Commit graph

418 commits

Author SHA1 Message Date
9edb1dd015
feat: Add cache cleanup script
This fixes #77
2022-03-16 20:35:15 +01:00
303ec1e4a9
feat: Add rpz.int.chir.rs zone
fix #68
2022-03-12 22:04:01 +01:00
e5406d318f
fix: Use the main dns server instead of the copy
fix #67
2022-03-12 13:41:22 +01:00
9f73713f4e
Revert "fix: Allow the dns tkey for darkkirb.de"
This reverts commit 60373d3042.
2022-03-12 13:39:19 +01:00
60373d3042
fix: Allow the dns tkey for darkkirb.de
fix #67
2022-03-12 11:25:56 +01:00
eb0042cd81
feat: Expose hydra to the local network
fix #64
2022-03-12 10:45:11 +01:00
097ff2d4b6
feat: Do hydra builds against the cache directly
Also adds automated signing

fix #52
2022-03-08 20:18:16 +01:00
b2bfe70b64
fix: disable the derivation size limit in hydra
fix #51
2022-03-08 19:52:55 +01:00
2e60e56bd3
fix: Increase hydra limits
fix #51
2022-03-08 18:40:01 +01:00
7cd30c7b06
fix: Remove home protections for nginx
fix #46
2022-03-06 21:44:43 +01:00
ea38329dad
fix: Add acme cert for miifox
I thought this was automatic

fix #45
2022-03-06 21:34:23 +01:00
b37c784d10
feat: Move the int.chir.rs zone to nix
fix #43
2022-03-06 18:26:20 +01:00
86336e637f
fix: Allow phpfpm to access dovecot pw
fix #41
2022-03-06 14:43:10 +01:00
53607ccfc2
fix: Pass config file instead of config
fix #38
2022-03-06 12:05:23 +01:00
2bf4e84d27
fix: Missed the first argument to toYAML
fix #37
2022-03-06 11:50:56 +01:00
1729cd7957
fix: Use promtail config instead of deleted file
fix #36
2022-03-06 11:46:06 +01:00
22c5ff7adc
fix: Make loki work with multiple systems
fix #35
2022-03-06 11:44:08 +01:00
1f866df312
Revert "Disable Multiverse for now"
This reverts commit 90adb79e6b.
2022-03-05 17:57:00 +01:00
a1bcc25c83
enable multipart upload? 2022-03-03 19:41:23 +01:00
205f452250
Sign and upload to the new cache 2022-03-03 10:21:01 +01:00
3ea92074e8
make the cache internal-only 2022-03-02 21:36:18 +01:00
d228ef73d3
Add cache storj gateway 2022-03-02 20:56:15 +01:00
b397aa25e9
fix ggateway-st 2022-03-02 18:58:17 +01:00
2344b78ebd
switch to storj 2022-03-02 18:34:15 +01:00
19f2bdf21b
use nixFlakes instead of nixUnstable 2022-03-01 20:58:52 +01:00
90adb79e6b
Disable Multiverse for now
It appears that multiverse is extremely slow on this server
2022-03-01 20:58:42 +01:00
ec331e4713
feat: allow hand-selling
this fixes #19
2022-03-01 20:58:41 +01:00
686eaec80d
feat: add essentialsx signs
This commit fixes #17
2022-03-01 20:58:41 +01:00
0ecfee5edd
disable sell command in creative mode 2022-02-24 10:45:50 +01:00
d19688416f
disable gamemode bypass 2022-02-24 10:38:05 +01:00
f97f515add
Add other multiverse components 2022-02-24 10:17:10 +01:00
aa11729a04
Add multiverse 2022-02-24 10:00:57 +01:00
d07d60ad88
move the extra session commands to the zsh extrainit 2022-02-22 08:03:12 +01:00
