Commit graph

582 commits

Author SHA1 Message Date
schweby
a2bd7880b4
hainich/docker: stop docker from loading iptables 2021-03-30 23:59:05 +02:00
schweby
c10caa5b0f
hainich/mattermost: disable container firewall 2021-03-30 23:57:52 +02:00
schweby
78e607a28d
hainich: block x_tables module
this also blocks the x_tables module to prent it from loading
ip_tables
2021-03-30 17:59:26 +02:00
schweby
8a17da7761
sources: update nix packages 2021-03-27 11:53:49 +01:00
schweby
d1e88ef87a
hainich/nginx: disable /var/secrets/ingest.conf
If the file in not present, the preExec check for the config fails and
disrupts the deploy.
Before readding make sure the file will always be present!
2021-03-27 11:48:43 +01:00
schweby
1064836092
Revert "security: remove hexchen"
This reverts commit bab826b1c7.
Also fixes hexchen nix due new logic
2021-03-26 22:04:27 +01:00
schweby
5579a60b4e
Revert "security: remove hexchen mail"
This reverts commit 32b5958279.
2021-03-26 21:53:17 +01:00
schweby
49fa714861
sources: update nix packages 2021-03-25 21:53:21 +01:00
011196f875
mattermost: disable analytics & telemetry
note that this ALSO disables the security alert features of mattermost [1],
which would send us alerts in case of security updates for our current
mattermost version. I have disabled it since it would send information
about our instance (including e.g. the current number of active users) to
mattermost every 24 hours.

Since we now essentially maintain our own set of mattermost packages, I
recommend at least some of us subscribe to the mattermost release blog [2],
and manually update the mattermost sources in `/pkgs/mattermost` as required
(I have done so already). The release blog is also available as an rss feed [3].

[1] https://docs.mattermost.com/administration/telemetry.html#security-update-check-feature
[2] https://mattermost.com/blog/category/releases
[3] https://mattermost.com/blog/category/releases/rss
2021-03-25 15:51:01 +01:00
d3af36bd3c
mattermost: update to version 5.30.3
This should be compatible with the version we currently use, and also include all hot-fixes
etc. which we definitely want to have.
2021-03-25 15:32:47 +01:00
stuebinm
d5cf2abccc
hainich: init mattermost beta 2021-03-24 22:37:38 +01:00
schweby
29e15bc2bd
sources: update nix packages 2021-03-24 22:22:10 +01:00
schweby
e4a0367a51
sources: remove unecessary refs 2021-03-24 21:30:06 +01:00
schweby
b604cee52a
hainich/minecraft: Update to paper 1.16.6-167 2021-03-24 21:13:26 +01:00
schweby
077e8264f7
hainich/hasenloch: set config suitable for r2r 2021-03-24 19:28:22 +01:00
schweby
f54be467b8
hainich/hasenloch: update to r2r version
to update to this version removal of the cache at
*engelsystem/storage/cache is necessary for the site to work
2021-03-24 19:19:33 +01:00
schweby
99d534586a
hainich/minecraft: update to paper 1.16.5-562 2021-03-20 17:09:58 +01:00
schweby
8377d27b87 hainich: init minecraft server
this server replaces the vanilla minecraft server on libocedrus
2021-03-20 16:59:47 +01:00
schweby
071f135ef4
hainich: Blacklist ip_tables and ip6_tables
Prevent **something** (docker) from loading the iptables kernel modules
and breaking nftables
2021-03-20 16:56:56 +01:00
schweby
233ffdd769
hainich/nginx: redirect hacc.space to hacc.earth
redirect was previously managed on libocerus
hacc.space now points to hainich
2021-03-18 19:12:14 +01:00
schweby
77c06c5509
hainich/nginx: let all empty subdomains 404
* make hainich.hacc.space the default virtualHost for nginx
if no host is running on that subdomain, this will be shown
* disable SSL, so no pesky SSL error for empty subdomains anymore
* remove lots of unneeded brackes and semicolons
2021-03-18 19:04:00 +01:00
schweby
94eafe59d2
hainich/nginx: remove rc3 cluster site 2021-03-18 19:01:44 +01:00
dbbdde76c7
mumble.hacc.space: move site from gitlab into nix derivation
Since the delivery of mumble.hacc.space/murmur.hacc.space via gitlab pages
broke (for whatever reason), I've packaged the site into an ad-hoc nix
derivation, which is now delivered locally by nginx instead. This has a
couple benefits (mainly that we no longer depend on gitlab pages), but
also the downside that we can't just update the site via gitlab's CI/CD
pipelines anymore.
2021-03-17 22:35:51 +01:00
schweby
32b5958279 security: remove hexchen mail 2021-03-13 00:27:53 +01:00
schweby
bab826b1c7 security: remove hexchen 2021-03-12 23:53:51 +01:00
schweby
db51a3adde common: set schweby's shell to fish 2021-03-12 12:28:26 +01:00
faee8da700 nixda: bump version of obs to nixpkgs/unstable 2021-03-11 00:12:08 +01:00
schweby
2d4309fdf4 hainich: init workadventure 2021-03-11 00:11:51 +01:00
schweby
d11ca2bb3e sources: update nix packages 2021-03-10 20:59:23 +01:00
hexchen
b186473e68 sources: update nix-hexchen
lots of fancy new stuff, but most importantly: we no longer import all
of my user config, just the very base.

