Commit Graph

266 Commits

Author SHA1 Message Date
h7x4 806b18ede8 bekkalokk: init idp-simplesamlphp 2024-04-01 23:57:39 +02:00
h7x4 9495682f57 bekkalokk: package mediawiki extensions outside of module 2024-04-01 00:39:12 +02:00
h7x4 266ce9ed08 bekkalokk: set up kerberos client 2024-04-01 00:38:49 +02:00
Daniel Olsen 7c6d4d31c7 bicep/matrix/element: update room directories 2024-03-05 05:52:31 +01:00
Daniel Olsen 9f46be1ca1 bicep/matrix: update element lab flags and room directoriy listings 2024-03-05 05:28:23 +01:00
jovre 545583cf04 bekkalokk/gitea: Do not change the user visibility 2024-03-03 00:29:24 +01:00
Felix Albrigtsen 62b269637a bekkalokk/gitea: unset visibility when updating users 2024-02-12 11:24:14 +01:00
Adrian Gunnar Lauterer 7fd9a1e646
started on bikkje container for new loginbox - work in progress 2024-01-07 01:21:11 +01:00
Daniel Olsen 4ea90380ad bicep/matrix: use synapse package from stable
It's fixed now
2023-12-16 00:22:02 +01:00
Felix Albrigtsen 80ef1ce4fa Buskerud: Remove OV-link, general cleanup 2023-12-12 15:27:20 +01:00
Felix Albrigtsen 2b834eee14 Buskerud: Comment out openvpn-client 2023-12-12 11:39:33 +01:00
Daniel Olsen dd8b677a79 buskerud: bootloader - 3.3TB, OS - 256GB 👍 2023-12-10 05:27:58 +01:00
Daniel Olsen eabd8df3d8 bicep/matrix: use package with fixed pythonEnv 2023-12-10 04:32:26 +01:00
h7x4 0b5e03471f
upgrade to nixpkgs 23.11 2023-12-05 00:36:09 +01:00
Daniel Lovbrotte Olsen d8031ecca1 Merge pull request 'replace-knakelibrak-nginx-reverse-proxy' (#18) from replace-knakelibrak-nginx-reverse-proxy into main
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/18
2023-12-03 07:01:13 +01:00
h7x4 8ced91a285
hosts/buskerud: init
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
2023-11-30 19:42:05 +01:00
Daniel Olsen 1ef033c754
bekkalokk/ingress: proxy matrix well-known files to bicep 2023-11-28 10:24:18 +01:00
Felix Albrigtsen d900dc1b1b
Redirect subpages like ./well-known, add @-domains 2023-11-28 10:24:18 +01:00
h7x4 d5985e02f3
Prepare to replace knakelibrak
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
2023-11-28 10:23:02 +01:00
Daniel Olsen 2c42b120a6 Merge branch 'extend_smtp' 2023-11-28 08:39:15 +01:00
Daniel Olsen 27ba3f7a7f bicep/matrix: serve server well-known 2023-11-28 08:36:56 +01:00
Daniel Olsen c1c58122ea bicep/matrix: Improve flexibility of username login
It should be possible to log in  with @username:pvv.ntnu.no now
That way client well-known in third party clients will work

it might also fix the weird logout of session issues in element
2023-11-28 05:14:04 +01:00
Oystein Kristoffer Tveit 54a54ad0f5 Merge pull request 'Roundcube testing on bekkalokk now working.' (#14) from roundcube into main
Reviewed-on: https://bekkalokk.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/14
2023-11-26 05:17:28 +01:00
h7x4 2a1e649eed bekkalokk: fix roundcube, and move to webmail2.pvv.ntnu.no/roundcube 2023-11-26 05:05:15 +01:00
Daniel Olsen d7638138ed brzeczyszczykiewicz: add bokhylle as alias for the grzegorz service 2023-11-26 02:36:23 +01:00
Adrian Gunnar Lauterer c8d383c9ab bekkalokk-roundcube init at roundcube.pvv.ntnu.no 2023-11-25 21:23:06 +01:00
Daniel Olsen c4df999058 bob: init
Cool beeg nix builder
for now anyways
2023-11-05 06:06:57 +01:00
h7x4 3caa66fb64
rename input: unstable -> nixpkgs-unstable 2023-11-05 01:22:48 +01:00
Daniel Olsen b458801f95 Revert "bekkalokk: add wackattack ctf systemd service"
CTF is over