960e259f0c
allowlist zap 2022-02-21 12:24:28 +01:00
51de516846
add permissions to the default group 2022-02-21 11:48:24 +01:00
589f999cd5
add worth yaml 2022-02-21 10:25:52 +01:00
193892d5e0
add config for essentialsx 2022-02-21 09:39:17 +01:00
9328ecedb6
Add essentialsx 2022-02-20 21:48:07 +01:00
3b61bf31eb
Add vault 2022-02-20 20:14:42 +01:00
a9485de722
groups -> parents 2022-02-20 18:59:24 +01:00
3426f6d102
add per-user permissions 2022-02-20 18:52:34 +01:00
e073319c16
listen on ipv4 only. death 2022-02-20 18:37:06 +01:00
7fe4bd4e52
Add declarative group configuration 2022-02-20 18:19:39 +01:00
a0f64e1be1
disable ops 2022-02-20 17:29:44 +01:00
a212b63548
Add luckperms 2022-02-20 16:30:12 +01:00
8cb413a221
optimize paper config 2022-02-20 12:25:45 +01:00
e8ebc51228
fix the destination of copy-to-cache 2022-02-19 21:22:36 +01:00
6a906d0fb9
Add whitelist entries 2022-02-19 15:37:50 +01:00
40d0903093
Add minecraft 2022-02-19 15:34:43 +01:00
206e911be3
force push to staging 2022-02-18 20:42:38 +01:00
ab42a116e0
this was the wrong filename 2022-02-18 20:39:18 +01:00
6b3db48a70
only run copy-to-cache on the hydra machine 2022-02-18 20:36:49 +01:00
e558743e12
fix the nix update more 2022-02-18 20:25:57 +01:00
c1615b09c5
add git to nix’s path 2022-02-18 20:17:23 +01:00
749c0da8eb
add missing backslashes 2022-02-18 20:15:22 +01:00
cd31b2a153
fix token name and actually add the secret 2022-02-18 20:13:36 +01:00
b34479b748
fix spelling of wantedby 2022-02-18 20:07:25 +01:00
91694fb6e3
Try to automatically update nixpkgs and deploy changes 2022-02-18 20:02:45 +01:00
52d6aa66d0
add the sops secret 2022-02-18 17:04:53 +01:00
2786ac8c6e
add gitea_authorization to hydra 2022-02-18 16:58:36 +01:00
de97b88b88
add minio access 2022-02-18 16:28:32 +01:00
989a6a4808
Allow github and git.chir.rs as sources 2022-02-18 16:26:27 +01:00
332157f210
Use hydra substites 2022-02-18 15:56:22 +01:00
530b903d52
Add hydra to my pc 2022-02-18 15:49:37 +01:00
7843d6b729
Remove need for nixpkgs fork 2022-02-18 14:17:35 +01:00
39deacbb28
remove the QUIC-Status header 2022-02-09 15:45:13 +01:00
d06baee6f1
Advertise quic 2022-02-09 15:38:35 +01:00
b9f6a8a11b
Manually add http3 config 2022-02-09 15:35:39 +01:00
388afba8de
deploy http3 2022-02-09 15:24:07 +01:00
ffee2ace01
permit transfer for old server 2022-02-09 14:21:33 +01:00
ab53a009d8
remove the sieve script ?? 2022-02-09 13:19:49 +01:00
17396de9d0
please just deliver mail jfc 2022-02-09 11:23:39 +01:00
4e826c8143
only allow mail user 2022-02-09 11:22:21 +01:00
feff4b5e79
add pigeonhole 2022-02-09 11:20:46 +01:00
46215e0a69
hopefully get sieve working??? 2022-02-09 11:03:51 +01:00
800fa211d0
hopefully get sieve working? 2022-02-09 11:01:10 +01:00
a27b3adcdb
add missing semicolon 2022-02-09 09:54:55 +01:00
