nix/drv-parts/flake-parts':
    follows 'tlaternet-webserver/dream2nix/flake-parts'
• Added input 'tlaternet-webserver/dream2nix/drv-parts/nixpkgs':
    follows 'tlaternet-webserver/dream2nix/nixpkgs'
• Added input 'tlaternet-webserver/dream2nix/flake-compat':
    'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
• Updated input 'tlaternet-webserver/dream2nix/flake-parts':
    'github:hercules-ci/flake-parts/d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa' (2022-11-14)
  → 'github:hercules-ci/flake-parts/47478a4a003e745402acf63be7f9a092d51b83d7' (2023-02-09)
• Updated input 'tlaternet-webserver/dream2nix/flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/34c5293a71ffdb2fe054eb5288adc1882c1eb0b1?dir=lib' (2022-10-09)
  → follows 'tlaternet-webserver/dream2nix/nixpkgs'
• Added input 'tlaternet-webserver/dream2nix/nixpkgsV1':
    'github:NixOS/nixpkgs/5eb98948b66de29f899c7fe27ae112a47964baf8' (2023-03-11)
• Added input 'tlaternet-webserver/dream2nix/pruned-racket-catalog':
    'github:nix-community/pruned-racket-catalog/c8b89557fb53b36efa2ee48a769c7364df0f6262' (2023-01-01)
• Updated input 'tlaternet-webserver/fenix':
    'github:nix-community/fenix/eb6583fcd626051c4d284f2fb51cd2659a43e7f6' (2023-01-04)
  → 'github:nix-community/fenix/0d8c0d08db5fe6e5d995f4584f991ad60bbb1673' (2023-04-17)
• Updated input 'tlaternet-webserver/fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/a97c71f92d574cb5104e3e1246eb9038d1a214a2' (2023-01-03)
  → 'github:rust-lang/rust-analyzer/bab80dae445fd576cb4cc22ba208e9fbc39dc18d' (2023-04-16)
2023-04-17 21:07:31 +01:00
Tristan Daniël Maat 8f4399c1dd
nextcloud: Update apps 2023-02-28 04:53:27 +00:00
Tristan Daniël Maat 8ac5fa9357
flake.lock: Update
Flake lock file updates:

