Commit graph

41 commits

Author SHA1 Message Date
3e40d82579 common: *licks the infra*
Since Lix is now in nixpkgs-unstable-small, I think it's a good time to
use it. This does mean that we now pull in our nix implementation from
an unstable channel, but overall I'm more confident in the Lix team's
ability to not break things than I am in the Nix team's ability to
backport (& then actually release) security updates.

(once Lix is on a stable channel, we can switch back to using it from there)
2024-05-13 14:42:39 +02:00
62917423e3 render nftables's ruleset
This does the same as the last commit did for the nftnat module, but for
the more general nftables module. Note the weird whatspace again.
2024-02-18 13:39:54 +01:00
062e123046 common/users: add floppy & leah2 2024-01-28 15:57:07 +01:00
9d187d212a initial work towards nixos 23.11
Note: this updates all postgres instances, since postgresql_11 no longer
exists.
2023-12-02 22:05:46 +01:00
72ca5b2888 initial work for 23.05
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
2023-09-28 01:11:02 +02:00
b5d4f76a1d rotate octycs's ssh key 2023-05-04 00:40:44 +02:00
0d75469590 rotate zauberberg's ssh key 2023-05-03 22:33:12 +02:00
ba91526fc8
common/users: add new ssh-key for moira 2023-02-23 17:24:48 +01:00
aa62e616a3 common/users: remove an old ssh key 2023-02-16 01:40:14 +01:00
26f91fac20 parsons: fix nix auto gc 2023-02-15 21:23:44 +01:00
82e2831d3a
common/users: update terrus key 2023-01-10 19:20:47 +01:00
bb24ce8b87 nixos-22.11: fix module warnings
(also wow nextcloud encryption is apparently broken. colour me surprised!)
2022-12-16 22:56:28 +01:00
ea2d89fa84 make fish my default shell 2022-11-26 00:08:38 +01:00
12da955842 nix: enable 'experimental feature' flakes by default 2022-11-19 15:23:03 +01:00
c09337c973 shoehorn nix-hexchen-style config into flakes
this replaces niv with nix flakes, attempting to preserve the old
structure as much as possible. Notable caveats:
 - I'm not sure if flake inputs expose version information anywhere, so
   the version in pkgs/mattermost/default.nix is now hardcoded.
   Confusingly, this appears to trigger a rebuild. Maybe I've missed something.
 - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen
   does not work with flakes, and their newer replacements are not exposed
   by upstream; I've put basic imitations of the relevant parts in this repo
 - (in particular, directories in hosts/ won't become deployable configs
   automatically)
 - parts of the code are now probably more complicated than they'd have to be
 - old variables names were preserved; confusingly, this means the flake
   inputs are still called "sources"
2022-11-13 22:45:50 +01:00
025d17c487
common: enable mosh 2022-11-13 20:26:48 +01:00
319f827aa0
add new key for stuebinm 2022-11-13 20:22:23 +01:00
380934299b niv: remove home-manager
(not used for anything atm)
2022-11-11 16:30:38 +01:00
13b81b37f4 users.nix: re-add hexchen's ssh keys
(these were previously defined via nix-hexchen)
2022-11-11 16:30:38 +01:00
daac7ebcb0 remove users/hexchen.nix 2022-11-11 16:30:38 +01:00
acd051e4e0 make renamed options complain (less) 2022-11-11 16:30:38 +01:00
0e20c9ddfa remove hexchen home-manager 2022-11-11 16:30:38 +01:00
3ea537459b
change name 2022-09-12 19:29:51 +02:00
schweby
3dc6b5e3e9
common/users: update schwebys ssh key 2022-05-22 15:08:42 +02:00
schweby
17d695c00b
common: add niv 2022-02-04 08:51:39 +01:00
schweby
fa347008fa
common/default.nix: add vgrep 2022-01-19 22:11:10 +01:00
schweby
b96a026565 cleanup default apps 2021-12-30 22:30:17 +01:00
schweby
dbf8d74a24 set timezones
default is UTC no need to force it
A desktop shoud be in the commonly used timezone.
Forcing UTC has caused trouble multiple times.
2021-09-19 16:35:38 +02:00
schweby
f5579bc98e parsons: config nginx 2021-08-23 19:32:02 +00:00
hexchen
cf5062adfd sources: update nixpkgs to 21.05
this caused various other changes related to nftables, we are now using
hexchen's fork of pbb's module.
2021-08-07 12:05:25 +00:00
schweby
1064836092
Revert "security: remove hexchen"
This reverts commit bab826b1c7.
Also fixes hexchen nix due new logic
2021-03-26 22:04:27 +01:00
schweby
bab826b1c7 security: remove hexchen 2021-03-12 23:53:51 +01:00
schweby
db51a3adde common: set schweby's shell to fish 2021-03-12 12:28:26 +01:00
hexchen
b186473e68 sources: update nix-hexchen
lots of fancy new stuff, but most importantly: we no longer import all
of my user config, just the very base.

none of that fancy stuff is active right now, this should mostly be a
no-op unless we do the same restructure that i have just done in my
nixfiles here as well.
2021-03-10 20:58:31 +01:00
hexchen
c36eb51ff4 Revert 43d36bb3d7
This is a partial revert, reintroducing hexchen to the project.
As it turns out, I am still quite invested in the project and require
frequent access to the nix-based infrastructure.
2021-02-11 18:59:10 +00:00
hexchen
43d36bb3d7 remove hexchen from the project
I am no longer comfortable with putting resources into this project and
therefore request to be removed from all infrastructure. I am still
happy to help out with software I set up, but I will no longer actively
maintain any services. As far as possible, I will remove myself from all
access groups or other privileged positions related to this project.

Essentially, I'm stepping down as a maintainer. I still reserve the
right to make changes via the established change processes (Merge
Requests as well as Issues in the meta-repositories), but I will no
longer make direct changes to infrastructure without going through those
review processes.
2021-01-25 11:37:34 +00:00
hexchen
c0efd41e74 nftables: import module and init config 2021-01-15 22:45:34 +00:00
hexchen
d86418307f fixup!common: disable logs 2021-01-15 21:09:32 +00:00
hexchen
4e1430bfc7 common: disable nginx access log 2021-01-15 21:02:03 +00:00
hexchen
b288102f76 common/users: import hex-nix to deduplicate config 2021-01-11 00:30:08 +00:00
hexchen
851052014a complete restructure of haccfiles
here be winkekatzen
2021-01-10 23:53:41 +00:00