62c4f1ac0a
make named-keys owned by named 2022-02-09 09:51:04 +01:00
dcfd955e57
move chir.rs zone to the server 2022-02-09 09:47:35 +01:00
92345030cc
add ksk and zsk, fix the file names, etc 2022-02-09 09:27:19 +01:00
2f1e842fe4
Add authorative zones hopefully 2022-02-08 22:01:33 +01:00
f396a1e101
Disable gitea dump
This fixes #1
2022-02-08 09:48:06 +01:00
1003e33c38
Add swayidle 2022-02-02 20:12:21 +01:00
9381c2ef59
fix secrets path 2022-01-30 14:09:25 +01:00
afeb3fc9b5
Make gitea secret owned by gitea 2022-01-30 13:59:46 +01:00
16bed46a9a
Purify the config 2022-01-30 13:50:23 +01:00
83eee6a35a
Add more power savings settings for thonkpad 2022-01-29 18:29:54 +01:00
6603fc2bb9
add thinkpad to the thinkpad secret file 2022-01-29 17:24:31 +01:00
4bffcb8db9
Try to add loki for multiple hosts 2022-01-28 13:47:50 +01:00
9bd1aa4202
Fix the minio service more 2022-01-26 13:49:57 +01:00
36a13c3e66
add custom minio systemd service 2022-01-26 12:22:14 +01:00
ce09e1fb9a
add disk caching to minio 2022-01-26 12:17:33 +01:00
86f66bc489
make minio an s3 gateway 2022-01-26 12:15:46 +01:00
0cb8743b44
Open tcp ports 2022-01-23 13:57:02 +01:00
f41a3f1d15
add dove auth listener 2022-01-23 12:09:30 +01:00
57f5753dbf
change sasl path to auth-login 2022-01-23 12:05:46 +01:00
a45c7cfacf
dovecot -> dovecot2 2022-01-23 12:00:17 +01:00
88acd0a3a2
open up postfix to VPN 2022-01-23 11:57:18 +01:00
2ef4602776
remove domains from mydestination 2022-01-23 11:49:57 +01:00
1924c5a34e
fix smtpd_milters argument 2022-01-23 11:47:50 +01:00
d6a3c25014
fix map paths 2022-01-23 11:31:54 +01:00
23e8e05e63
Move postfix database configs to the secrets due to added password 2022-01-23 11:30:08 +01:00
fa8e0b531f
Add postfix user to postgres 2022-01-23 10:55:17 +01:00
b11bca0863
increase the nginx max body size to ludicrous amounts 2022-01-22 21:35:34 +01:00
12ee778be9
GTK does not read your ~/.XCompose file what the fuck 2022-01-22 18:27:52 +01:00
d3a1b3f488
add postfix 2022-01-22 18:26:11 +01:00
366c05ab10
unblock IMAP and POP3 ports 2022-01-22 16:03:19 +01:00
05f0157b5c
uppercase the scheme 2022-01-22 15:37:01 +01:00
14baefae77
Make doveadm pw the password hasher 2022-01-22 15:29:32 +01:00
dfbb133d44
move dovecot-sql.conf.ext to secrets 2022-01-22 15:17:32 +01:00
e6e759b5d1
remove hostname from the connection string 2022-01-22 15:06:21 +01:00
8880703c06
the problem was that i put quotes and a semicolon on the driver line 2022-01-22 15:01:02 +01:00
3ae72c4f9e
change the package override method 2022-01-22 14:40:16 +01:00
1ae3964995
add auth debug 2022-01-22 14:35:00 +01:00
c13562e6ef
increase nginx body size to 1GB 2022-01-22 14:10:41 +01:00
b3af428146
capitalize User and Group as well 2022-01-21 18:13:45 +01:00
dae92f33c5
capitalize the timer config values 2022-01-21 18:12:43 +01:00
