Commit Graph

259 Commits

Author SHA1 Message Date
Adrian Gunnar Lauterer 7fd9a1e646
started on bikkje container for new loginbox - work in progress
Eval nix flake / evals (push) Failing after 1m47s Details
2024-01-07 01:21:11 +01:00
Daniel Lovbrotte Olsen 4ea90380ad bicep/matrix: use synapse package from stable
Eval nix flake / evals (push) Failing after 1m52s Details
It's fixed now
2023-12-16 00:22:02 +01:00
Felix Albrigtsen 80ef1ce4fa Buskerud: Remove OV-link, general cleanup
Eval nix flake / evals (push) Failing after 1m43s Details
Eval nix flake / evals (pull_request) Failing after 1m42s Details
2023-12-12 15:27:20 +01:00
Felix Albrigtsen 2b834eee14 Buskerud: Comment out openvpn-client
Eval nix flake / evals (pull_request) Failing after 1m42s Details
Eval nix flake / evals (push) Failing after 1m40s Details
2023-12-12 11:39:33 +01:00
Daniel Lovbrotte Olsen dd8b677a79 buskerud: bootloader - 3.3TB, OS - 256GB 👍
Eval nix flake / evals (pull_request) Failing after 1m49s Details
Eval nix flake / evals (push) Failing after 1m57s Details
2023-12-10 05:27:58 +01:00
Daniel Lovbrotte Olsen eabd8df3d8 bicep/matrix: use package with fixed pythonEnv
Eval nix flake / evals (pull_request) Failing after 1m46s Details
Eval nix flake / evals (push) Failing after 1m52s Details
2023-12-10 04:32:26 +01:00
Oystein Kristoffer Tveit 0b5e03471f
upgrade to nixpkgs 23.11
Eval nix flake / evals (push) Failing after 3h8m33s Details
Eval nix flake / evals (pull_request) Failing after 3h5m17s Details
2023-12-05 00:36:09 +01:00
Daniel Lovbrotte Olsen d8031ecca1 Merge pull request 'replace-knakelibrak-nginx-reverse-proxy' (#18) from replace-knakelibrak-nginx-reverse-proxy into main
Eval nix flake / evals (push) Successful in 4m2s Details
Reviewed-on: #18
2023-12-03 07:01:13 +01:00
Oystein Kristoffer Tveit 8ced91a285
hosts/buskerud: init
Eval nix flake / evals (push) Successful in 4m43s Details
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
2023-11-30 19:42:05 +01:00
Daniel Lovbrotte Olsen 1ef033c754
bekkalokk/ingress: proxy matrix well-known files to bicep
Eval nix flake / evals (push) Successful in 3m44s Details
Eval nix flake / evals (pull_request) Successful in 3m31s Details
2023-11-28 10:24:18 +01:00
Felix Albrigtsen d900dc1b1b
Redirect subpages like ./well-known, add @-domains 2023-11-28 10:24:18 +01:00
Oystein Kristoffer Tveit d5985e02f3
Prepare to replace knakelibrak
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
2023-11-28 10:23:02 +01:00
Daniel Lovbrotte Olsen 2c42b120a6 Merge branch 'extend_smtp'
Eval nix flake / evals (push) Successful in 3m41s Details
2023-11-28 08:39:15 +01:00
Daniel Lovbrotte Olsen 27ba3f7a7f bicep/matrix: serve server well-known
Eval nix flake / evals (push) Successful in 3m24s Details
2023-11-28 08:36:56 +01:00
Daniel Lovbrotte Olsen c1c58122ea bicep/matrix: Improve flexibility of username login
Eval nix flake / evals (push) Successful in 4m34s Details
It should be possible to log in  with @username:pvv.ntnu.no now
That way client well-known in third party clients will work