This reverts commit fa843c4a59.
2023-10-30 09:03:27 +01:00
h7x4 fa843c4a59
bekkalokk: add wackattack ctf systemd service 2023-10-26 22:10:30 +02:00
Daniel Olsen e07945d49c bicep/matrix: enable sliding sync 2023-10-22 02:33:40 +02:00
Daniel Olsen 32885891fe bicep/matrix: enable smtp auth
yolo lmao
2023-10-22 01:59:25 +02:00
Daniel Olsen 9b44087693 bekkalokk/gitea: make import user script run by default
Systemd stuff are generally turned on by default but need to be wanted

Much like me
2023-10-14 22:47:56 +02:00
Daniel Olsen be341622fe georg: init 2023-09-17 04:57:30 +02:00
Daniel Olsen 87a7b17b49 brzeczyszczykiewicz: init 2023-09-17 04:57:30 +02:00
h7x4 5c529a0233 Fix gitea runners, add 2 more
The gitea runners are now activated correctly,
has support for both debian and ubuntu based systems,
and can will connect to the gitea server through the
loopback interface
2023-09-17 04:05:08 +02:00
Oystein Kristoffer Tveit bc678b5d51 Merge pull request 'Bekkalokk: Enable podman' (#11) from add-gitea-ci into main
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/11
2023-09-16 22:38:23 +02:00
Amalie Mansåker ade2f6f5c9 Bekkalokk: Enable podman 2023-09-16 22:38:15 +02:00
Oystein Kristoffer Tveit 5c37b71646 Merge pull request 'Setup gitea action runner' (#10) from add-gitea-ci into main
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/10
2023-09-16 22:31:22 +02:00
Amalie Mansåker 76f18b459c Setup gitea action runner 2023-09-16 22:26:44 +02:00
Oystein Kristoffer Tveit 97cd5a235f Merge pull request 'Gitea enabled actions' (#9) from add-gitea-ci into main
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/9
2023-09-16 21:51:43 +02:00
Amalie Mansåker e5fac39ce8 Enabled actions 2023-09-16 21:51:13 +02:00
Daniel Olsen f53c0c6eb5 bicep/synapse: Move database configuration out of secrets 2023-09-16 21:38:39 +02:00
Daniel Olsen 816997b74f bicep/nginx: increase workers and enable modern compression
Should decrease latency
2023-09-13 11:01:09 +02:00
Daniel Olsen 06322a26fc bicep/postgres: enable jit again, make more memory available 2023-09-13 05:22:23 +02:00
Daniel Olsen a58101bfbc Remove deprecated hosts and clean up 2023-09-13 05:03:57 +02:00
Daniel Olsen d3b363b028 bicep: Remove deprecated grub version option 2023-09-13 04:54:46 +02:00
Daniel Olsen 4a6ea9be2d bicep/synapse: define registration secret properly 2023-09-13 04:53:56 +02:00
Daniel Olsen f92ebbee16 bicep/synapse: use postgres unix socket 2023-09-13 04:16:22 +02:00
Daniel Olsen 201e3d306b bicep: Revert postgres socket stuff 2023-09-13 03:58:29 +02:00
Daniel Olsen 437219bb68 bicep/postgres: Enable unix socket auth 2023-09-13 00:52:27 +02:00
Felix Albrigtsen d96c30bbd5 Fix calendar-bot timer 2023-09-12 18:23:20 +02:00
Felix Albrigtsen 36b768b3b2 ( ͡° ͜ʖ ͡°) 2023-09-08 02:33:22 +02:00
Felix Albrigtsen 9f36bd86a8 Update calendar bot details 2023-09-08 02:25:23 +02:00
Felix Albrigtsen 1370ccddf8 Initialize host: shark 2023-09-08 02:11:02 +02:00
Daniel Lovbrotte Olsen cfcd230678 Merge pull request 'Fix gitea on bekkalokk' (#7) from configure-gitea into main
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/7
2023-09-07 18:54:24 +02:00
h7x4 1afc8841a9
bekkalokk/nginx: remove commented virtualhost for mediawiki 2023-09-07 18:53:05 +02:00
h7x4 b4b6b4971a
bekkalokk/gitea: misc changes
- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields
2023-09-07 18:53:05 +02:00
oysteikt b52753987d
bicep: use mysql on bicep as production server 2023-09-07 18:40:13 +02:00
Felix Albrigtsen 3beb76e411 Add pvv-calendar-bot to bicep 2023-08-27 02:36:01 +02:00
Daniel Olsen bfe94003c4 bicep/matrix/discord: enable legacy authorization because old mx-puppet-discord 😭 2023-08-18 00:54:06 +02:00
oysteikt a5c83866ca bicep: setup ACME cert for postgres 2023-08-12 02:55:20 +02:00
oysteikt 34a16149f8 ildkule: add config for prometheus_mysqld_exporter
There's a PR waiting to add this module to nixpkgs,
so we should enable this once it gets merged.
2023-07-10 00:06:27 +02:00
oysteikt 998e66db65 bicep: enable mysql 2023-07-10 00:06:09 +02:00
Daniel Olsen 699569249a ildkule: adjust matrix version annotations for nixos matrix module 2023-06-20 14:01:44 +02:00
Daniel Olsen e73b7d2cd1 ildule: fix upstream dashboard variables 2023-06-20 13:46:00 +02:00
Daniel Olsen ff30477e86 ildule: Update matrix dashboard from upstream 2023-06-20 13:20:42 +02:00
Felix Albrigtsen 8f55ef3193 Bekkalokk: Configure Gitea, clean web services
Update bekkalokk secrets format