8b32673bfe
automatically upload the nix store to the cache 2022-01-21 18:06:18 +01:00
a93393cd9c
exclude caches from the backup 2022-01-21 18:03:35 +01:00
f65ff8b898
hopefully add postgres support to dovecot 2022-01-21 17:40:27 +01:00
032a16b3fa
lmtp_sieve -> sieve 2022-01-20 17:33:44 +01:00
98efc196c0
it's called writeText 2022-01-20 17:28:12 +01:00
473562e11b
add SQL authentication in dovecot 2022-01-20 17:27:20 +01:00
21abe98114
change mail owner to dovecot:dovecot 2022-01-20 17:14:13 +01:00
c224084d9c
remove broken permission 2022-01-20 17:12:22 +01:00
470fb7a36d
make sops secret owned by dovecot:dovecot 2022-01-20 17:07:01 +01:00
9057891c84
override dovecot group 2022-01-20 17:06:10 +01:00
bf7e9fd3e6
listenIPs -> listenIP 2022-01-20 17:04:27 +01:00
c03f16ab65
add config arg to dovecot.nix 2022-01-20 17:04:08 +01:00
b0b770c4d0
Add dovecot 2022-01-20 17:02:42 +01:00
aeeaf6efa0
fix sops secret owners 2022-01-20 10:24:06 +01:00
b5dc37d0a6
fix group name 2022-01-20 10:18:07 +01:00
dd5df2417b
add postfixadmin 2022-01-20 10:12:04 +01:00
869b3c9c0b
add postfixadmin 2022-01-20 09:57:32 +01:00
3e770a0bf7
add wl-clipboard back 2022-01-20 08:05:42 +01:00
370232723f
Signifficantly increase scraping speed 2022-01-19 20:37:30 +01:00
9338783490
scrape node_exporter for desktop 2022-01-19 18:52:59 +01:00
296434cb93
reformat code 2022-01-19 09:28:39 +01:00
5d24ee0a33
service->services 2022-01-18 20:58:26 +01:00
64b34cea17
add pipewire 2022-01-18 20:57:00 +01:00
90741d1d61
switch to wofi 2022-01-18 14:30:03 +00:00
d90fcbd197
use alacritty as default shell 2022-01-18 14:21:38 +00:00
a50f74c082
change x keyboard layout 2022-01-18 13:31:40 +01:00
616fb718ec
change sway 2022-01-18 12:14:54 +01:00
f4a71cf513
Move sops secrets in the appropriate module 2022-01-18 11:36:50 +01:00
186a2e4202
Add homepage database for chir.rs 2022-01-18 08:41:47 +01:00
268389e00d
add api.chir.rs vhost 2022-01-17 21:07:20 +01:00
cb40347dea
pkgs.chir-rs not just chir-rs 2022-01-17 20:54:58 +01:00
d9d0810c96
Add chir.rs for real 2022-01-17 20:53:47 +01:00
04baf4b6d4
Initial attempt at adding the chir.rs flake 2022-01-17 20:24:59 +01:00
c5b3fd596d
EnvFile -> EnvironmentFile 2022-01-17 17:09:51 +01:00
12f088ecc2
system.services -> systemd.services 2022-01-17 17:01:38 +01:00
066c79e1e3
correct path 2022-01-17 17:00:34 +01:00
dba69c50ad
Add old-homepage 2022-01-17 16:59:51 +01:00
85003ce415
access minio directly instead of via reverse proxy 2022-01-17 16:04:15 +01:00
487981d4bd
it's addSSL 2022-01-17 15:55:54 +01:00
74b667331e
Add static.darkkirb.de 2022-01-17 15:54:37 +01:00
ad28a6bd6e
remove duplicate minio_exporter 2022-01-17 15:26:51 +01:00
c8eb59176a
Fix the minio node exporter 2022-01-17 15:26:01 +01:00
afe4cd6244
Revert "remove minio credentials file"
This reverts commit ac89c780da.
