felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-04-03 04:31:22 +02:00
Code Issues Projects Releases Wiki Activity
567 Commits 56 Branches 0 Tags 4.4 MiB
main
Commit Graph

300 Commits

Author SHA1 Message Date
Felix Albrigtsen
c88c3f87e0 buskerud: add libvirtd 2024-06-22 17:36:30 +02:00
Felix Albrigtsen
71479d5ca0 quickfix: bekkalokk/mediawiki: remove DeleteBatch 2024-05-27 11:02:35 +02:00
Felix Albrigtsen
cf01792269 bekkalokk/vaultarden: Add kTLS 2024-05-26 10:50:29 +02:00
Felix Albrigtsen
35d745b156 bekkalokk: add vaultwarden 2024-05-26 04:19:17 +02:00
Felix Albrigtsen
1c35da0295 Merge pull request 'bekkalokk: add snappymail' (!39) from bekkalokk-snappymail into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/39
 2024-05-26 01:52:17 +02:00
Felix Albrigtsen
5fb1b805a8 bekkalokk: add snappymail 2024-05-26 01:07:27 +02:00
Daniel Lovbrotte Olsen
898e362a9f Merge pull request 'bekkalokk/website: add sp metadata for all domains' (!34) from add-sp-metadata-for-all-website-domains into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/34
 2024-05-14 05:27:44 +02:00
h7x4
bcf2ceed32
gitea: setup mail 2024-05-12 02:26:13 +02:00
Oystein Kristoffer Tveit
200224d2c1 Merge pull request 'bekkalokk: misc gitea cleanup' (!33) from misc-gitea-cleanup into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/33
 2024-05-12 02:12:55 +02:00
Daniel Olsen
dcf29b76b8 bicep/matrix: allow global address of new ildkule to access metrics 2024-04-24 03:03:53 +02:00
Felix Albrigtsen
55e8f01d1d Upgrade ildkule (!36) 
This PR is made while moving Ildkule from PVE on joshua, to Openstack on stack.it.ntnu.no.

- The main monitoring dashboard is moved from https://ildkule.pvv.ntnu.no to https://grafana.pvv.ntnu.no.
- A new service is added: uptime-kuma on https://uptime.pvv.ntnu.no.
- The (hardware) configuration for ildkule is updated to fit the new virtualization environment, boot loader, network interfaces, etc.
- Metrics exporters on other hosts should be updated to allow connections from the new host

As this is the first proper server running on openstack, and therefore outside our main IP range, we might discover challenges in our network structure. For example, the database servers usually only allow connections from this range, so Ildkule can no longer access it. This should be explored, documented and/or fixed as we move more services.