Update gitea keys and firewall rules

Create gitea-user-import script

Fix SSH host key verification

Gitea-import-users bug squashification

Fix Gitea-import SSH problems
2023-06-05 19:41:25 +02:00
Daniel Olsen d694724f5c bicep/synapse: Set event cache to 20K
This is double the cache from default
changed because we're seeing periodic cpu spikes
with this cache beeing the main one missing
2023-05-26 02:22:18 +02:00
Daniel Olsen 68ce7acebb Revert "bicep: Emergency fix for matrix postgres auth"
This reverts commit fdbcd8c884.

This was not it
2023-05-23 05:12:46 +02:00
Daniel Olsen fdbcd8c884 bicep: Emergency fix for matrix postgres auth
I think
2023-05-23 04:59:34 +02:00
Daniel Olsen 815063744b bicep/postgres: Remove jit setting
The nixos build of postgres doesn't support it anyways
2023-05-23 04:57:18 +02:00
Daniel Olsen dfd827ee74 Clean up jokum removal 2023-05-23 04:29:45 +02:00
Felix Albrigtsen 9ccfb6cbed Merge branch 'bekkalokk-metrics' 2023-05-21 04:04:29 +02:00
Felix Albrigtsen 1335ab1d4b Add metrics exporters to bekkalokk 2023-05-21 04:03:14 +02:00
felixalb 69be23712f Merge branch 'bicep-metrics' of Drift/pvv-nixos-config into main 2023-05-21 03:47:53 +02:00
Felix Albrigtsen ce58f91e16 Add metrics exporters to bicep 2023-05-21 03:47:02 +02:00
Felix Albrigtsen 8ccf9e9298 Update keys and re-enable web services 2023-05-21 02:29:14 +02:00
Felix Albrigtsen 8b70d84f41 bekkalokk: hardware-config for baremetal 2023-05-21 00:06:25 +02:00
h7x4 cd0c8c8198
bekkalokk: continue work on mediawiki service 2023-05-19 03:03:47 +02:00
h7x4 c11a804097
bicep: set up mysql/mariadb 2023-05-18 15:40:13 +02:00
Daniel Olsen 4ff5da28c4 bicep: nginx listen on bicep ip 2023-05-08 03:38:59 +02:00
Daniel Olsen ee73a964be move matrix to bicep 2023-05-08 03:38:59 +02:00
h7x4 dcbe6871da
bekkalokk: setup keycloak 2023-05-07 00:34:42 +02:00
h7x4 0e75e0a5b9
bicep: add backup service 2023-05-06 19:07:10 +02:00
Daniel Olsen f77a5e946f bicep: mount /data 2023-04-08 05:23:01 +02:00
Daniel Olsen bac67ee123 bicep: don't wait for all interfaces and especially not jokums 2023-04-07 04:53:36 +02:00
Daniel Olsen 38e3202c9e Move more of jokum
slightly less stupid this time
2023-03-26 14:44:58 +02:00
Daniel Olsen 7620fb3dee move jokum to nixos bicep 2023-03-26 06:36:04 +02:00
h7x4 dfe8b8b44c
bicep: added postgres settings 2023-03-26 01:50:00 +01:00
h7x4 169f774e81
bicep dead, but maybe soon bicep alive 2023-03-26 01:09:44 +01:00
Felix Albrigtsen 2568800794 Add andresbu to node-exporter targets 2023-03-12 00:41:36 +01:00
Daniel Olsen d9c19385fa synapse: cache more event_auth 2023-03-08 03:18:57 +01:00
Daniel Olsen 70f4777696 fix synapse dashboard 2023-03-04 05:11:40 +01:00
Daniel Olsen db69d28b42 Revert "metrics: Fix Synapse dashboard"
This reverts commit beb8df8fc7.
2023-03-04 03:14:54 +01:00
