Commit graph

662 commits

Author SHA1 Message Date
schweby
86b9d3113c
parsons/mail: readd noreply@infra4ure 2022-07-17 19:36:42 +02:00
schweby
39aaf2e0bb
!fixup make virtual addresses actually work
also fix typo
2022-07-10 19:02:45 +02:00
schweby
8021685ec8
update mail config 2022-07-09 20:56:46 +02:00
8f413da05a services/nextcloud: remove mail & redis
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
2022-07-09 20:27:46 +02:00
e9d2630ea9 fix auamost path 2022-07-09 19:11:30 +02:00
445a974f97 magic mattermost group sync 2022-07-09 11:00:57 +02:00
4eecd1bad4 update nextcloud to 24
(apparently we forget to commit this??)
2022-07-09 10:56:58 +02:00
schweby
430efbc0a5
update sources 2022-06-09 14:56:38 +02:00
schweby
3dc6b5e3e9
common/users: update schwebys ssh key 2022-05-22 15:08:42 +02:00
hexchen
507a144165 Add uffd application icons 2022-05-02 16:28:37 +00:00
hexchen
7015386cd6 Fix uffd brand icon 2022-05-02 15:53:27 +00:00
schweby
440076bae9
services/nextcloud: make login work reliably 2022-04-30 23:35:19 +02:00
hexchen
27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
287cb84d82
services/mattermost: bump to 6.6.0 2022-04-16 20:31:58 +02:00
schweby
3ee3c37ccb
sources: updates
CVE-2022-1162
2022-04-06 09:05:25 +02:00
39bec9fbd0
services/mattermost: bump to 6.5.0 2022-03-18 19:28:43 +01:00
5c85431847
mattermost: bump to 6.4.2 (security update) 2022-03-11 14:01:53 +01:00
schweby
2cf0119ec1
sources: updates
update kernel to proteced against CVE-2022-0847
2022-03-07 20:44:33 +01:00
schweby
a92ae39d65
gitlab-ci.yml: disable nixda build
It's known broken. No need to waste time and resources.
Reenable when fixed.
2022-02-27 12:22:30 +01:00
schweby
f1c3a2d082
sources: updates 2022-02-27 12:19:36 +01:00
schweby
93c13debe6
services/mattermost: bump to 6.4.1 2022-02-27 11:57:52 +01:00
3e95d6c222
bump nix/sources.json 2022-02-17 19:49:53 +01:00
ca19774c9e
services/mattermost: bump to 6.4.0 2022-02-17 19:49:38 +01:00
032c49c375
comment out services/workadventure
(we're not using it and it's eating build times, so I've disabled it for
now)
2022-02-17 19:48:45 +01:00
4b71a216ba
services/mattermost: bump to 6.1.3
(another security update)
2022-02-05 01:08:46 +01:00
schweby
17d695c00b
common: add niv 2022-02-04 08:51:39 +01:00
schweby
7815e32f9f
services/mail: reduce logspam
reduce logspam by out mail services by seeting them to logleven 5
(notice) and 3 (error)
2022-02-01 17:07:52 +01:00
99811b6711 bump update nixos-mailserver to 21.11 2022-02-01 14:44:47 +01:00
1aebabe8a0 parsons/restics: s3CredentialsFile is deprecated
This is untested, but the documentation on the s3CredentialsFile option
seems to suggest this should be correct.
2022-02-01 14:03:40 +01:00
10942ca464 bump home manager to 21.11 2022-02-01 14:00:35 +01:00
schweby
2d429492fe
services/mail: stop postfix from dying by rspamd 2022-01-31 21:43:25 +01:00
schweby
4bf804c025
services/syncthing: add Vorstands share
currently the receiveencrypted type is not supported by the nixos module
so we have to set it via the webinterface
2022-01-27 22:53:17 +01:00
schweby
8716f2b308
services/syncthing: update config format 2022-01-27 22:52:49 +01:00
hexchen
6de0b91beb fixer tous les things 2022-01-27 20:20:25 +00:00
9937d5ff94
fixing pad.hacc.space (hopefully)
(I haven't tested this, since I don't want to try the upgrade-adventure
a second time today, but I think this should fix it)
2022-01-27 20:38:06 +01:00
4ff0bdf3ec
whoops, apparently some rebase went wrong
(fixing it back into a buildable state)
2022-01-27 20:38:04 +01:00
676ba4fc31
services/hedgedocs: use socket auth for postgres 2022-01-27 20:37:42 +01:00
schweby
569c5652f2
sources: update 2022-01-27 20:37:40 +01:00
schweby
238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
c2c0bd366a
bump nixpkgs to 21.11
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
2022-01-27 20:36:17 +01:00
68afbe01b3 services/mattermost: bump to 6.1.2 (security update)
cf. https://mattermost.com/blog/mattermost-security-updates-6-3-1-6-2-2-6-1-2-5-37-7-released/

this supposedly fixes a "medium-level security vulnerability", but
they're not telling us what it is (for now …) :rolls_eyes:

anyways, seems to run fine on parsons.
2022-01-25 02:08:40 +01:00
schweby
fa347008fa
common/default.nix: add vgrep 2022-01-19 22:11:10 +01:00
schweby
c21b1b8ddf
services/syncthing: cleanup clients
remove no longer needed clients due to "new" password sharing
2022-01-19 21:35:03 +01:00
schweby
02a64a6f31
services/hedgedoc: lower loglevel to warn 2022-01-19 21:22:32 +01:00
b9aa3050d7 fix mumble website
This does two things:
 - add a group "mumblecert" which is allowed to read the mumble.hacc.space
   cert, and add both nginx and murmur's users to it
 - remove the website's derivation from services/murmur.nix and instead
   add it to the websites/ dir and handle it the same as all our other sites
2022-01-18 09:08:27 +01:00
schweby
6f0d8a6af9
hotfix: disable mumble website
disable the mumble website because of cert permission issues causes by ad9c1f4481
nginx doesn't start because it can read the cert of the website
2022-01-17 22:37:43 +01:00
ad9c1f4481
security/acme: mumble cert readable by murmur group
the postRun thing doesn't seem to work at all anymore?
2022-01-12 23:51:31 +01:00
f800057478
services/hedgedocs: remove unused module imports 2022-01-12 19:31:31 +01:00
ae67b38304 add the rest of our stativ web pages
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
2022-01-10 23:45:21 +01:00
eb07f34672 modules/website.nix init
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).

Thus we could avoid the dependency on gitlab pages.
2022-01-10 22:57:09 +01:00