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/36
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
Co-committed-by: Felix Albrigtsen <felix@albrigtsen.it>
 2024-04-21 23:36:25 +02:00
h7x4
b7b1c73bfa
bekkalokk/gitea: use systemd unit for gitea customization 2024-04-16 01:02:21 +02:00
h7x4
6851879a03
bekkalokk: remove keycloak 2024-04-14 23:59:46 +02:00
h7x4
70603145cf
bekkalokk/website: add sp metadata for all domains 2024-04-14 17:06:01 +02:00
Felix Albrigtsen
1e4195ea9d bekkalokk: pvv-nettsiden-gallery: Improve thumbnail generation 2024-04-14 02:04:45 +02:00
Daniel Olsen
ee335e3712 bicep/synapse: fix registering users via smtp 2024-04-14 01:52:17 +02:00
h7x4
5bed292a01
bekkalokk/gitea: move user import stuff to separate nix file 2024-04-11 21:47:44 +02:00
h7x4
36b7087a3f
base.nix: hotfix for hotfix for nginx on bicep (3352e48f) 
Turns out the settings were in biceps local nginx config
 2024-04-11 20:41:02 +02:00
oysteikt
1919da7a1c bicep/matrix: remove SAML authentication 2024-04-11 19:55:10 +02:00
h7x4
0950fedf98 bekkalokk/website: fix some nginx location directives 2024-04-11 13:21:11 +02:00
h7x4
614c2d624c
bekkalokk/webmail: add redirects for old webmail locations 2024-04-11 10:47:13 +02:00
Daniel Olsen
db211c2304 bekkalokk/website: don't try to listen for ntnu.org 2024-04-11 05:31:33 +02:00
Felix Albrigtsen
79bf307ef2 bekkalokk: Reconfigure www ingress 2024-04-11 00:48:07 +02:00
Felix Albrigtsen
4d50efc6db Finalize www/idp/webmail migration from spikkjeposche to bekkalokk 2024-04-10 23:31:04 +02:00
h7x4
9577477460 bekkalokk/nettsiden: add secrets 2024-04-10 23:04:20 +02:00
Felix Albrigtsen
fc19a8f1e1 bekkalokk: Automatically unpack pvv-nettsiden/gallery and generate thumbnails 2024-04-10 23:04:20 +02:00
h7x4
8657e77514 bekkalokk: set up pvv-nettsiden 2024-04-10 23:04:18 +02:00
h7x4
065992620e treewide: nginx optimizations 2024-04-10 22:06:44 +02:00
h7x4
fbbc54328b gitea: add theming module 2024-04-09 01:52:57 +02:00
h7x4
42fd371c3b
mediawiki: restart phpfpm on updated secrets 2024-04-06 23:57:37 +02:00
h7x4
6e1b06731f bekkalokk: add VisualEditor to mediawiki extensions 2024-04-06 21:09:01 +02:00
Felix Albrigtsen
2cb7e06369
bekkalokk/mediawiki: fix path, upgrade security 2024-04-03 08:29:19 +02:00
h7x4
a55c908fe7
bekkalokk/mediawiki: change domain from wiki2 to wiki 2024-04-02 19:54:28 +02:00
h7x4
d531419f35 bekkalokk: init mediawiki 
Co-authored-by: Jørn Åne <yorinad@pvv.ntnu.no>
 2024-04-01 23:57:39 +02:00
h7x4
806b18ede8 bekkalokk: init idp-simplesamlphp 2024-04-01 23:57:39 +02:00
h7x4
9495682f57 bekkalokk: package mediawiki extensions outside of module 2024-04-01 00:39:12 +02:00
h7x4
266ce9ed08 bekkalokk: set up kerberos client 2024-04-01 00:38:49 +02:00
Daniel Olsen
7c6d4d31c7 bicep/matrix/element: update room directories 2024-03-05 05:52:31 +01:00
Daniel Olsen
9f46be1ca1 bicep/matrix: update element lab flags and room directoriy listings 2024-03-05 05:28:23 +01:00
jovre
545583cf04 bekkalokk/gitea: Do not change the user visibility 2024-03-03 00:29:24 +01:00
Felix Albrigtsen
62b269637a bekkalokk/gitea: unset visibility when updating users 2024-02-12 11:24:14 +01:00
Adrian Gunnar Lauterer
7fd9a1e646
started on bikkje container for new loginbox - work in progress 2024-01-07 01:21:11 +01:00
Daniel Olsen
4ea90380ad bicep/matrix: use synapse package from stable 
It's fixed now
 2023-12-16 00:22:02 +01:00
Felix Albrigtsen
80ef1ce4fa Buskerud: Remove OV-link, general cleanup 2023-12-12 15:27:20 +01:00
Felix Albrigtsen
2b834eee14 Buskerud: Comment out openvpn-client 2023-12-12 11:39:33 +01:00
Daniel Olsen
dd8b677a79 buskerud: bootloader - 3.3TB, OS - 256GB 👍 2023-12-10 05:27:58 +01:00
Daniel Olsen
eabd8df3d8 bicep/matrix: use package with fixed pythonEnv 2023-12-10 04:32:26 +01:00
h7x4
0b5e03471f
upgrade to nixpkgs 23.11 2023-12-05 00:36:09 +01:00
Daniel Lovbrotte Olsen
d8031ecca1 Merge pull request 'replace-knakelibrak-nginx-reverse-proxy' (#18) from replace-knakelibrak-nginx-reverse-proxy into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/18
 2023-12-03 07:01:13 +01:00
h7x4
8ced91a285
hosts/buskerud: init 
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
 2023-11-30 19:42:05 +01:00
Daniel Olsen
1ef033c754
bekkalokk/ingress: proxy matrix well-known files to bicep 2023-11-28 10:24:18 +01:00
Felix Albrigtsen
d900dc1b1b
Redirect subpages like ./well-known, add @-domains 2023-11-28 10:24:18 +01:00
h7x4
d5985e02f3
Prepare to replace knakelibrak 
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
 2023-11-28 10:23:02 +01:00
Daniel Olsen
2c42b120a6 Merge branch 'extend_smtp' 2023-11-28 08:39:15 +01:00
Daniel Olsen
27ba3f7a7f bicep/matrix: serve server well-known 2023-11-28 08:36:56 +01:00
Daniel Olsen
c1c58122ea bicep/matrix: Improve flexibility of username login 
It should be possible to log in  with @username:pvv.ntnu.no now
That way client well-known in third party clients will work