Daniel Olsen 8f23d7ba06 jokum: don't use host resolv.conf 2023-03-04 03:04:32 +01:00
Daniel Olsen 3252a3b5d1 turn on jokum 2023-03-04 02:03:37 +01:00
Daniel Olsen 8e819b5546 fix ip for bekkalokk 2023-03-04 00:57:28 +01:00
Daniel Olsen 6cf831a347 switch to networkd 2023-03-04 00:44:30 +01:00
Daniel Olsen af955c88f8 jokum: move to systemd-nspawn container on bicep 2023-02-26 19:23:00 +01:00
Daniel Olsen eed3c9b05f matrix: Point mjolnir directly at synapse so it can use the admin api 2023-02-13 03:42:52 +01:00
Daniel Olsen 7a9759ef71 matrix: Add mjolnir as a moderation bot 2023-02-13 02:34:11 +01:00
Daniel Olsen 4684cd239a matrix: enable shared secret registration 2023-02-13 00:58:15 +01:00
Daniel Olsen c0c0dea069 tune worker distribution post fosdem and turning off prescence 2023-02-06 02:11:07 +01:00
Daniel Olsen 9c18a87866 element: disable presence if disabled in synapse 2023-02-02 18:51:47 +01:00
Daniel Olsen 73aa42a5f5 synapse: Disable presence
For now at least until we move to a stronger
machine.

Most large servers don't have this enabled.
2023-02-02 18:39:08 +01:00
Daniel Olsen eade192132 synapse: bump federation receiver count to 3 2023-02-02 00:35:26 +01:00
Daniel Olsen beb8df8fc7 metrics: Fix Synapse dashboard
Some of the panels were set to the wrong
datasource

Additionally since we don't do MAU limits,
I moved the relevant MAU panel to Overview
2023-02-01 22:54:54 +01:00
Daniel Olsen 1a424c79fe synapse: track monthly active users 2023-02-01 19:42:49 +01:00
h7x4 796155481f
Add host `bekkalokk`
`bekkalokk` is a new machine, meant to host web services and eventually
miscellaneous services.
2023-01-29 01:51:35 +01:00
h7x4 efc8eb7ffc
ildkule: add postgres exporter for knakelibrak 2023-01-26 02:16:52 +01:00
Felix Albrigtsen 84b57bb4db Provision go dashboard for gogs 2023-01-23 14:48:26 +01:00
Felix Albrigtsen b4e74a3959 Add node and gogs metrics collection to prometheus 2023-01-23 13:12:46 +01:00
h7x4 a78f120a65
explicitly state nginx listen addresses 2023-01-22 17:46:48 +01:00
h7x4 3880190577
ildkule: add postgres dashboard to grafana 2023-01-22 02:28:19 +01:00
h7x4 171fea39bc
ildkule: switch grafana db from sqlite to postgres 2023-01-22 02:18:21 +01:00
h7x4 2bc5d7d91e
ildkule: set up postgres metrics exporter 2023-01-22 00:47:22 +01:00
h7x4 a7408b8800
ildkule: restructure prometheus config 2023-01-21 20:08:36 +01:00
h7x4 ad75cb0c88
Restructure values file to separate hosts from services 2023-01-21 19:54:20 +01:00
Daniel Olsen 94fc936251 ildkule: use ip addressess from values.nix 2023-01-21 11:45:05 +01:00
Felix Albrigtsen ecfde9f56a Update ildkule IPv6-address 2023-01-20 11:40:42 +01:00
Daniel Olsen 1a0880086a metrics: use matrix-lib to simplify generation of prometheus scrape config 2023-01-20 08:24:02 +01:00
Daniel Olsen efed13c810 Revert "metrics: stop parsing prometheus labels from url"
This reverts commit 1524b6b10c.