it might also fix the weird logout of session issues in element
2023-11-28 05:14:04 +01:00
Oystein Kristoffer Tveit 54a54ad0f5 Merge pull request 'Roundcube testing on bekkalokk now working.' (#14) from roundcube into main
Eval nix flake / evals (push) Successful in 11m0s Details
Reviewed-on: https://bekkalokk.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/14
2023-11-26 05:17:28 +01:00
Oystein Kristoffer Tveit 2a1e649eed bekkalokk: fix roundcube, and move to webmail2.pvv.ntnu.no/roundcube
Eval nix flake / evals (push) Successful in 16m1s Details
Eval nix flake / evals (pull_request) Successful in 21m4s Details
2023-11-26 05:05:15 +01:00
Daniel Lovbrotte Olsen d7638138ed brzeczyszczykiewicz: add bokhylle as alias for the grzegorz service
Eval nix flake / evals (push) Successful in 8m48s Details
2023-11-26 02:36:23 +01:00
Adrian Gunnar Lauterer c8d383c9ab bekkalokk-roundcube init at roundcube.pvv.ntnu.no
Eval nix flake / evals (pull_request) Successful in 10m54s Details
Eval nix flake / evals (push) Successful in 12m3s Details
2023-11-25 21:23:06 +01:00
Daniel Lovbrotte Olsen c4df999058 bob: init
Eval nix flake / evals (push) Successful in 2m46s Details
Cool beeg nix builder
for now anyways
2023-11-05 06:06:57 +01:00
Oystein Kristoffer Tveit 3caa66fb64
rename input: unstable -> nixpkgs-unstable
Eval nix flake / evals (push) Successful in 3m3s Details
2023-11-05 01:22:48 +01:00
Daniel Lovbrotte Olsen b458801f95 Revert "bekkalokk: add wackattack ctf systemd service"
Eval nix flake / evals (push) Successful in 2m49s Details
CTF is over

This reverts commit fa843c4a59.
2023-10-30 09:03:27 +01:00
Oystein Kristoffer Tveit fa843c4a59
bekkalokk: add wackattack ctf systemd service
Eval nix flake / evals (push) Successful in 4m9s Details
2023-10-26 22:10:30 +02:00
Daniel Lovbrotte Olsen e07945d49c bicep/matrix: enable sliding sync
Eval nix flake / evals (push) Successful in 2m39s Details
2023-10-22 02:33:40 +02:00
Daniel Lovbrotte Olsen 32885891fe bicep/matrix: enable smtp auth
Eval nix flake / evals (push) Successful in 2m43s Details
yolo lmao
2023-10-22 01:59:25 +02:00
Daniel Lovbrotte Olsen 9b44087693 bekkalokk/gitea: make import user script run by default
Systemd stuff are generally turned on by default but need to be wanted

