Commit graph

498 commits

Author SHA1 Message Date
72ca5b2888 initial work for 23.05
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
2023-09-28 01:11:02 +02:00
74654f2fc0 websites: rooms on libera → hackint.org 2023-09-25 17:28:18 +02:00
4fb06c3e10 mattermost 7.8.10 → 7.8.11
(another security update)
2023-09-20 00:33:36 +02:00
d7d15f4b0b websites: chats are on raccoon.college for now 2023-09-12 22:28:53 +02:00
c18215f356 mattermost 7.8.8 → 7.8.10 2023-09-06 17:02:46 +02:00
6a4ff47443 mattermost 7.8.7 → 7.8.8 2023-07-19 22:20:45 +02:00
109aada070 mattermost 7.8.5 → 7.8.7 2023-07-08 00:33:11 +02:00
2d542e9167 remove auth.infra4future.de 2023-05-27 16:26:48 +02:00
d8e937a91d mattermost: 7.1.8 → 7.8.5 2023-05-19 23:06:15 +02:00
57b6eac7c2 tracktrain: upstream is slow in updating gtfs, use our own
note: I am author of both the file now under /persist/containers/tracktrain
& the upstream one at ilztalbahn.eu, but don't have direct access to the
wordpress instance running there, and no one who does has yet uploaded
the new file.
2023-05-17 17:49:56 +02:00
e5d57ebec9 sops/tracktrain: fix a missed non-declarative secret 2023-05-17 17:49:28 +02:00
6a51e74c73 enable receiving mail on mattermost@
otherwise we apparently cause feedback loops? pfft.
2023-05-05 16:28:37 +02:00
5bd2c5ab4c remove apparently unnecessary nextcloud config 2023-05-04 00:46:48 +02:00
3099798468 remove apparently unnessary mattermost lib.mkForce 2023-05-04 00:40:59 +02:00
b5d4f76a1d rotate octycs's ssh key 2023-05-04 00:40:44 +02:00
003f2f7e44 move all on-disk secrets into sops
this only concerns secrets which are in a raw file. Some of our
services (e.g. nextclouds) keeps secrets in its database; these remain
untouched.

Not yet deployed because of shitty train internet.
2023-05-03 23:04:13 +02:00
0d75469590 rotate zauberberg's ssh key 2023-05-03 22:33:12 +02:00
49fa2325f3 sops-nix proof of concept
this is currently deployed and appears to be working. please everyone
have a look at it & then decide if we want to use this for the other
secrets as well.
2023-04-19 20:08:45 +02:00
a3689d1c76 mattermost: 7.1.7 → 7.1.8
this is a security update, see
https://mattermost.com/blog/mattermost-security-updates-7-9-2-7-8-3-esr-7-7-4-7-1-8-esr-released/
for more.
2023-04-15 19:02:42 +02:00
eda184ee48 netbox: remove python override workaround
this is currently unused anyways, but in case we ever do need it again,
https://github.com/NixOS/nixpkgs/pull/223268 has removed the need for
the weird override workaround.
2023-04-05 23:04:59 +02:00
8d9df0e20e mattermost: 7.1.4 → 7.1.7
apparently the 7.1.x series is now old enough that even though it
does still get security fixes, the mattermost team no longer mentions
this on their blog, so we missed out on a couple. fun!
2023-03-24 03:49:37 +01:00
fb3c1b0a96 symlink haccfiles into /etc/haccfiles
upsides:
 - we will no longer get confused about which state is currently deployed
downsides:
 - deploys get slower, since it has to uploads the entire haccfiles each time
2023-03-23 15:29:29 +01:00
b30df7ea6d unbreak tracktrain css 2023-03-16 15:03:13 +01:00
26f3f98a9c update inputs 2023-03-15 21:50:48 +01:00
f91ea850bc
mail: reenable recieving mail on noreply@
because mail providers are sending out abuse mails for fbls they're
causing *shrung*
2023-03-15 19:06:36 +01:00
a6d21f4fd9 make working on websites nicer
(since every time we have to change anything on these I get annoyed at
having to remember how to build these. Now you can just use `nix run`!)
2023-02-24 17:33:48 +01:00
7fd1c9ff80 remove the default.nix file
(why did we keep this around? in any case, it's broken)
2023-02-24 16:11:43 +01:00
ba91526fc8
common/users: add new ssh-key for moira 2023-02-23 17:24:48 +01:00
72c16d9e1c nicer container configs
today i woke up to the realisation that there's an extremely obvious way
to make these nicer, & then i did exactly that. For some reason I did
not think of this when originally removing the dependency to nix-hexchen's
evalConfig.

unfortunately, this is not /quite/ a no-op. The only actual change is
different whitespace in some of the semantically-equivalent
coredns-configs that got unified.
2023-02-18 14:45:14 +01:00
aa62e616a3 common/users: remove an old ssh key 2023-02-16 01:40:14 +01:00
30510a3194 tracktrain: don't start before network.target
i hope this is the correct option; the last one apparently wasn't
enough.
2023-02-16 01:38:35 +01:00
dc1bdb2682 websites/infra4future.de: further edits
(also remove the link to hacc.wiki, that's kinda outdated)
2023-02-16 01:22:08 +01:00
5fee4c445d websites/infra: update group explanation 2023-02-16 01:22:08 +01:00
9ac7307672 update websites 2023-02-16 01:22:08 +01:00
26f91fac20 parsons: fix nix auto gc 2023-02-15 21:23:44 +01:00
9185f3e0ab update inputs 2023-02-13 20:43:09 +01:00
2e74ca9b35 tracktrain: remove cors header
this is almost certainly not needed anymore. i think.
2023-01-30 21:00:54 +01:00
4c456eae1c tracktrain: don't open firewall twice
just to cause less confusion down the line
2023-01-30 15:00:13 +01:00
7a3e65a3f5 working tracktrain + monitoring 2023-01-22 20:03:11 +01:00
9af819b4b8 init tracktrain 2023-01-22 02:25:07 +01:00
82e2831d3a
common/users: update terrus key 2023-01-10 19:20:47 +01:00
15c49c657f update inputs 2023-01-06 17:45:43 +01:00
87fd563ad3 remove netbox 2023-01-06 16:23:05 +01:00
eb7183ac54 services/mattermost: security update 7.1.4 → 7.1.5 2023-01-02 22:51:16 +01:00
1a54dbd191 alps: please don't start if there's no mailserver yet 2022-12-17 16:37:18 +01:00
015f66d749 netbox: fix uffd secret path
(turns out it's not a good idea to put it into a non-persistant directory)
2022-12-17 16:36:53 +01:00
hexchen
ba5bcf601c flake: update nix-hexchen and remove reference to deploy 2022-12-17 16:00:53 +01:00
9363c9e004 services/alps: use the nixos module
(since nixos 22.11 comes with one)
2022-12-17 15:56:06 +01:00
34a147afe6 python 3.9 -> python 3.10
(nixos 22.11 changed the default version, so some of our stuff broke)
2022-12-17 15:54:31 +01:00
1720b7bf81 update inputs 2022-12-16 22:56:28 +01:00