fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
186 commits 3 branches 0 tags 1.1 MiB
Commit graph

186 commits

This branch
This branch
All branches
Author SHA1 Message Date
yuri 8604ef73bd flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0e1cff585c1a85aeab059d3109f66134a8f76935' (2023-10-15)
  → 'github:NixOS/nixpkgs/21443a102b1a2f037d02e1d22e3e0ffdda2dbff9' (2023-10-21)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/982b24c40e743793c966b47b3bb3699881489ae0' (2023-10-15)
  → 'github:NixOS/nixpkgs/8dfad603247387df1df4826b8bea58efc5d012d8' (2023-10-22)
 2023-11-09 23:10:53 +01:00
yuri bcb8034311 Bump element-web to v1.11.47 2023-11-09 23:10:53 +01:00
yuri 6be060d42c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/22723a1d7deab53e5c1022906089e4247a5d3e77' (2023-10-09)
  → 'github:NixOS/nixpkgs/0e1cff585c1a85aeab059d3109f66134a8f76935' (2023-10-15)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/38aa96fc39c9719994f08100f791c27d31ee7892' (2023-10-09)
  → 'github:NixOS/nixpkgs/982b24c40e743793c966b47b3bb3699881489ae0' (2023-10-15)
 2023-11-09 23:10:53 +01:00
yuri 2a77ae39bc Add searx host 2023-11-09 23:10:53 +01:00
yuri d18a4ee24b Use OpenSSH config from CCCHH nix-infra repo 2023-11-09 23:10:53 +01:00
yuri 87170d4e9e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8be69c1764f58e07099e4a24b926f49bbada8c7f' (2023-10-09)
  → 'github:NixOS/nixpkgs/22723a1d7deab53e5c1022906089e4247a5d3e77' (2023-10-09)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/5a9c737c587d2c34d63c5b3cb53c6ab0705bdf4f' (2023-10-09)
  → 'github:NixOS/nixpkgs/38aa96fc39c9719994f08100f791c27d31ee7892' (2023-10-09)
 2023-11-09 23:10:53 +01:00
yuri 27a6513e84 Use stable channel and use helper function for acme challenge proxy 2023-11-09 23:10:53 +01:00
yuri 9c0398a3c1 Update element-web and clean up configuration 2023-11-09 23:10:53 +01:00
yuri e2ed2de11e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/de9b8eb55b195f318eb839351b83b3560a990169' (2023-10-07)
  → 'github:NixOS/nixpkgs/8be69c1764f58e07099e4a24b926f49bbada8c7f' (2023-10-09)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/b7a3aaae3859cd1ffd4c4fd850bf45d0304f9033' (2023-10-07)
  → 'github:NixOS/nixpkgs/5a9c737c587d2c34d63c5b3cb53c6ab0705bdf4f' (2023-10-09)
 2023-11-09 23:10:53 +01:00
yuri a8ecf3d683 Remove nextcloud.grzb.de mapping 2023-11-09 23:10:53 +01:00
yuri 6b447c40aa Migrate Mastodon to NixOS 2023-11-09 23:10:53 +01:00
yuri db63ad370d flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e49c28b3baa3a93bdadb8966dd128f9985ea0a09' (2023-10-04)
  → 'github:NixOS/nixpkgs/de9b8eb55b195f318eb839351b83b3560a990169' (2023-10-07)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/349bdd9653c42f1793d338b43aefe08883c5ebee' (2023-10-04)
  → 'github:NixOS/nixpkgs/b7a3aaae3859cd1ffd4c4fd850bf45d0304f9033' (2023-10-07)
 2023-11-09 23:10:53 +01:00
yuri c20c0e5a85 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/8ee78470029e641cddbd8721496da1316b47d3b4' (2023-09-04)
  → 'github:nix-community/nixos-generators/150f38bd1e09e20987feacb1b0d5991357532fb5' (2023-09-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ce210c81d3677233bedc9b70c70ab6d3e7f828f8' (2023-09-29)
  → 'github:NixOS/nixpkgs/e49c28b3baa3a93bdadb8966dd128f9985ea0a09' (2023-10-04)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/cdd726e1deb44c031ee8975528d6b283ed8cf021' (2023-09-29)
  → 'github:NixOS/nixpkgs/349bdd9653c42f1793d338b43aefe08883c5ebee' (2023-10-04)
 2023-11-09 23:10:53 +01:00
yuri 67c5a733ab Increase worker_connections and set worker_processes to auto 2023-11-09 23:10:53 +01:00
