peter
/
haccfiles
forked from hacc/haccfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
356 Commits
40 Branches
0 Tags
20 MiB
Commit Graph

356 Commits (schweby-main-patch-74823)

Author SHA1 Message Date
schweby 62c0f73465 Update services/mail.nix 2022-07-08 20:51:20 +00:00
schweby 430efbc0a5
update sources 2022-06-09 14:56:38 +02:00
schweby 3dc6b5e3e9
common/users: update schwebys ssh key 2022-05-22 15:08:42 +02:00
hexchen 507a144165 Add uffd application icons 2022-05-02 16:28:37 +00:00
hexchen 7015386cd6 Fix uffd brand icon 2022-05-02 15:53:27 +00:00
schweby 440076bae9
services/nextcloud: make login work reliably 2022-04-30 23:35:19 +02:00
hexchen 27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
stuebinm 287cb84d82
services/mattermost: bump to 6.6.0 2022-04-16 20:31:58 +02:00
schweby 3ee3c37ccb
sources: updates 
CVE-2022-1162
 2022-04-06 09:05:25 +02:00
stuebinm 39bec9fbd0
services/mattermost: bump to 6.5.0 2022-03-18 19:28:43 +01:00
stuebinm 5c85431847
mattermost: bump to 6.4.2 (security update) 2022-03-11 14:01:53 +01:00
schweby 2cf0119ec1
sources: updates 
update kernel to proteced against CVE-2022-0847
 2022-03-07 20:44:33 +01:00
schweby a92ae39d65
gitlab-ci.yml: disable nixda build 
It's known broken. No need to waste time and resources.
Reenable when fixed.
 2022-02-27 12:22:30 +01:00
schweby f1c3a2d082
sources: updates 2022-02-27 12:19:36 +01:00
schweby 93c13debe6
services/mattermost: bump to 6.4.1 2022-02-27 11:57:52 +01:00
stuebinm 3e95d6c222
bump nix/sources.json 2022-02-17 19:49:53 +01:00
stuebinm ca19774c9e
services/mattermost: bump to 6.4.0 2022-02-17 19:49:38 +01:00
stuebinm 032c49c375
comment out services/workadventure 
(we're not using it and it's eating build times, so I've disabled it for
now)
 2022-02-17 19:48:45 +01:00
stuebinm 4b71a216ba
services/mattermost: bump to 6.1.3 
(another security update)
 2022-02-05 01:08:46 +01:00
schweby 17d695c00b
common: add niv 2022-02-04 08:51:39 +01:00
schweby 7815e32f9f
services/mail: reduce logspam 
reduce logspam by out mail services by seeting them to logleven 5
(notice) and 3 (error)
 2022-02-01 17:07:52 +01:00
stuebinm 99811b6711 bump update nixos-mailserver to 21.11 2022-02-01 14:44:47 +01:00
stuebinm 1aebabe8a0 parsons/restics: s3CredentialsFile is deprecated 
This is untested, but the documentation on the s3CredentialsFile option
seems to suggest this should be correct.
 2022-02-01 14:03:40 +01:00
stuebinm 10942ca464 bump home manager to 21.11 2022-02-01 14:00:35 +01:00
schweby 2d429492fe
services/mail: stop postfix from dying by rspamd 2022-01-31 21:43:25 +01:00
schweby 4bf804c025
services/syncthing: add Vorstands share 
currently the receiveencrypted type is not supported by the nixos module
so we have to set it via the webinterface
 2022-01-27 22:53:17 +01:00
schweby 8716f2b308
services/syncthing: update config format 2022-01-27 22:52:49 +01:00
hexchen 6de0b91beb fixer tous les things 2022-01-27 20:20:25 +00:00
stuebinm 9937d5ff94
fixing pad.hacc.space (hopefully) 
(I haven't tested this, since I don't want to try the upgrade-adventure
a second time today, but I think this should fix it)
 2022-01-27 20:38:06 +01:00
stuebinm 4ff0bdf3ec
whoops, apparently some rebase went wrong 
(fixing it back into a buildable state)
 2022-01-27 20:38:04 +01:00
stuebinm 676ba4fc31
services/hedgedocs: use socket auth for postgres 2022-01-27 20:37:42 +01:00
schweby 569c5652f2
sources: update 2022-01-27 20:37:40 +01:00
schweby 238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
stuebinm c2c0bd366a
bump nixpkgs to 21.11 
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
 2022-01-27 20:36:17 +01:00
stuebinm 68afbe01b3 services/mattermost: bump to 6.1.2 (security update) 
cf. https://mattermost.com/blog/mattermost-security-updates-6-3-1-6-2-2-6-1-2-5-37-7-released/

this supposedly fixes a "medium-level security vulnerability", but
they're not telling us what it is (for now …) :rolls_eyes:

anyways, seems to run fine on parsons.
 2022-01-25 02:08:40 +01:00
schweby fa347008fa
common/default.nix: add vgrep 2022-01-19 22:11:10 +01:00
schweby c21b1b8ddf
services/syncthing: cleanup clients 
remove no longer needed clients due to "new" password sharing
 2022-01-19 21:35:03 +01:00
schweby 02a64a6f31
services/hedgedoc: lower loglevel to warn 2022-01-19 21:22:32 +01:00
stuebinm b9aa3050d7 fix mumble website 
This does two things:
 - add a group "mumblecert" which is allowed to read the mumble.hacc.space
   cert, and add both nginx and murmur's users to it
 - remove the website's derivation from services/murmur.nix and instead
   add it to the websites/ dir and handle it the same as all our other sites
 2022-01-18 09:08:27 +01:00
schweby 6f0d8a6af9
hotfix: disable mumble website 
disable the mumble website because of cert permission issues causes by ad9c1f4481
nginx doesn't start because it can read the cert of the website
 2022-01-17 22:37:43 +01:00
stuebinm ad9c1f4481
security/acme: mumble cert readable by murmur group 
the postRun thing doesn't seem to work at all anymore?
 2022-01-12 23:51:31 +01:00
stuebinm f800057478
services/hedgedocs: remove unused module imports 2022-01-12 19:31:31 +01:00
stuebinm ae67b38304 add the rest of our stativ web pages 
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
 2022-01-10 23:45:21 +01:00
stuebinm eb07f34672 modules/website.nix init 
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).

Thus we could avoid the dependency on gitlab pages.
 2022-01-10 22:57:09 +01:00
stuebinm c08ca5f85f
update readme 
its incompleteness annoys me
 2022-01-07 18:16:31 +01:00
stuebinm a7896e718f
services/workadventure: re-add the hacc assembly map as default map 2022-01-07 17:29:10 +01:00
stuebinm 16245e830f
remove truelove-specific workadventure 
This removes the special configuration to make our workadventure useable
for the truelove event and reverts it to just run at void.hacc.space
without authentication etc.

Tbh, not sure if that's actually what we want — do we need a running
workadventure instance at all? Or should we just remove the entire container?
 2022-01-01 20:03:32 +01:00
schweby 9b38e5fba1 update sources 2021-12-30 22:58:23 +01:00
schweby 8c527ea552 enable ssh for stream user 2021-12-30 22:30:25 +01:00
schweby b96a026565 cleanup default apps 2021-12-30 22:30:17 +01:00