it might also fix the weird logout of session issues in element
 2023-11-28 05:14:04 +01:00
Oystein Kristoffer Tveit
54a54ad0f5 Merge pull request 'Roundcube testing on bekkalokk now working.' (#14) from roundcube into main 
Reviewed-on: https://bekkalokk.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/14
 2023-11-26 05:17:28 +01:00
h7x4
2a1e649eed bekkalokk: fix roundcube, and move to webmail2.pvv.ntnu.no/roundcube 2023-11-26 05:05:15 +01:00
Daniel Olsen
d7638138ed brzeczyszczykiewicz: add bokhylle as alias for the grzegorz service 2023-11-26 02:36:23 +01:00
Adrian Gunnar Lauterer
c8d383c9ab bekkalokk-roundcube init at roundcube.pvv.ntnu.no 2023-11-25 21:23:06 +01:00
Daniel Olsen
c4df999058 bob: init 
Cool beeg nix builder
for now anyways
 2023-11-05 06:06:57 +01:00
h7x4
3caa66fb64
rename input: unstable -> nixpkgs-unstable 2023-11-05 01:22:48 +01:00
Daniel Olsen
b458801f95 Revert "bekkalokk: add wackattack ctf systemd service" 
CTF is over

This reverts commit fa843c4a59.
 2023-10-30 09:03:27 +01:00
h7x4
fa843c4a59
bekkalokk: add wackattack ctf systemd service 2023-10-26 22:10:30 +02:00
Daniel Olsen
e07945d49c bicep/matrix: enable sliding sync 2023-10-22 02:33:40 +02:00
Daniel Olsen
32885891fe bicep/matrix: enable smtp auth 
yolo lmao
 2023-10-22 01:59:25 +02:00
Daniel Olsen
9b44087693 bekkalokk/gitea: make import user script run by default 
Systemd stuff are generally turned on by default but need to be wanted

Much like me
 2023-10-14 22:47:56 +02:00
Daniel Olsen
be341622fe georg: init 2023-09-17 04:57:30 +02:00
Daniel Olsen
87a7b17b49 brzeczyszczykiewicz: init 2023-09-17 04:57:30 +02:00
h7x4
5c529a0233 Fix gitea runners, add 2 more 
The gitea runners are now activated correctly,
has support for both debian and ubuntu based systems,
and can will connect to the gitea server through the
loopback interface
 2023-09-17 04:05:08 +02:00
Oystein Kristoffer Tveit
bc678b5d51 Merge pull request 'Bekkalokk: Enable podman' (#11) from add-gitea-ci into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/11
 2023-09-16 22:38:23 +02:00
Amalie Mansåker
ade2f6f5c9 Bekkalokk: Enable podman 2023-09-16 22:38:15 +02:00
Oystein Kristoffer Tveit
5c37b71646 Merge pull request 'Setup gitea action runner' (#10) from add-gitea-ci into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/10
 2023-09-16 22:31:22 +02:00
Amalie Mansåker
76f18b459c Setup gitea action runner 2023-09-16 22:26:44 +02:00
Oystein Kristoffer Tveit
97cd5a235f Merge pull request 'Gitea enabled actions' (#9) from add-gitea-ci into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/9
 2023-09-16 21:51:43 +02:00
Amalie Mansåker
e5fac39ce8 Enabled actions 2023-09-16 21:51:13 +02:00
Daniel Olsen