yuri f0368c9a61 Set locations priority for matrix reverse proxy 2023-11-09 23:10:53 +01:00
yuri 8bb1c5853b Enable sliding-sync for matrix-synapse 2023-11-09 23:10:53 +01:00
yuri 9ac8327798 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/8ee78470029e641cddbd8721496da1316b47d3b4' (2023-09-04)
  → 'github:nix-community/nixos-generators/150f38bd1e09e20987feacb1b0d5991357532fb5' (2023-09-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/53d337b63c8f9d7e0f8709cae0008a9655bee33e' (2023-09-19)
  → 'github:NixOS/nixpkgs/ef8e9997fcb37d5c8372dc1349185bd0d31752a6' (2023-10-05)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/089313d7c7c864b21648d78fb8700062dafab1f2' (2023-09-18)
  → 'github:NixOS/nixpkgs/e462c9172c685f0839baaa54bb5b49276a23dab7' (2023-10-06)
 2023-11-09 23:10:53 +01:00
yuri 05883ca9a6 Also listen on "::1" 2023-11-09 23:10:53 +01:00
yuri 5813640e73 Enable dehydrated device feature for element-web client 2023-11-09 23:10:53 +01:00
yuri ffa09f900b Change Content-Security-Policy "frame-ancestors" from "none" to "self" 
Fixes downloads in element-web
 2023-11-09 23:10:53 +01:00
yuri 131fc871b7 Set real IP from local proxy 2023-11-09 23:10:52 +01:00
yuri ce5e907ed8 Setup paperless host and reverse proxy for acme http challange 2023-11-09 23:10:52 +01:00
yuri 4c918ad074 Set resolv.conf file manually for uptime-kuma container due to a bug 2023-11-09 23:10:52 +01:00
yuri eba7c018ed Use only snake case for element-web config since camel case is deprecated 2023-11-09 23:10:52 +01:00
yuri 21c0b67ac2 Configure TLS settings on mail relay 2023-11-09 23:10:52 +01:00
yuri eb84404a10 Enable TLS on mail relay 2023-11-09 23:10:52 +01:00
yuri cae1284094 Forward port 80 to mail servers for the http acme challange 2023-11-09 23:10:52 +01:00
yuri 6c6cfb6da8 Use snat rule instead if masquerade for wireguard nat 2023-11-09 23:10:52 +01:00
yuri 74d5abdfe2 Use a less generic nftables table name 2023-11-09 23:10:52 +01:00
yuri cd938d5020 Use another subnet for WireGuard tunnel as is conflicts with the openstack internal subnet 2023-11-09 23:10:52 +01:00
yuri f9971c842e Add tcpdump to default packages 2023-11-09 23:10:52 +01:00
yuri 3723b4edf2 Fix WireGuard nat rules 2023-11-09 23:10:52 +01:00
yuri e0d1e17bbb Change mail-1 wireguard port as it is already used for STS setup 2023-11-09 23:10:52 +01:00
yuri b359ec8644 Use host resolv.conf in container 2023-11-09 23:10:52 +01:00
yuri d1f2b13232 Add missing wireguard-tools dependency 2023-11-09 23:10:52 +01:00
yuri 03719f5bf8 Pass libnftables.so.1 path into python script 2023-11-09 23:10:52 +01:00
yuri ea11e41005 Add wireguard-nat-nftables python script 2023-11-09 23:10:52 +01:00
yuri 34b8dcef9c Add valkyrie host 2023-11-09 23:10:52 +01:00
yuri f3385b48a2 Enable firewall 2023-11-09 23:10:52 +01:00
yuri 4a802ab44d Setup mail server and restructure some things 2023-11-09 23:10:52 +01:00
yuri fa3db3bad6 Update flake.lock 2023-11-09 23:10:52 +01:00
yuri 1c268bbea6 Just do the nginx proxy_protocol listen in extraConfig and use stable packages 2023-11-09 23:10:52 +01:00
yuri 7283b50b39 Bump element-web to v1.11.40 2023-11-09 23:10:52 +01:00
yuri 685daabdd2 Bump flake.lock 2023-11-09 23:10:52 +01:00
yuri 4d7c667c45 Add matrix-synapse host 2023-11-09 23:10:52 +01:00
yuri b50f8c615c Only run pipeline when specific RUN_JOB variable value is set 2023-11-09 23:10:52 +01:00
yuri fd9952e9f2 Bump flake.lock 2023-11-09 23:10:52 +01:00
yuri 909a2ac6c1 Rename nixos-coturn to coturn and finish config 2023-11-09 23:10:52 +01:00
yuri fc2c69dbb7 Add metrics host with Grafana and Prometheus 2023-11-09 23:10:52 +01:00
yuri acdff7a0cc WIP grafana 2023-11-09 23:10:52 +01:00