Commit graph

73 commits

Author SHA1 Message Date
9e89ff6aa9
mumble: ssl for everyone :party: 2022-09-24 16:30:14 +02:00
3ea537459b
change name 2022-09-12 19:29:51 +02:00
45ceeef189
gitea: git protocol v2 over ssh
cf. https://docs.gitea.io/en-us/config-cheat-sheet/#git-git, entry for
option ENABLE_AUTO_GIT_WIRE_PROTOCOL
2022-08-03 11:26:05 +02:00
e246563f57 git ssh: switch to gitea (instead of gitlab) 2022-08-01 20:54:17 +02:00
a1c5832a51 gitea: save state under /persist 2022-08-01 18:39:46 +02:00
c854e10980
gitea: enable offline mode 2022-07-27 23:26:13 +02:00
b5a68e09fd
gitea: fix uffd login
(note that this actually has to patch uffd)
2022-07-27 23:26:13 +02:00
f9f1eee6fd
update lantifa source urls & hashes 2022-07-27 23:26:13 +02:00
schweby
db5865fff2
!fixup add missing settings section 2022-07-27 23:26:13 +02:00
schweby
65ec0779b7
init basic untested config 2022-07-27 23:26:13 +02:00
schweby
86b9d3113c
parsons/mail: readd noreply@infra4ure 2022-07-17 19:36:42 +02:00
schweby
39aaf2e0bb
!fixup make virtual addresses actually work
also fix typo
2022-07-10 19:02:45 +02:00
schweby
8021685ec8
update mail config 2022-07-09 20:56:46 +02:00
8f413da05a services/nextcloud: remove mail & redis
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
2022-07-09 20:27:46 +02:00
e9d2630ea9 fix auamost path 2022-07-09 19:11:30 +02:00
445a974f97 magic mattermost group sync 2022-07-09 11:00:57 +02:00
4eecd1bad4 update nextcloud to 24
(apparently we forget to commit this??)
2022-07-09 10:56:58 +02:00
hexchen
507a144165 Add uffd application icons 2022-05-02 16:28:37 +00:00
hexchen
7015386cd6 Fix uffd brand icon 2022-05-02 15:53:27 +00:00
schweby
440076bae9
services/nextcloud: make login work reliably 2022-04-30 23:35:19 +02:00
hexchen
27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
schweby
7815e32f9f
services/mail: reduce logspam
reduce logspam by out mail services by seeting them to logleven 5
(notice) and 3 (error)
2022-02-01 17:07:52 +01:00
schweby
2d429492fe
services/mail: stop postfix from dying by rspamd 2022-01-31 21:43:25 +01:00
schweby
4bf804c025
services/syncthing: add Vorstands share
currently the receiveencrypted type is not supported by the nixos module
so we have to set it via the webinterface
2022-01-27 22:53:17 +01:00
schweby
8716f2b308
services/syncthing: update config format 2022-01-27 22:52:49 +01:00
hexchen
6de0b91beb fixer tous les things 2022-01-27 20:20:25 +00:00
9937d5ff94
fixing pad.hacc.space (hopefully)
(I haven't tested this, since I don't want to try the upgrade-adventure
a second time today, but I think this should fix it)
2022-01-27 20:38:06 +01:00
676ba4fc31
services/hedgedocs: use socket auth for postgres 2022-01-27 20:37:42 +01:00
schweby
238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
c2c0bd366a
bump nixpkgs to 21.11
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
2022-01-27 20:36:17 +01:00
schweby
c21b1b8ddf
services/syncthing: cleanup clients
remove no longer needed clients due to "new" password sharing
2022-01-19 21:35:03 +01:00
schweby
02a64a6f31
services/hedgedoc: lower loglevel to warn 2022-01-19 21:22:32 +01:00
b9aa3050d7 fix mumble website
This does two things:
 - add a group "mumblecert" which is allowed to read the mumble.hacc.space
   cert, and add both nginx and murmur's users to it
 - remove the website's derivation from services/murmur.nix and instead
   add it to the websites/ dir and handle it the same as all our other sites
2022-01-18 09:08:27 +01:00
schweby
6f0d8a6af9
hotfix: disable mumble website
disable the mumble website because of cert permission issues causes by ad9c1f4481
nginx doesn't start because it can read the cert of the website
2022-01-17 22:37:43 +01:00
ad9c1f4481
security/acme: mumble cert readable by murmur group
the postRun thing doesn't seem to work at all anymore?
2022-01-12 23:51:31 +01:00
f800057478
services/hedgedocs: remove unused module imports 2022-01-12 19:31:31 +01:00
ae67b38304 add the rest of our stativ web pages
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
2022-01-10 23:45:21 +01:00
eb07f34672 modules/website.nix init
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).

Thus we could avoid the dependency on gitlab pages.
2022-01-10 22:57:09 +01:00
a7896e718f
services/workadventure: re-add the hacc assembly map as default map 2022-01-07 17:29:10 +01:00
16245e830f
remove truelove-specific workadventure
This removes the special configuration to make our workadventure useable
for the truelove event and reverts it to just run at void.hacc.space
without authentication etc.

Tbh, not sure if that's actually what we want — do we need a running
workadventure instance at all? Or should we just remove the entire container?
2022-01-01 20:03:32 +01:00
schweby
2a1e692522 services/lantifa: set mediawiki-version from 21.11
due to a wikiDB issue the mediawiki version in unstable (37) is not
compatible.
switching to 21.05 would mean a downgrade, so this is the hack until we
fully upgrade to 21.11
2021-12-11 13:20:42 +01:00
928d44fb95 Added stuebinm@hacc.space to mitglieder@hacc.space 2021-12-01 21:25:27 +00:00
3ad6a0d2df raphael@hacc.space added to voc@hacc.space 2021-12-01 21:22:53 +00:00
schweby
277d4a1fa7 services/nextcloud: fix downloads >1GB
should also gernerally improve performance when large(r) amounts of data
are exchanged
2021-11-22 20:58:39 +01:00
6563e0ccfa add services/workadventure for true-love event 2021-11-09 17:02:43 +00:00
schweby
5432503397 services/mattermost: set MaxUsersPerTeam to 250 2021-11-06 18:11:08 +01:00
schweby
144bd0d5f5 remove services/unifi
no longer needed
2021-11-03 15:36:03 +01:00
1b94984486
unbreak vaultwarden backup 2021-10-31 22:22:48 +01:00
schweby
232a90aaf1 services/nextcloud: replace password with file 2021-10-31 09:19:45 +01:00
schweby
0652afa761 services/nextcloud: set defaultapp to apporder 2021-10-31 08:28:10 +01:00