Prometheus doesn't allow scraping from uris only socketAddresses
The relabeling is to change the internal labels to trick it to read
from a url
2023-01-20 05:04:16 +01:00
h7x4 1524b6b10c
metrics: stop parsing prometheus labels from url 2023-01-20 01:15:45 +01:00
Daniel Olsen 90e924c083 synapse: also generate metric config for the master node 2023-01-18 04:04:42 +01:00
h7x4 c8d26e3c81
synapse: generate metric endpoints automatically 2023-01-18 02:55:05 +01:00
Daniel Olsen 1330c9575f metrics/dashboards/synapse: update default timeframe 2023-01-17 18:57:32 +01:00
danio 4a82d22a56 Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main 2023-01-17 18:50:41 +01:00
Daniel Olsen 64d0253aa0 I dont think the nginx config verifier has caught a single configuration error ever 2023-01-17 18:47:08 +01:00
Daniel Olsen 1ea40456a5 add ipv6 to allowed ip addresses for metrics exporters 2023-01-17 18:23:42 +01:00
Daniel Olsen 524bbdb78b ildkule/dashboard/synapse: Make zooming out on the cpu graph aggregate max cpu instead of avg 2023-01-17 17:37:44 +01:00
Daniel Olsen 5b798b2f1d jokum: enable metric exporters 2023-01-17 17:28:47 +01:00
Daniel Olsen 96b6dee404 Add firewalling to metric exporters 2023-01-17 17:28:11 +01:00
Daniel Olsen e4cb215d39 Simplify networking configs
Introduces values.nix, a place to store information relevant across systems
2023-01-17 17:28:11 +01:00
Felix Albrigtsen e679c7d27a Add bicep and hildring to monitoring 2023-01-17 13:47:48 +01:00
Felix Albrigtsen 084313e01d Add ildkule to prometheus targets 2023-01-14 22:45:01 +01:00
Felix Albrigtsen 40c67c6153 Removed motd extras 2022-12-20 23:15:52 +01:00
Felix Albrigtsen f6cc25cdaf Add synapse monitoring with prometheus 2022-12-20 23:11:46 +01:00
Felix Albrigtsen a45a08db57 Cleanup ildkule configs 2022-12-20 23:11:46 +01:00
Felix Albrigtsen fcdce57a3d SSL and loki network config 2022-12-20 18:11:32 +01:00
Felix Albrigtsen c0b5932432 Improve grafana config, enable boltdb-shipper 2022-12-20 18:11:32 +01:00
Felix Albrigtsen ed46e9af61 Add a default dashboard 2022-12-20 18:11:32 +01:00
Felix Albrigtsen a2f71ba120 ildkule-grafana upgrades 2022-12-20 18:11:32 +01:00
Felix Albrigtsen 2236863f09 Add a new metrics stack 2022-12-20 18:11:32 +01:00
Felix Albrigtsen 1de68ee0e2 ildkule: hardware-configuration.nix 2022-12-20 18:11:28 +01:00
Felix Albrigtsen 1429a1b51b Simplify nginx on ildkule 2022-12-20 18:06:49 +01:00
Felix Albrigtsen 6b1f0eb090 Add host ildkule 2022-12-17 21:51:43 +01:00
Daniel Olsen 44f2b6d8d8 fed-sender2 metrics 2022-12-14 10:26:28 +01:00
Daniel Olsen 154e12e609 add another federation sender as one is being maxed out 2022-12-14 10:25:29 +01:00
Daniel Olsen 8a3219e8d1 user directory worker 2022-12-14 10:15:37 +01:00