2022-01-17 15:22:22 +01:00
8a7cbe8161
fix scrape port 2022-01-17 14:34:22 +01:00
3c8a1ba923
Scrape gitea metrics 2022-01-17 14:32:52 +01:00
f69b8f0825
Move sessions and queues to redis, add metrics 2022-01-17 14:31:32 +01:00
ac89c780da
remove minio credentials file 2022-01-17 14:21:05 +01:00
19f19cea92
Remove obsolete EnvFile line 2022-01-17 13:53:07 +01:00
2b0a31e4bf
add tostring 2022-01-17 13:51:14 +01:00
33562009b1
host -> bind 2022-01-17 13:50:51 +01:00
c9dc7cb477
correct config option name 2022-01-17 13:50:25 +01:00
e4f1a1a40b
use config.services instead of services 2022-01-17 13:49:22 +01:00
7148fd2df4
Add redis cache to gitea 2022-01-17 13:48:48 +01:00
8657848bf1
Move gitea secret to sops 2022-01-17 12:00:18 +01:00
acdd39361d
Add a settings.default storage 2022-01-17 11:37:34 +01:00
366e5b0bba
Make gitea use postgres 2022-01-17 11:36:05 +01:00
6f032bae9e
Add impure secrets 2022-01-17 11:27:07 +01:00
e94fe95e23
Fix gitea endpoint 2022-01-17 11:05:02 +01:00
0dcc87cccc
Add gitea vhost 2022-01-17 10:53:15 +01:00
0b3456c988
Add gitea 2022-01-17 10:50:02 +01:00
d37baee9a9
Add tier support to minio 2022-01-17 09:48:05 +01:00
3bf4222598
Make minio console a separate subdomain 2022-01-17 08:35:35 +01:00
8e67606ae8
Add minio to nginx 2022-01-17 08:02:56 +01:00
1fc5627543
Allow minio access from wg0 2022-01-16 21:42:58 +01:00
7c9687bb72
Move prometheus to port 9002 2022-01-16 21:14:47 +01:00
32339aa392
Add minio 2022-01-16 17:44:30 +01:00
1faa336925
Add postgresql backup 2022-01-15 21:58:11 +01:00
77496ef36f
run postgres_exporter as postgres 2022-01-15 21:53:08 +01:00
23d255bd39
Add postgres_exporter 2022-01-15 21:50:42 +01:00
a04474f478
fix auth method name 2022-01-15 21:46:08 +01:00
b13781009b
postgres->postgresql 2022-01-15 21:44:35 +01:00
6f4d9867aa
Add postgres 2022-01-15 21:41:55 +01:00
52450b7437
Add miifox user with quotas 2022-01-15 21:12:12 +01:00
2e02b7ea56
Use a domain name instead of ip address 2022-01-15 18:17:31 +01:00
5f66bae47b
Correct repository URL 2022-01-15 18:13:50 +01:00
1caab69e9b
Add restic backups 2022-01-15 18:08:47 +01:00
71881a6903
Use a local caching rdns 2022-01-15 15:03:51 +01:00
97265da7c0
Another missing semicolon also wrong allow statement 2022-01-15 14:48:28 +01:00
53c2de53d1
Add missing semicolon 2022-01-15 14:46:28 +01:00
a1a4ba1db2
add bind_exporter 2022-01-15 14:44:34 +01:00
fbcf829d8c
Add fail2ban 2022-01-15 12:57:44 +01:00
501757dd10
promtail -> promtrail 2022-01-15 12:09:28 +01:00
fccf67cc8e
add loki and promtrail 2022-01-15 12:08:46 +01:00
3142447046
Add prometheus node_exporter scraper 2022-01-15 10:57:49 +01:00
8432ca4551
Add prometheus node exporter 2022-01-15 10:55:15 +01:00
34895dd22b
Add prometheus 2022-01-14 21:58:51 +01:00
777a71bfad
same shit 2022-01-14 21:55:47 +01:00
a1b7c7aa10
Disable http3 for now 2022-01-14 21:54:49 +01:00
2bd71cf986
Add nginx to the acme group so it can access the certs 2022-01-14 21:52:54 +01:00
1cf456b606
Actually do what the last commit was supposed to do 2022-01-14 21:24:20 +01:00
935a03a56a
Surround the IPv6 addresses in square brackets 2022-01-14 21:22:37 +01:00
c47551467c
Correct argument order of builtins.elemAt 2022-01-14 21:20:48 +01:00
5e8139dab8
Don't override the http config 2022-01-14 21:18:45 +01:00
9a8441f74e
Add ssl certificate 2022-01-14 21:12:11 +01:00
9c5c819490
Add Grafana 2022-01-14 21:05:57 +01:00
69d875f2fb
Make named a service 2022-01-14 20:56:02 +01:00
c668d6fbd3
Unblock TCP ports 2022-01-14 20:51:43 +01:00
f4c07fb59c
Add nginx to servers 2022-01-14 20:47:44 +01:00
601e3c55c1
add a default block in the acme config 2022-01-14 18:03:14 +01:00
459c5f3dbc
It was called extraDomainNames 2022-01-14 17:45:35 +01:00
99b8c155d9
Add acme certificates 2022-01-14 17:44:25 +01:00