Much like me
2023-10-14 22:47:56 +02:00
Daniel Lovbrotte Olsen be341622fe georg: init 2023-09-17 04:57:30 +02:00
Daniel Lovbrotte Olsen 87a7b17b49 brzeczyszczykiewicz: init 2023-09-17 04:57:30 +02:00
Oystein Kristoffer Tveit 5c529a0233 Fix gitea runners, add 2 more
The gitea runners are now activated correctly,
has support for both debian and ubuntu based systems,
and can will connect to the gitea server through the
loopback interface
2023-09-17 04:05:08 +02:00
Oystein Kristoffer Tveit bc678b5d51 Merge pull request 'Bekkalokk: Enable podman' (#11) from add-gitea-ci into main
Reviewed-on: #11
2023-09-16 22:38:23 +02:00
Amalie Erdal Mansaker ade2f6f5c9 Bekkalokk: Enable podman 2023-09-16 22:38:15 +02:00
Oystein Kristoffer Tveit 5c37b71646 Merge pull request 'Setup gitea action runner' (#10) from add-gitea-ci into main
Reviewed-on: #10
2023-09-16 22:31:22 +02:00
Amalie Erdal Mansaker 76f18b459c Setup gitea action runner 2023-09-16 22:26:44 +02:00
Oystein Kristoffer Tveit 97cd5a235f Merge pull request 'Gitea enabled actions' (#9) from add-gitea-ci into main
Reviewed-on: #9
2023-09-16 21:51:43 +02:00
Amalie Erdal Mansaker e5fac39ce8 Enabled actions 2023-09-16 21:51:13 +02:00
Daniel Lovbrotte Olsen f53c0c6eb5 bicep/synapse: Move database configuration out of secrets 2023-09-16 21:38:39 +02:00
Daniel Lovbrotte Olsen 816997b74f bicep/nginx: increase workers and enable modern compression
Should decrease latency
2023-09-13 11:01:09 +02:00
Daniel Lovbrotte Olsen 06322a26fc bicep/postgres: enable jit again, make more memory available 2023-09-13 05:22:23 +02:00
Daniel Lovbrotte Olsen a58101bfbc Remove deprecated hosts and clean up 2023-09-13 05:03:57 +02:00
Daniel Lovbrotte Olsen d3b363b028 bicep: Remove deprecated grub version option 2023-09-13 04:54:46 +02:00
Daniel Lovbrotte Olsen 4a6ea9be2d bicep/synapse: define registration secret properly 2023-09-13 04:53:56 +02:00
Daniel Lovbrotte Olsen f92ebbee16 bicep/synapse: use postgres unix socket 2023-09-13 04:16:22 +02:00
Daniel Lovbrotte Olsen 201e3d306b bicep: Revert postgres socket stuff 2023-09-13 03:58:29 +02:00
Daniel Lovbrotte Olsen 437219bb68 bicep/postgres: Enable unix socket auth 2023-09-13 00:52:27 +02:00
Felix Albrigtsen d96c30bbd5 Fix calendar-bot timer 2023-09-12 18:23:20 +02:00
Felix Albrigtsen 36b768b3b2 ( ͡° ͜ʖ ͡°) 2023-09-08 02:33:22 +02:00
Felix Albrigtsen 9f36bd86a8 Update calendar bot details 2023-09-08 02:25:23 +02:00
Felix Albrigtsen 1370ccddf8 Initialize host: shark 2023-09-08 02:11:02 +02:00
Daniel Lovbrotte Olsen cfcd230678 Merge pull request 'Fix gitea on bekkalokk' (#7) from configure-gitea into main
Reviewed-on: #7
2023-09-07 18:54:24 +02:00
Oystein Kristoffer Tveit 1afc8841a9
bekkalokk/nginx: remove commented virtualhost for mediawiki 2023-09-07 18:53:05 +02:00
Oystein Kristoffer Tveit b4b6b4971a
bekkalokk/gitea: misc changes
- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields
2023-09-07 18:53:05 +02:00
Oystein Kristoffer Tveit b52753987d
bicep: use mysql on bicep as production server 2023-09-07 18:40:13 +02:00
Felix Albrigtsen 3beb76e411 Add pvv-calendar-bot to bicep 2023-08-27 02:36:01 +02:00
Daniel Lovbrotte Olsen bfe94003c4 bicep/matrix/discord: enable legacy authorization because old mx-puppet-discord 😭 2023-08-18 00:54:06 +02:00
Oystein Kristoffer Tveit a5c83866ca bicep: setup ACME cert for postgres 2023-08-12 02:55:20 +02:00
Oystein Kristoffer Tveit 34a16149f8 ildkule: add config for prometheus_mysqld_exporter
There's a PR waiting to add this module to nixpkgs,
so we should enable this once it gets merged.
2023-07-10 00:06:27 +02:00
Oystein Kristoffer Tveit 998e66db65 bicep: enable mysql 2023-07-10 00:06:09 +02:00
Daniel Lovbrotte Olsen 699569249a ildkule: adjust matrix version annotations for nixos matrix module 2023-06-20 14:01:44 +02:00
Daniel Lovbrotte Olsen e73b7d2cd1 ildule: fix upstream dashboard variables 2023-06-20 13:46:00 +02:00
Daniel Lovbrotte Olsen ff30477e86 ildule: Update matrix dashboard from upstream 2023-06-20 13:20:42 +02:00
Felix Albrigtsen 8f55ef3193 Bekkalokk: Configure Gitea, clean web services
Update bekkalokk secrets format

Update gitea keys and firewall rules

Create gitea-user-import script

Fix SSH host key verification

Gitea-import-users bug squashification

Fix Gitea-import SSH problems
2023-06-05 19:41:25 +02:00
Daniel Lovbrotte Olsen d694724f5c bicep/synapse: Set event cache to 20K
This is double the cache from default
changed because we're seeing periodic cpu spikes
with this cache beeing the main one missing
2023-05-26 02:22:18 +02:00
Daniel Lovbrotte Olsen 68ce7acebb Revert "bicep: Emergency fix for matrix postgres auth"
This reverts commit fdbcd8c884.

