fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
177 commits 1 branch 0 tags 304 KiB
Commit graph

177 commits

This branch
This branch
All branches
Author SHA1 Message Date
yuri a8ecf3d683 Remove nextcloud.grzb.de mapping 2023-11-09 23:10:53 +01:00
yuri 6b447c40aa Migrate Mastodon to NixOS 2023-11-09 23:10:53 +01:00
yuri db63ad370d flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e49c28b3baa3a93bdadb8966dd128f9985ea0a09' (2023-10-04)
  → 'github:NixOS/nixpkgs/de9b8eb55b195f318eb839351b83b3560a990169' (2023-10-07)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/349bdd9653c42f1793d338b43aefe08883c5ebee' (2023-10-04)
  → 'github:NixOS/nixpkgs/b7a3aaae3859cd1ffd4c4fd850bf45d0304f9033' (2023-10-07)
 2023-11-09 23:10:53 +01:00
yuri c20c0e5a85 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/8ee78470029e641cddbd8721496da1316b47d3b4' (2023-09-04)
  → 'github:nix-community/nixos-generators/150f38bd1e09e20987feacb1b0d5991357532fb5' (2023-09-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ce210c81d3677233bedc9b70c70ab6d3e7f828f8' (2023-09-29)
  → 'github:NixOS/nixpkgs/e49c28b3baa3a93bdadb8966dd128f9985ea0a09' (2023-10-04)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/cdd726e1deb44c031ee8975528d6b283ed8cf021' (2023-09-29)
  → 'github:NixOS/nixpkgs/349bdd9653c42f1793d338b43aefe08883c5ebee' (2023-10-04)
 2023-11-09 23:10:53 +01:00
yuri 67c5a733ab Increase worker_connections and set worker_processes to auto 2023-11-09 23:10:53 +01:00
yuri f0368c9a61 Set locations priority for matrix reverse proxy 2023-11-09 23:10:53 +01:00
yuri 8bb1c5853b Enable sliding-sync for matrix-synapse 2023-11-09 23:10:53 +01:00
yuri 9ac8327798 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/8ee78470029e641cddbd8721496da1316b47d3b4' (2023-09-04)
  → 'github:nix-community/nixos-generators/150f38bd1e09e20987feacb1b0d5991357532fb5' (2023-09-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/53d337b63c8f9d7e0f8709cae0008a9655bee33e' (2023-09-19)
  → 'github:NixOS/nixpkgs/ef8e9997fcb37d5c8372dc1349185bd0d31752a6' (2023-10-05)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/089313d7c7c864b21648d78fb8700062dafab1f2' (2023-09-18)
  → 'github:NixOS/nixpkgs/e462c9172c685f0839baaa54bb5b49276a23dab7' (2023-10-06)
 2023-11-09 23:10:53 +01:00
yuri 05883ca9a6 Also listen on "::1" 2023-11-09 23:10:53 +01:00
yuri 5813640e73 Enable dehydrated device feature for element-web client 2023-11-09 23:10:53 +01:00
yuri ffa09f900b Change Content-Security-Policy "frame-ancestors" from "none" to "self" 
Fixes downloads in element-web
 2023-11-09 23:10:53 +01:00
yuri 131fc871b7 Set real IP from local proxy 2023-11-09 23:10:52 +01:00
yuri ce5e907ed8 Setup paperless host and reverse proxy for acme http challange 2023-11-09 23:10:52 +01:00
yuri 4c918ad074 Set resolv.conf file manually for uptime-kuma container due to a bug 2023-11-09 23:10:52 +01:00
yuri eba7c018ed Use only snake case for element-web config since camel case is deprecated 2023-11-09 23:10:52 +01:00
yuri 21c0b67ac2 Configure TLS settings on mail relay 2023-11-09 23:10:52 +01:00
yuri eb84404a10 Enable TLS on mail relay 2023-11-09 23:10:52 +01:00
yuri cae1284094 Forward port 80 to mail servers for the http acme challange 2023-11-09 23:10:52 +01:00
yuri 6c6cfb6da8 Use snat rule instead if masquerade for wireguard nat 2023-11-09 23:10:52 +01:00
yuri 74d5abdfe2 Use a less generic nftables table name 2023-11-09 23:10:52 +01:00
yuri cd938d5020 Use another subnet for WireGuard tunnel as is conflicts with the openstack internal subnet 2023-11-09 23:10:52 +01:00
yuri f9971c842e Add tcpdump to default packages 2023-11-09 23:10:52 +01:00
yuri 3723b4edf2 Fix WireGuard nat rules 2023-11-09 23:10:52 +01:00
yuri e0d1e17bbb Change mail-1 wireguard port as it is already used for STS setup 2023-11-09 23:10:52 +01:00
yuri b359ec8644 Use host resolv.conf in container 2023-11-09 23:10:52 +01:00
yuri d1f2b13232 Add missing wireguard-tools dependency 2023-11-09 23:10:52 +01:00
yuri 03719f5bf8 Pass libnftables.so.1 path into python script 2023-11-09 23:10:52 +01:00
yuri ea11e41005 Add wireguard-nat-nftables python script 2023-11-09 23:10:52 +01:00
yuri 34b8dcef9c Add valkyrie host 2023-11-09 23:10:52 +01:00
yuri f3385b48a2 Enable firewall 2023-11-09 23:10:52 +01:00
yuri 4a802ab44d Setup mail server and restructure some things 2023-11-09 23:10:52 +01:00
yuri fa3db3bad6 Update flake.lock 2023-11-09 23:10:52 +01:00
yuri 1c268bbea6 Just do the nginx proxy_protocol listen in extraConfig and use stable packages 2023-11-09 23:10:52 +01:00
yuri 7283b50b39 Bump element-web to v1.11.40 2023-11-09 23:10:52 +01:00
yuri 685daabdd2 Bump flake.lock 2023-11-09 23:10:52 +01:00
yuri 4d7c667c45 Add matrix-synapse host 2023-11-09 23:10:52 +01:00
yuri b50f8c615c Only run pipeline when specific RUN_JOB variable value is set 2023-11-09 23:10:52 +01:00
yuri fd9952e9f2 Bump flake.lock 2023-11-09 23:10:52 +01:00
yuri 909a2ac6c1 Rename nixos-coturn to coturn and finish config 2023-11-09 23:10:52 +01:00
yuri fc2c69dbb7 Add metrics host with Grafana and Prometheus 2023-11-09 23:10:52 +01:00
yuri acdff7a0cc WIP grafana 2023-11-09 23:10:52 +01:00
yuri b1015f627a Increase opcache.interned_strings_buffer PHP option 2023-11-09 23:10:52 +01:00
yuri dc7c5225ad Enable proxyprotocol for nitter host 2023-11-09 23:10:52 +01:00
yuri d314976135 Add netbox host 2023-11-09 23:10:52 +01:00
yuri 8968d11075 Fix hostname 2023-11-09 23:10:52 +01:00
yuri fec32d5549 Restrict allowedTCPPorts to port 8443 2023-11-09 23:10:52 +01:00
yuri 86a2bf0395 Add SMTP configuration to nextcloud and use an additional disk for the data 2023-11-09 23:10:52 +01:00
yuri a57c5183d8 Set boot.growPartition = true 2023-11-09 23:10:52 +01:00
yuri 09abf3bee9 Improve Proxmox backup image generation 2023-11-09 23:10:52 +01:00
yuri 5c0f7dd6b8 Add nextcloud host 2023-11-09 23:10:52 +01:00