Commit graph

53 commits

Author SHA1 Message Date
0882960b9a
First draft for a nextcloud deployment on nix
Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.
2021-03-25 18:34:35 +01:00
stuebinm
d5cf2abccc
hainich: init mattermost beta 2021-03-24 22:37:38 +01:00
schweby
b604cee52a
hainich/minecraft: Update to paper 1.16.6-167 2021-03-24 21:13:26 +01:00
schweby
077e8264f7
hainich/hasenloch: set config suitable for r2r 2021-03-24 19:28:22 +01:00
schweby
f54be467b8
hainich/hasenloch: update to r2r version
to update to this version removal of the cache at
*engelsystem/storage/cache is necessary for the site to work
2021-03-24 19:19:33 +01:00
schweby
99d534586a
hainich/minecraft: update to paper 1.16.5-562 2021-03-20 17:09:58 +01:00
schweby
8377d27b87 hainich: init minecraft server
this server replaces the vanilla minecraft server on libocedrus
2021-03-20 16:59:47 +01:00
schweby
071f135ef4
hainich: Blacklist ip_tables and ip6_tables
Prevent **something** (docker) from loading the iptables kernel modules
and breaking nftables
2021-03-20 16:56:56 +01:00
schweby
233ffdd769
hainich/nginx: redirect hacc.space to hacc.earth
redirect was previously managed on libocerus
hacc.space now points to hainich
2021-03-18 19:12:14 +01:00
schweby
77c06c5509
hainich/nginx: let all empty subdomains 404
* make hainich.hacc.space the default virtualHost for nginx
if no host is running on that subdomain, this will be shown
* disable SSL, so no pesky SSL error for empty subdomains anymore
* remove lots of unneeded brackes and semicolons
2021-03-18 19:04:00 +01:00
schweby
94eafe59d2
hainich/nginx: remove rc3 cluster site 2021-03-18 19:01:44 +01:00
dbbdde76c7
mumble.hacc.space: move site from gitlab into nix derivation
Since the delivery of mumble.hacc.space/murmur.hacc.space via gitlab pages
broke (for whatever reason), I've packaged the site into an ad-hoc nix
derivation, which is now delivered locally by nginx instead. This has a
couple benefits (mainly that we no longer depend on gitlab pages), but
also the downside that we can't just update the site via gitlab's CI/CD
pipelines anymore.
2021-03-17 22:35:51 +01:00
schweby
32b5958279 security: remove hexchen mail 2021-03-13 00:27:53 +01:00
schweby
bab826b1c7 security: remove hexchen 2021-03-12 23:53:51 +01:00
schweby
2d4309fdf4 hainich: init workadventure 2021-03-11 00:11:51 +01:00
hexchen
6f2cc7bf7f hainich: remove obsolete nginx host 2021-03-09 10:10:03 +00:00
hexchen
bc58060390 mail: update rinderhacc password and alias 2021-03-09 10:03:18 +00:00
d7b70742fe remove old engelsystem config (NOP)
this removes the old (unused) config for an angel system used during the
fridays for future camp 2020. Since it was configured "by hand" and not
in a declarative manner, and since there is now an actual module
`services.engelsystem` that we already use for the divoc it seems unlikely
that we will ever need the old config again.