This was not it
2023-05-23 05:12:46 +02:00
Daniel Lovbrotte Olsen fdbcd8c884 bicep: Emergency fix for matrix postgres auth
I think
2023-05-23 04:59:34 +02:00
Daniel Lovbrotte Olsen 815063744b bicep/postgres: Remove jit setting
The nixos build of postgres doesn't support it anyways
2023-05-23 04:57:18 +02:00
Daniel Lovbrotte Olsen dfd827ee74 Clean up jokum removal 2023-05-23 04:29:45 +02:00
Felix Albrigtsen 9ccfb6cbed Merge branch 'bekkalokk-metrics' 2023-05-21 04:04:29 +02:00
Felix Albrigtsen 1335ab1d4b Add metrics exporters to bekkalokk 2023-05-21 04:03:14 +02:00
Felix Albrigtsen 69be23712f Merge branch 'bicep-metrics' of Drift/pvv-nixos-config into main 2023-05-21 03:47:53 +02:00
Felix Albrigtsen ce58f91e16 Add metrics exporters to bicep 2023-05-21 03:47:02 +02:00
Felix Albrigtsen 8ccf9e9298 Update keys and re-enable web services 2023-05-21 02:29:14 +02:00
Felix Albrigtsen 8b70d84f41 bekkalokk: hardware-config for baremetal 2023-05-21 00:06:25 +02:00
Oystein Kristoffer Tveit cd0c8c8198
bekkalokk: continue work on mediawiki service 2023-05-19 03:03:47 +02:00
Oystein Kristoffer Tveit c11a804097
bicep: set up mysql/mariadb 2023-05-18 15:40:13 +02:00
Daniel Lovbrotte Olsen 4ff5da28c4 bicep: nginx listen on bicep ip 2023-05-08 03:38:59 +02:00
Daniel Lovbrotte Olsen ee73a964be move matrix to bicep 2023-05-08 03:38:59 +02:00
Oystein Kristoffer Tveit dcbe6871da
bekkalokk: setup keycloak 2023-05-07 00:34:42 +02:00
Oystein Kristoffer Tveit 0e75e0a5b9
bicep: add backup service 2023-05-06 19:07:10 +02:00
Daniel Lovbrotte Olsen f77a5e946f bicep: mount /data 2023-04-08 05:23:01 +02:00
Daniel Lovbrotte Olsen bac67ee123 bicep: don't wait for all interfaces and especially not jokums 2023-04-07 04:53:36 +02:00
Daniel Olsen 38e3202c9e Move more of jokum
slightly less stupid this time
2023-03-26 14:44:58 +02:00
Daniel Lovbrotte Olsen 7620fb3dee move jokum to nixos bicep 2023-03-26 06:36:04 +02:00
Oystein Kristoffer Tveit dfe8b8b44c
bicep: added postgres settings 2023-03-26 01:50:00 +01:00
Oystein Kristoffer Tveit 169f774e81
bicep dead, but maybe soon bicep alive 2023-03-26 01:09:44 +01:00
Felix Albrigtsen 2568800794 Add andresbu to node-exporter targets 2023-03-12 00:41:36 +01:00
Daniel Lovbrotte Olsen d9c19385fa synapse: cache more event_auth 2023-03-08 03:18:57 +01:00
Daniel Lovbrotte Olsen 70f4777696 fix synapse dashboard 2023-03-04 05:11:40 +01:00
Daniel Lovbrotte Olsen db69d28b42 Revert "metrics: Fix Synapse dashboard"
This reverts commit beb8df8fc7.
2023-03-04 03:14:54 +01:00
Daniel Lovbrotte Olsen 8f23d7ba06 jokum: don't use host resolv.conf 2023-03-04 03:04:32 +01:00
Daniel Lovbrotte Olsen 3252a3b5d1 turn on jokum 2023-03-04 02:03:37 +01:00
Daniel Lovbrotte Olsen 8e819b5546 fix ip for bekkalokk 2023-03-04 00:57:28 +01:00
Daniel Lovbrotte Olsen 6cf831a347 switch to networkd 2023-03-04 00:44:30 +01:00
Daniel Lovbrotte Olsen af955c88f8 jokum: move to systemd-nspawn container on bicep 2023-02-26 19:23:00 +01:00
Daniel Lovbrotte Olsen eed3c9b05f matrix: Point mjolnir directly at synapse so it can use the admin api 2023-02-13 03:42:52 +01:00
Daniel Lovbrotte Olsen 7a9759ef71 matrix: Add mjolnir as a moderation bot 2023-02-13 02:34:11 +01:00
Daniel Lovbrotte Olsen 4684cd239a matrix: enable shared secret registration 2023-02-13 00:58:15 +01:00
Daniel Lovbrotte Olsen c0c0dea069 tune worker distribution post fosdem and turning off prescence 2023-02-06 02:11:07 +01:00
Daniel Lovbrotte Olsen 9c18a87866 element: disable presence if disabled in synapse 2023-02-02 18:51:47 +01:00
Daniel Lovbrotte Olsen 73aa42a5f5 synapse: Disable presence
For now at least until we move to a stronger
machine.