f53c0c6eb5 bicep/synapse: Move database configuration out of secrets 2023-09-16 21:38:39 +02:00
Daniel Olsen
816997b74f bicep/nginx: increase workers and enable modern compression 
Should decrease latency
 2023-09-13 11:01:09 +02:00
Daniel Olsen
06322a26fc bicep/postgres: enable jit again, make more memory available 2023-09-13 05:22:23 +02:00
Daniel Olsen
a58101bfbc Remove deprecated hosts and clean up 2023-09-13 05:03:57 +02:00
Daniel Olsen
d3b363b028 bicep: Remove deprecated grub version option 2023-09-13 04:54:46 +02:00
Daniel Olsen
4a6ea9be2d bicep/synapse: define registration secret properly 2023-09-13 04:53:56 +02:00
Daniel Olsen
f92ebbee16 bicep/synapse: use postgres unix socket 2023-09-13 04:16:22 +02:00
Daniel Olsen
201e3d306b bicep: Revert postgres socket stuff 2023-09-13 03:58:29 +02:00
Daniel Olsen
437219bb68 bicep/postgres: Enable unix socket auth 2023-09-13 00:52:27 +02:00
Felix Albrigtsen
d96c30bbd5 Fix calendar-bot timer 2023-09-12 18:23:20 +02:00
Felix Albrigtsen
36b768b3b2 ( ͡° ͜ʖ ͡°) 2023-09-08 02:33:22 +02:00
Felix Albrigtsen
9f36bd86a8 Update calendar bot details 2023-09-08 02:25:23 +02:00
Felix Albrigtsen
1370ccddf8 Initialize host: shark 2023-09-08 02:11:02 +02:00
Daniel Lovbrotte Olsen
cfcd230678 Merge pull request 'Fix gitea on bekkalokk' (#7) from configure-gitea into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/7
 2023-09-07 18:54:24 +02:00
h7x4
1afc8841a9
bekkalokk/nginx: remove commented virtualhost for mediawiki 2023-09-07 18:53:05 +02:00
h7x4
b4b6b4971a
bekkalokk/gitea: misc changes 
- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields
 2023-09-07 18:53:05 +02:00
oysteikt
b52753987d
bicep: use mysql on bicep as production server 2023-09-07 18:40:13 +02:00
Felix Albrigtsen
3beb76e411 Add pvv-calendar-bot to bicep 2023-08-27 02:36:01 +02:00
Daniel Olsen
bfe94003c4 bicep/matrix/discord: enable legacy authorization because old mx-puppet-discord 😭 2023-08-18 00:54:06 +02:00
oysteikt
a5c83866ca bicep: setup ACME cert for postgres 2023-08-12 02:55:20 +02:00
oysteikt
34a16149f8 ildkule: add config for prometheus_mysqld_exporter 
There's a PR waiting to add this module to nixpkgs,
so we should enable this once it gets merged.
 2023-07-10 00:06:27 +02:00
oysteikt
998e66db65 bicep: enable mysql 2023-07-10 00:06:09 +02:00
Daniel Olsen
699569249a ildkule: adjust matrix version annotations for nixos matrix module 2023-06-20 14:01:44 +02:00
Daniel Olsen
e73b7d2cd1 ildule: fix upstream dashboard variables 2023-06-20 13:46:00 +02:00
Daniel Olsen
ff30477e86 ildule: Update matrix dashboard from upstream 2023-06-20 13:20:42 +02:00
Felix Albrigtsen
8f55ef3193 Bekkalokk: Configure Gitea, clean web services 
Update bekkalokk secrets format

