fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
61 commits 3 branches 0 tags 1.1 MiB
Commit graph

61 commits

This branch
This branch
All branches
Author SHA1 Message Date
yuri eb84404a10 Enable TLS on mail relay 2023-11-09 23:10:52 +01:00
yuri cae1284094 Forward port 80 to mail servers for the http acme challange 2023-11-09 23:10:52 +01:00
yuri 6c6cfb6da8 Use snat rule instead if masquerade for wireguard nat 2023-11-09 23:10:52 +01:00
yuri 74d5abdfe2 Use a less generic nftables table name 2023-11-09 23:10:52 +01:00
yuri cd938d5020 Use another subnet for WireGuard tunnel as is conflicts with the openstack internal subnet 2023-11-09 23:10:52 +01:00
yuri f9971c842e Add tcpdump to default packages 2023-11-09 23:10:52 +01:00
yuri 3723b4edf2 Fix WireGuard nat rules 2023-11-09 23:10:52 +01:00
yuri e0d1e17bbb Change mail-1 wireguard port as it is already used for STS setup 2023-11-09 23:10:52 +01:00
yuri b359ec8644 Use host resolv.conf in container 2023-11-09 23:10:52 +01:00
yuri d1f2b13232 Add missing wireguard-tools dependency 2023-11-09 23:10:52 +01:00
yuri 03719f5bf8 Pass libnftables.so.1 path into python script 2023-11-09 23:10:52 +01:00
yuri ea11e41005 Add wireguard-nat-nftables python script 2023-11-09 23:10:52 +01:00
yuri 34b8dcef9c Add valkyrie host 2023-11-09 23:10:52 +01:00
yuri f3385b48a2 Enable firewall 2023-11-09 23:10:52 +01:00
yuri 4a802ab44d Setup mail server and restructure some things 2023-11-09 23:10:52 +01:00
yuri fa3db3bad6 Update flake.lock 2023-11-09 23:10:52 +01:00
yuri 1c268bbea6 Just do the nginx proxy_protocol listen in extraConfig and use stable packages 2023-11-09 23:10:52 +01:00
yuri 7283b50b39 Bump element-web to v1.11.40 2023-11-09 23:10:52 +01:00
yuri 685daabdd2 Bump flake.lock 2023-11-09 23:10:52 +01:00
yuri 4d7c667c45 Add matrix-synapse host 2023-11-09 23:10:52 +01:00
yuri b50f8c615c Only run pipeline when specific RUN_JOB variable value is set 2023-11-09 23:10:52 +01:00
yuri fd9952e9f2 Bump flake.lock 2023-11-09 23:10:52 +01:00
yuri 909a2ac6c1 Rename nixos-coturn to coturn and finish config 2023-11-09 23:10:52 +01:00
yuri fc2c69dbb7 Add metrics host with Grafana and Prometheus 2023-11-09 23:10:52 +01:00
yuri acdff7a0cc WIP grafana 2023-11-09 23:10:52 +01:00
yuri b1015f627a Increase opcache.interned_strings_buffer PHP option 2023-11-09 23:10:52 +01:00
yuri dc7c5225ad Enable proxyprotocol for nitter host 2023-11-09 23:10:52 +01:00
yuri d314976135 Add netbox host 2023-11-09 23:10:52 +01:00
yuri 8968d11075 Fix hostname 2023-11-09 23:10:52 +01:00
yuri fec32d5549 Restrict allowedTCPPorts to port 8443 2023-11-09 23:10:52 +01:00
yuri 86a2bf0395 Add SMTP configuration to nextcloud and use an additional disk for the data 2023-11-09 23:10:52 +01:00
yuri a57c5183d8 Set boot.growPartition = true 2023-11-09 23:10:52 +01:00
yuri 09abf3bee9 Improve Proxmox backup image generation 2023-11-09 23:10:52 +01:00
yuri 5c0f7dd6b8 Add nextcloud host 2023-11-09 23:10:52 +01:00
yuri 5691e65bf3 Remove secret.nix from jellyfin imports 2023-11-09 23:10:52 +01:00
yuri 39bc88eb0f Enable firewall and migrate Jellyfin to NixOS 2023-11-09 23:10:52 +01:00
yuri def599be28 Add jellyfin host 2023-11-09 23:10:52 +01:00
yuri e122ca0006 Enable console on serial port and print public ssh host key when booting 2023-11-09 23:10:52 +01:00
yuri 4b18856559 Use hacky workaround for enableACME check with a proxyProtocol listener 2023-11-09 23:10:52 +01:00
yuri e60e96c88b Set binary cache hint 2023-11-09 23:10:52 +01:00
yuri ea78e90875 Bump flake.lock 2023-11-09 23:10:51 +01:00
yuri a1e39754f9 Generate colmena and hydraJobs outputs from the same hosts attribute set 2023-11-09 23:10:51 +01:00
yuri 29fe1fbeca Test host specific nixpkgs 2023-11-09 23:10:51 +01:00
yuri 361f5ef709 Generate hosts for hydra 2023-11-09 23:10:51 +01:00
yuri 2673483143 Add iperf host 2023-11-09 23:10:51 +01:00
yuri fc50e78610 Add output for nixos-generators 2023-11-09 23:10:51 +01:00
yuri bff3ca1445 Serve element-web directly from web-public-2 2023-11-09 23:10:51 +01:00
yuri bd159f7535 Enable localhost as buld machine for hydra 2023-11-09 23:10:51 +01:00
yuri 2f7620458b Add janky nginx config with workaround for proxy protocol 2023-11-09 23:10:51 +01:00
yuri 85f427edf0 Add config for public reverse proxy 2023-11-09 23:10:51 +01:00