Most large servers don't have this enabled.
2023-02-02 18:39:08 +01:00
Daniel Lovbrotte Olsen eade192132 synapse: bump federation receiver count to 3 2023-02-02 00:35:26 +01:00
Daniel Lovbrotte Olsen beb8df8fc7 metrics: Fix Synapse dashboard
Some of the panels were set to the wrong
datasource

Additionally since we don't do MAU limits,
I moved the relevant MAU panel to Overview
2023-02-01 22:54:54 +01:00
Daniel Lovbrotte Olsen 1a424c79fe synapse: track monthly active users 2023-02-01 19:42:49 +01:00
Oystein Kristoffer Tveit 796155481f
Add host `bekkalokk`
`bekkalokk` is a new machine, meant to host web services and eventually
miscellaneous services.
2023-01-29 01:51:35 +01:00
Oystein Kristoffer Tveit efc8eb7ffc
ildkule: add postgres exporter for knakelibrak 2023-01-26 02:16:52 +01:00
Felix Albrigtsen 84b57bb4db Provision go dashboard for gogs 2023-01-23 14:48:26 +01:00
Felix Albrigtsen b4e74a3959 Add node and gogs metrics collection to prometheus 2023-01-23 13:12:46 +01:00
Oystein Kristoffer Tveit a78f120a65
explicitly state nginx listen addresses 2023-01-22 17:46:48 +01:00
Oystein Kristoffer Tveit 3880190577
ildkule: add postgres dashboard to grafana 2023-01-22 02:28:19 +01:00
Oystein Kristoffer Tveit 171fea39bc
ildkule: switch grafana db from sqlite to postgres 2023-01-22 02:18:21 +01:00
Oystein Kristoffer Tveit 2bc5d7d91e
ildkule: set up postgres metrics exporter 2023-01-22 00:47:22 +01:00
Oystein Kristoffer Tveit a7408b8800
ildkule: restructure prometheus config 2023-01-21 20:08:36 +01:00
Oystein Kristoffer Tveit ad75cb0c88
Restructure values file to separate hosts from services 2023-01-21 19:54:20 +01:00
Daniel Lovbrotte Olsen 94fc936251 ildkule: use ip addressess from values.nix 2023-01-21 11:45:05 +01:00
Felix Albrigtsen ecfde9f56a Update ildkule IPv6-address 2023-01-20 11:40:42 +01:00
Daniel Lovbrotte Olsen 1a0880086a metrics: use matrix-lib to simplify generation of prometheus scrape config 2023-01-20 08:24:02 +01:00
Daniel Lovbrotte Olsen efed13c810 Revert "metrics: stop parsing prometheus labels from url"
This reverts commit 1524b6b10c.