Update gitea keys and firewall rules

Create gitea-user-import script

Fix SSH host key verification

Gitea-import-users bug squashification

Fix Gitea-import SSH problems
 2023-06-05 19:41:25 +02:00
Daniel Olsen
d694724f5c bicep/synapse: Set event cache to 20K 
This is double the cache from default
changed because we're seeing periodic cpu spikes
with this cache beeing the main one missing
 2023-05-26 02:22:18 +02:00
Daniel Olsen
68ce7acebb Revert "bicep: Emergency fix for matrix postgres auth" 
This reverts commit fdbcd8c884.

This was not it
 2023-05-23 05:12:46 +02:00
Daniel Olsen
fdbcd8c884 bicep: Emergency fix for matrix postgres auth 
I think
 2023-05-23 04:59:34 +02:00
Daniel Olsen
815063744b bicep/postgres: Remove jit setting 
The nixos build of postgres doesn't support it anyways
 2023-05-23 04:57:18 +02:00
Daniel Olsen
dfd827ee74 Clean up jokum removal 2023-05-23 04:29:45 +02:00
Felix Albrigtsen
9ccfb6cbed Merge branch 'bekkalokk-metrics' 2023-05-21 04:04:29 +02:00
Felix Albrigtsen
1335ab1d4b Add metrics exporters to bekkalokk 2023-05-21 04:03:14 +02:00
felixalb
69be23712f Merge branch 'bicep-metrics' of Drift/pvv-nixos-config into main 2023-05-21 03:47:53 +02:00
Felix Albrigtsen
ce58f91e16 Add metrics exporters to bicep 2023-05-21 03:47:02 +02:00
Felix Albrigtsen
8ccf9e9298 Update keys and re-enable web services 2023-05-21 02:29:14 +02:00
Felix Albrigtsen
8b70d84f41 bekkalokk: hardware-config for baremetal 2023-05-21 00:06:25 +02:00
h7x4
cd0c8c8198
bekkalokk: continue work on mediawiki service 2023-05-19 03:03:47 +02:00
h7x4
c11a804097
bicep: set up mysql/mariadb 2023-05-18 15:40:13 +02:00
Daniel Olsen
4ff5da28c4 bicep: nginx listen on bicep ip 2023-05-08 03:38:59 +02:00
Daniel Olsen
ee73a964be move matrix to bicep 2023-05-08 03:38:59 +02:00
h7x4
dcbe6871da
bekkalokk: setup keycloak 2023-05-07 00:34:42 +02:00
h7x4
0e75e0a5b9
bicep: add backup service 2023-05-06 19:07:10 +02:00
Daniel Olsen
f77a5e946f bicep: mount /data 2023-04-08 05:23:01 +02:00
Daniel Olsen
bac67ee123 bicep: don't wait for all interfaces and especially not jokums 2023-04-07 04:53:36 +02:00
Daniel Olsen
38e3202c9e Move more of jokum 
slightly less stupid this time
 2023-03-26 14:44:58 +02:00
Daniel Olsen
7620fb3dee move jokum to nixos bicep 2023-03-26 06:36:04 +02:00
h7x4
dfe8b8b44c
bicep: added postgres settings 2023-03-26 01:50:00 +01:00
h7x4
169f774e81
bicep dead, but maybe soon bicep alive 2023-03-26 01:09:44 +01:00
Felix Albrigtsen
2568800794 Add andresbu to node-exporter targets 2023-03-12 00:41:36 +01:00
Daniel Olsen
d9c19385fa synapse: cache more event_auth 2023-03-08 03:18:57 +01:00
Daniel Olsen
70f4777696 fix synapse dashboard 2023-03-04 05:11:40 +01:00
Daniel Olsen
db69d28b42 Revert "metrics: Fix Synapse dashboard" 
This reverts commit beb8df8fc7.
 2023-03-04 03:14:54 +01:00
Daniel Olsen
8f23d7ba06 jokum: don't use host resolv.conf 2023-03-04 03:04:32 +01:00
Daniel Olsen
3252a3b5d1 turn on jokum 2023-03-04 02:03:37 +01:00
Daniel Olsen
8e819b5546 fix ip for bekkalokk 2023-03-04 00:57:28 +01:00
Daniel Olsen
6cf831a347 switch to networkd 2023-03-04 00:44:30 +01:00
Daniel Olsen
af955c88f8 jokum: move to systemd-nspawn container on bicep 2023-02-26 19:23:00 +01:00
Daniel Olsen
eed3c9b05f matrix: Point mjolnir directly at synapse so it can use the admin api 2023-02-13 03:42:52 +01:00
Daniel Olsen
7a9759ef71 matrix: Add mjolnir as a moderation bot 2023-02-13 02:34:11 +01:00
Daniel Olsen
4684cd239a matrix: enable shared secret registration 2023-02-13 00:58:15 +01:00
Daniel Olsen
c0c0dea069 tune worker distribution post fosdem and turning off prescence 2023-02-06 02:11:07 +01:00
Daniel Olsen
9c18a87866 element: disable presence if disabled in synapse 2023-02-02 18:51:47 +01:00
Daniel Olsen
73aa42a5f5 synapse: Disable presence 
For now at least until we move to a stronger
machine.

Most large servers don't have this enabled.
 2023-02-02 18:39:08 +01:00
Daniel Olsen
eade192132 synapse: bump federation receiver count to 3 2023-02-02 00:35:26 +01:00
Daniel Olsen
beb8df8fc7 metrics: Fix Synapse dashboard 
Some of the panels were set to the wrong
datasource

Additionally since we don't do MAU limits,
I moved the relevant MAU panel to Overview
 2023-02-01 22:54:54 +01:00
Daniel Olsen
1a424c79fe synapse: track monthly active users 2023-02-01 19:42:49 +01:00
h7x4
796155481f
Add host bekkalokk 
`bekkalokk` is a new machine, meant to host web services and eventually
miscellaneous services.
 2023-01-29 01:51:35 +01:00
h7x4
efc8eb7ffc
ildkule: add postgres exporter for knakelibrak 2023-01-26 02:16:52 +01:00
Felix Albrigtsen
84b57bb4db Provision go dashboard for gogs 2023-01-23 14:48:26 +01:00
Felix Albrigtsen
b4e74a3959 Add node and gogs metrics collection to prometheus 2023-01-23 13:12:46 +01:00
h7x4
a78f120a65
explicitly state nginx listen addresses 2023-01-22 17:46:48 +01:00
h7x4
3880190577
ildkule: add postgres dashboard to grafana 2023-01-22 02:28:19 +01:00
h7x4
171fea39bc
ildkule: switch grafana db from sqlite to postgres 2023-01-22 02:18:21 +01:00