From Nix's point of view, this commit is equivalent to doing nothing.
2021-02-21 14:58:25 +01:00
Matthias Stübinger
3b42b89bd7 Hasenloch (Engelsystem for divoc)
Seems to work fine, except for the domain — the engelsystem tries
to load its ressources from the IP of the container instead of its
url set in the config.
2021-02-20 23:32:00 +01:00
schweby
1a8842457d restic: added mumur to backup 2021-02-20 21:56:05 +01:00
hexchen
233a4c7cab hainich: init restic backups 2021-02-15 07:23:23 +00:00
hexchen
e42376687f hainich/syncthing: add hexchen's server 2021-02-13 19:56:15 +00:00
Schweby mit Hut
be90dca334 hainich/syncthing: added raphael-laptop 2021-02-11 22:31:35 +01:00
Schweby mit Hut
442e320be5 hainich/syncthing: Updated id for schweby 2021-02-11 22:17:36 +01:00
hexchen
c36eb51ff4 Revert 43d36bb3d7
This is a partial revert, reintroducing hexchen to the project.
As it turns out, I am still quite invested in the project and require
frequent access to the nix-based infrastructure.
2021-02-11 18:59:10 +00:00
hexchen
0ea8daad24 hainich/gitlab-runner: Move registration token
Move it to /etc instead so that it's persisted across reboots
2021-02-10 22:40:03 +00:00
hexchen
0d362a17fc hainich/monitoring: init prometheus 2021-02-06 16:41:02 +00:00
Schweby mit Hut
323b4edf1c hainich/murmur,mumble: let the websites be fixed. 2021-02-03 23:33:08 +01:00
Matthias Stübinger
1ccc8b2b9c Fix mumble sites 2021-02-03 11:12:23 +01:00
Schweby mit Hut
4813284e82 syncthing 2021-01-27 23:27:59 +01:00
hexchen
43d36bb3d7 remove hexchen from the project
I am no longer comfortable with putting resources into this project and
therefore request to be removed from all infrastructure. I am still
happy to help out with software I set up, but I will no longer actively
maintain any services. As far as possible, I will remove myself from all
access groups or other privileged positions related to this project.

Essentially, I'm stepping down as a maintainer. I still reserve the
right to make changes via the established change processes (Merge
Requests as well as Issues in the meta-repositories), but I will no
longer make direct changes to infrastructure without going through those
review processes.
2021-01-25 11:37:34 +00:00
hexchen
ee2a3ae0b8 hainich/murmur: fix proxy_pass 2021-01-20 18:38:50 +00:00
schweby
351303f060 made loge appropriate size 2021-01-17 23:37:20 +00:00
Schweby mit Hut
c7894cd9d6 updated Logo 2021-01-17 23:31:01 +01:00
waldfunk danni
5006365684 Update lantifa.nix 2021-01-17 22:31:37 +01:00
hexchen
95da394e01 hainich/nat: add docker and container IPs
for some reason, masquerading by interface does not work atm, should fix
itself with a host reboot though.
2021-01-15 23:55:06 +00:00
hexchen
61db3bc33f modules/nftnat: init nftables nat module 2021-01-15 23:55:06 +00:00
hexchen
c0efd41e74 nftables: import module and init config 2021-01-15 22:45:34 +00:00
octycs
57334cd690 lantifa: Attempt to configure short URLs (to fix VisualEditor)
Signed-off-by: hexchen <hexchen@lilwit.ch>
2021-01-15 10:56:13 +00:00
octycs
4964ac6817 Add DynamicPageList + PageForms extension
Signed-off-by: hexchen <hexchen@lilwit.ch>
2021-01-15 10:40:55 +00:00
schweby
c6b3a895fd added wiki added path to logo 2021-01-14 23:26:13 +00:00
hexchen
af89eb2e45 hainich/mail: allow mail for discourse 2021-01-14 00:02:32 +00:00
hexchen
3d4b6e4148 fixup!hainich/mail: discuss@infra4future.de pass 2021-01-13 23:40:14 +00:00
hexchen
dbe5cb55fb hainich/mail: update setup for discourse 2021-01-13 23:20:44 +00:00
hexchen
1ccc94b37f hainich/mail: add noreply@infra4future.de 2021-01-13 21:32:22 +00:00
hexchen
2ccb2d3ded hainich/lantifa: fix visualeditor 2021-01-13 18:48:06 +00:00
octycs
410d9fa13d hainich/lantifa: update mediawiki config
Use correct TemplateData version & add plugins: visualeditor, inputbox

Signed-off-by: hexchen <hexchen@lilwit.ch>
2021-01-13 17:24:43 +00:00
hexchen
548188be4d hainich/lantifa: attempt visualeditor fix 2021-01-13 17:18:16 +00:00
hexchen
ea80c4fe41 hainich/lantifa: update mediawiki to use unstable 2021-01-12 23:21:19 +00:00
Schweby mit Hut
2d8eeb45ab added Wiki DB & Template Data plugins 2021-01-12 23:14:05 +01:00