Prometheus doesn't allow scraping from uris only socketAddresses
The relabeling is to change the internal labels to trick it to read
from a url
2023-01-20 05:04:16 +01:00
Oystein Kristoffer Tveit 1524b6b10c
metrics: stop parsing prometheus labels from url 2023-01-20 01:15:45 +01:00
Daniel Lovbrotte Olsen 90e924c083 synapse: also generate metric config for the master node 2023-01-18 04:04:42 +01:00
Oystein Kristoffer Tveit c8d26e3c81
synapse: generate metric endpoints automatically 2023-01-18 02:55:05 +01:00
Daniel Lovbrotte Olsen 1330c9575f metrics/dashboards/synapse: update default timeframe 2023-01-17 18:57:32 +01:00
Daniel Lovbrotte Olsen 4a82d22a56 Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main 2023-01-17 18:50:41 +01:00
Daniel Lovbrotte Olsen 64d0253aa0 I dont think the nginx config verifier has caught a single configuration error ever 2023-01-17 18:47:08 +01:00
Daniel Lovbrotte Olsen 1ea40456a5 add ipv6 to allowed ip addresses for metrics exporters 2023-01-17 18:23:42 +01:00
Daniel Lovbrotte Olsen 524bbdb78b ildkule/dashboard/synapse: Make zooming out on the cpu graph aggregate max cpu instead of avg 2023-01-17 17:37:44 +01:00
Daniel Lovbrotte Olsen 5b798b2f1d jokum: enable metric exporters 2023-01-17 17:28:47 +01:00
Daniel Lovbrotte Olsen 96b6dee404 Add firewalling to metric exporters 2023-01-17 17:28:11 +01:00
Daniel Lovbrotte Olsen e4cb215d39 Simplify networking configs
Introduces values.nix, a place to store information relevant across systems
2023-01-17 17:28:11 +01:00
Felix Albrigtsen e679c7d27a Add bicep and hildring to monitoring 2023-01-17 13:47:48 +01:00
Felix Albrigtsen 084313e01d Add ildkule to prometheus targets 2023-01-14 22:45:01 +01:00
Felix Albrigtsen 40c67c6153 Removed motd extras 2022-12-20 23:15:52 +01:00
Felix Albrigtsen f6cc25cdaf Add synapse monitoring with prometheus 2022-12-20 23:11:46 +01:00
Felix Albrigtsen a45a08db57 Cleanup ildkule configs 2022-12-20 23:11:46 +01:00
Felix Albrigtsen fcdce57a3d SSL and loki network config 2022-12-20 18:11:32 +01:00
Felix Albrigtsen c0b5932432 Improve grafana config, enable boltdb-shipper 2022-12-20 18:11:32 +01:00
Felix Albrigtsen ed46e9af61 Add a default dashboard 2022-12-20 18:11:32 +01:00
Felix Albrigtsen a2f71ba120 ildkule-grafana upgrades 2022-12-20 18:11:32 +01:00
Felix Albrigtsen 2236863f09 Add a new metrics stack 2022-12-20 18:11:32 +01:00
Felix Albrigtsen 1de68ee0e2 ildkule: hardware-configuration.nix 2022-12-20 18:11:28 +01:00
Felix Albrigtsen 1429a1b51b Simplify nginx on ildkule 2022-12-20 18:06:49 +01:00
Felix Albrigtsen 6b1f0eb090 Add host ildkule 2022-12-17 21:51:43 +01:00
Daniel Lovbrotte Olsen 44f2b6d8d8 fed-sender2 metrics 2022-12-14 10:26:28 +01:00
Daniel Lovbrotte Olsen 154e12e609 add another federation sender as one is being maxed out 2022-12-14 10:25:29 +01:00
Daniel Lovbrotte Olsen 8a3219e8d1 user directory worker 2022-12-14 10:15:37 +01:00
Daniel Lovbrotte Olsen 911ce4057a event-persist metrics 2022-12-14 09:19:13 +01:00
Daniel Lovbrotte Olsen 72eab1d2aa add an event persister worker 2022-12-14 09:16:43 +01:00
Daniel Lovbrotte Olsen ea4fe98055 point discord bridge at the public url again
It was fetching avatars from 127.0.0.1
2022-12-12 16:05:50 +01:00
Daniel Lovbrotte Olsen 8c6b73129b move services to be host specific 2022-12-12 15:54:47 +01:00
Daniel Lovbrotte Olsen 121dcd8ab2 Initialize flake 2022-12-07 22:13:28 +01:00
System administrator cfed55f61a Merge remote-tracking branch 'origin/main' 2022-12-07 10:31:41 +01:00
Daniel Lovbrotte Olsen 4a9efb0d5c Finally comitting matrix-configuration now that we have secret-management 2022-12-07 10:16:15 +01:00