none of that fancy stuff is active right now, this should mostly be a
no-op unless we do the same restructure that i have just done in my
nixfiles here as well.
2021-03-10 20:58:31 +01:00
hexchen
6f2cc7bf7f hainich: remove obsolete nginx host 2021-03-09 10:10:03 +00:00
hexchen
bc58060390 mail: update rinderhacc password and alias 2021-03-09 10:03:18 +00:00
hexchen
6b055167e3 sources: update nix-hexchen 2021-03-01 13:08:34 +00:00
schweby
cd3efc616d updated nix packages 2021-02-24 21:42:02 +00:00
hexchen
16f05ceadf
ci: remove instantiate stage
instantiating takes a lot of time now (lots of dependencies), and the
gain of not starting a build if the instantiation fails is minimal.
2021-02-22 09:41:15 +00:00
d7b70742fe remove old engelsystem config (NOP)
this removes the old (unused) config for an angel system used during the
fridays for future camp 2020. Since it was configured "by hand" and not
in a declarative manner, and since there is now an actual module
`services.engelsystem` that we already use for the divoc it seems unlikely
that we will ever need the old config again.

From Nix's point of view, this commit is equivalent to doing nothing.
2021-02-21 14:58:25 +01:00
Matthias Stübinger
3b42b89bd7 Hasenloch (Engelsystem for divoc)
Seems to work fine, except for the domain — the engelsystem tries
to load its ressources from the IP of the container instead of its
url set in the config.
2021-02-20 23:32:00 +01:00
schweby
1a8842457d restic: added mumur to backup 2021-02-20 21:56:05 +01:00
hexchen
233a4c7cab hainich: init restic backups 2021-02-15 07:23:23 +00:00
hexchen
e42376687f hainich/syncthing: add hexchen's server 2021-02-13 19:56:15 +00:00
Schweby mit Hut
be90dca334 hainich/syncthing: added raphael-laptop 2021-02-11 22:31:35 +01:00
Schweby mit Hut
442e320be5 hainich/syncthing: Updated id for schweby 2021-02-11 22:17:36 +01:00
hexchen
c36eb51ff4 Revert 43d36bb3d7
This is a partial revert, reintroducing hexchen to the project.
As it turns out, I am still quite invested in the project and require
frequent access to the nix-based infrastructure.
2021-02-11 18:59:10 +00:00
schweby
aca670d778 sources: updated sources 2021-02-10 22:53:55 +00:00
schweby
9d516c83ae sources: removed immae-nix 2021-02-10 23:48:18 +01:00
hexchen
0ea8daad24 hainich/gitlab-runner: Move registration token
Move it to /etc instead so that it's persisted across reboots
2021-02-10 22:40:03 +00:00
hexchen
0d362a17fc hainich/monitoring: init prometheus 2021-02-06 16:41:02 +00:00
Schweby mit Hut
323b4edf1c hainich/murmur,mumble: let the websites be fixed. 2021-02-03 23:33:08 +01:00
Matthias Stübinger
1ccc8b2b9c Fix mumble sites 2021-02-03 11:12:23 +01:00
schweby
b384ff8b38 updated nixpkgs etc 2021-01-27 23:44:18 +01:00