• Updated input 'deploy-rs':
    'github:serokell/deploy-rs/a5619f5660a00f58c2b7c16d89058e92327ac9b8' (2022-12-29)
  → 'github:serokell/deploy-rs/8c9ea9605eed20528bf60fae35a2b613b901fd77' (2023-01-19)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/54644f409ab471e87014bb305eac8c50190bcf48' (2023-01-10)
  → 'github:nixos/nixpkgs/8bd260eb578e3fea6bce158b24c93ab158d031e7' (2023-02-26)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/b1f87ca164a9684404c8829b851c3586c4d9f089' (2023-02-25)
  → 'github:nixos/nixpkgs/7f5639fa3b68054ca0b062866dc62b22c3f11505' (2023-02-26)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/2253120d2a6147e57bafb5c689e086221df8032f' (2023-01-08)
  → 'github:Mic92/sops-nix/83fe25c8019db8216f5c6ffc65b394707784b4f3' (2023-02-26)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/9f11a2df77cb945c115ae2a65f53f38121597d73' (2023-01-07)
  → 'github:NixOS/nixpkgs/ea736343e4d4a052e023d54b23334cf685de479c' (2023-02-25)
• Updated input 'tlaternet-webserver':
    'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=b2894e4fefbdc1c9964ab47c931497a417562d8a' (2023-01-05)
  → 'git+https://gitea.tlater.net/tlaternet/tlaternet.git?ref=refs%2fheads%2fmaster&rev=d142e98788c2476b7df0a5c1e621f3f5c65c130f' (2023-01-21)
2023-02-28 04:38:41 +00:00
Tristan Daniël Maat 74f38614a0
matrix: Add heisenbridge 2023-02-28 04:26:55 +00:00
Tristan Daniël Maat 33ec32a8da
conduit: Update to 0.5.0 2023-02-26 05:59:54 +00:00
Tristan Daniël Maat bb397841ee
refactoring: Use flake-inputs instead of awkwardly passing through 2023-02-26 05:59:09 +00:00
Tristan Daniël Maat b7feffc52f
hardware-configuration: Update to new auto-generated settings 2023-01-11 02:38:58 +00:00
Tristan Daniël Maat b7726af1c4
config: Make changes suggested post 22.11 update 2023-01-11 02:38:56 +00:00
Tristan Daniël Maat 957ab110c5
firewall: Open Minecraft ports for port forwarding 2023-01-11 02:38:53 +00:00
Tristan Daniël Maat f6e39e09a5
gitea: Update configuration for 22.11 2023-01-11 02:38:50 +00:00
Tristan Daniël Maat 77ddb15f22
flake.nix: Build the VM using nix build 2023-01-11 02:38:47 +00:00
Tristan Daniël Maat 544bd0a721
keys/staging: Add a few missing keys that made the vm break 2023-01-11 02:38:45 +00:00
Tristan Daniël Maat b798efb2c0
nextcloud: Update the service and apps for 22.11 2023-01-11 02:38:42 +00:00
Tristan Daniël Maat 411e075ef1
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/a9eedea7232f5d00f0aca7267efb69a54da1b8a1' (2023-01-03)
  → 'github:nixos/nixpkgs/54644f409ab471e87014bb305eac8c50190bcf48' (2023-01-10)
• Updated input 'nvfetcher':
    'github:berberman/nvfetcher/294826951113dcd3aa9abbcacfb1aa5b95a19116' (2022-11-05)
  → 'github:berberman/nvfetcher/0a9ac5fd07b52467d81163b1f8c94c12e5c9aff9' (2023-01-06)
• Updated input 'nvfetcher/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
  → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'nvfetcher/flake-utils':
    'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29)
  → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/b35586cc5abacd4eba9ead138b53e2a60920f781' (2023-01-01)
  → 'github:Mic92/sops-nix/2253120d2a6147e57bafb5c689e086221df8032f' (2023-01-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/feda52be1d59f13b9aa02f064b4f14784b9a06c8' (2022-12-31)
  → 'github:NixOS/nixpkgs/9f11a2df77cb945c115ae2a65f53f38121597d73' (2023-01-07)
2023-01-11 02:38:39 +00:00
Tristan Daniël Maat 19576ffb1e
matrix-conduit: Stop using the version from unstable 2023-01-11 02:21:39 +00:00
Tristan Daniël Maat 7a2b862235
keys: Remove obsolete key file 2022-11-05 22:27:31 +00:00
Tristan Daniël Maat a28d385b17
conduit: Enable TURNS with a ZeroSSL-provided certificate 2022-11-05 22:26:52 +00:00
Tristan Daniël Maat 997707021b
config: Enable authorization through ssh agent
This enables sudo-via-yubikey and therefore makes `-t` obsolete, in
turn fixing a whole sleuth of issues with deploy-rs.

*And* seems more secure and convenient at the same time.
2022-11-05 18:01:07 +00:00
Tristan Daniël Maat 0528f73187
nginx: Remove mitigation for openssl CVE
This has been fixed, instead we just update to the latest openssl.
2022-11-05 17:33:28 +00:00
Tristan Daniël Maat 4d5eaf34be
Update inputs 2022-11-05 17:31:58 +00:00
Tristan Daniël Maat 85a989d3c8
nvfetcher: Don't allow fetching rc versions of nextcloud cookbook 2022-11-05 17:31:24 +00:00
Tristan Daniël Maat 598c439002
conduit: Disable turns, remove the user limits and add all relay IPs 2022-11-05 17:10:39 +00:00
Tristan Daniël Maat ea06138a9b
flake.nix: Add packages for utility scripts to enable nix build 2022-11-05 16:00:50 +00:00
Tristan Daniël Maat 2304711359
config: Mitigate upcoming SSL CVE
See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

As 1.1 is unaffected, this override should be sufficient to evade this
problem.
2022-10-31 16:07:41 +00:00
Tristan Daniël Maat 73023b817d
conduit: Use dependencies from stable
Partially to circumvent the upcoming openssl CVE, partially to reduce
the number of dependencies.
2022-10-31 16:06:31 +00:00